---

Security Digest: February 7, 2005

Debian GNU/Linux


Debian Security Advisory DSA 669-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
February 7th, 2005 http://www.debian.org/security/faq


Package : php3
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE IDs : CAN-2004-0594 CAN-2004-0595

Two vulnerabilities have been discovered in php4 which also
apply to the version of php3 in the stable Debian distribution. The
Common Vulnerabilities and Exposures project identifies the
following problems:

CAN-2004-0594

The memory_limit functionality allows remote attackers to
execute arbitrary code under certain circumstances.

CAN-2004-0595

The strip_tags function does not filter null (

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis