[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Heads up: PHP exploit



I can build patched rpm's if anyone needs them, let me know what
versions you need and I will build them. I have patched my own rpm but
it's a mod_php4 rpm which might not suit everyone.

Chris





On Wed, 2002-02-27 at 18:55, David Talkington wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> I don't normally trouble the list with security announcements, but 
> this one hasn't even hit Bugtraq yet.  I got wind of it via 
> departmental mail from someone who follows the snort-sigs list.
> 
> There is a PHP problem afoot which affects POST operations in all 
> versions of PHP prior to 4.1.2.  Go here for details:
> 
> http://security.e-matters.de/advisories/012002.html
> 
> And here for the fix:
> 
> http://www.php.net
> 
> I've already patched my production boxes, but there's no help yet for 
> rpm'ers, far as I know.  'file_uploads = Off' in php.ini, if you can't 
> upgrade.
> 
> Hope this helps someone. -d
> 
> - -- 
> David Talkington
> 
> PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp
> - --
> http://setiathome.ssl.berkeley.edu/pale_blue_dot.html
> 
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8
> Comment: Made with pgp4pine 1.75-6
> 
> iQA/AwUBPH1jzL9BpdPKTBGtEQKPwwCg9b/HFq0tUpWkfeGhBuADBAoCmO8AoOWB
> ft9p2JrQyKtGshUArpbLvYoc
> =smE5
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> _______________________________________________
> Redhat-list mailing list
> Redhat-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-list
-- 
Chris Mason
Box 340, The Valley, Anguilla
Tel: 264-497-5670
Fax: 264-497-8463
masonc masonc com
Yahoo ID: netconcepts_anguilla or chris_mason_laptop
ICQ: 118159388





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]