[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Heads up: PHP exploit
- From: "Ed Wilts" <ewilts ewilts org>
- To: <redhat-list redhat com>
- Subject: Re: Heads up: PHP exploit
- Date: Wed Feb 27 19:17:01 2002
The fix shows patches for releases other than what Red Hat currently
supports for 7.1 which is 4.0.4p11-9. Whether or not this release is
vulnerable I guess needs to be verified, and if the current release has a
security fix, I expect that Red Hat will ship an update soon. Keep your
eyes open and up2date ready.
Thanks for the heads-up!
.../Ed
Ed Wilts
Mounds View, MN, USA
mailto:ewilts ewilts org
----- Original Message -----
From: "David Talkington" <dtalk prairienet org>
To: <apache moongroup com>; <redhat-list redhat com>
Sent: Wednesday, February 27, 2002 4:55 PM
Subject: Heads up: PHP exploit
> I don't normally trouble the list with security announcements, but
> this one hasn't even hit Bugtraq yet. I got wind of it via
> departmental mail from someone who follows the snort-sigs list.
>
> There is a PHP problem afoot which affects POST operations in all
> versions of PHP prior to 4.1.2. Go here for details:
>
> http://security.e-matters.de/advisories/012002.html
>
> And here for the fix:
>
> http://www.php.net
>
> I've already patched my production boxes, but there's no help yet for
> rpm'ers, far as I know. 'file_uploads = Off' in php.ini, if you can't
> upgrade.
>
> Hope this helps someone. -d
>
> - --
> David Talkington
>
> PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp
> - --
> http://setiathome.ssl.berkeley.edu/pale_blue_dot.html
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]