rPSA-2006-0205-1 php php-mysql php-pgsql
rPath Update Announcements
announce-noreply at rpath.com
Thu Nov 9 16:52:27 EST 2006
rPath Security Advisory: 2006-0205-1
Published: 2006-11-09
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote System User Deterministic Unauthorized Access
Updated Versions:
php=/conary.rpath.com at rpl:devel//1/4.3.11-15.8-1
php-mysql=/conary.rpath.com at rpl:devel//1/4.3.11-15.8-1
php-pgsql=/conary.rpath.com at rpl:devel//1/4.3.11-15.8-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
http://issues.rpath.com/browse/RPL-761
Description:
Previous versions of the php package contain flaws that create
remote unauthorized access vulnerabilities in many php programs.
The flaws are in the htmlentities and htmlspecialchars functions.
More information about the update-announce
mailing list