From e5a746babbe899148a08edb4a162199d77b0f1ba Mon Sep 17 00:00:00 2001 From: ale Date: Thu, 4 Sep 2008 14:00:12 +0000 Subject: Update for php5 safe_mode fix. --- security/vuxml/vuln.xml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3090a73d1704..0539e721b6f4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -785,21 +785,21 @@ Note: Please add new entries to the beginning of this file. - php -- input validation error in posix_access function + php -- input validation error in safe_mode - php5-posix - 5.0 + php5 + 5.2.6_2

According to Maksymilian Arciemowicz research, it is possible to bypass security restrictions - of safe_mode in posix_access() - function via directory traversal vulnerability. The attacker + of safe_mode in various + functions via directory traversal vulnerability. The attacker can use this attack to gain access to sensitive - information. Other functions utilizing + information. Functions utilizing expand_filepath() may be affected.

It should be noted that this vulnerability is not considered to be serious by the FreeBSD Security Team, @@ -809,13 +809,14 @@ Note: Please add new entries to the beginning of this file. CVE-2008-2665 + CVE-2008-2666 29797 http://securityreason.com/achievement_securityalert/54 2008-06-17 2008-06-22 - 2008-06-22 + 2008-09-04 -- cgit