|
Posted by Benjamin D. Thomas
|
This update fixes handling of NUL characters in certificate Common Name or
subjectAltName fields especially in regards to comparsion to hostnames. |
|
Read more...
|
|
|
Posted by Benjamin D. Thomas
|
|
Update to 1.6.0.15 to fix many bugs... |
|
Read more...
|
|
|
Posted by Benjamin D. Thomas
|
Multiple vulnerabilities was discovered and corrected in php:
The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).
Unspecified vulnerability in PHP before 5.2.11 has unknown impact
and attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)
Unspecified vulnerability in the imagecolortransparent function in
PHP before 5.2.11 has unknown impact and attack vectors related to an
incorrect sanity check for the color index. (CVE-2009-3293). However
in Mandriva we don't use the bundled libgd source in php per default,
there is a unsupported package in contrib named php-gd-bundled that
eventually will get updated to pickup these fixes.
This update provides a solution to these vulnerabilities. |
|
Read more...
|
|
|
Posted by Benjamin D. Thomas
|
|
Multiple vulnerabilities was discovered and corrected in php:
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
attackers to cause a denial of service (file truncation) via a key with
the NULL byte. NOTE: this might only be a vulnerability in limited
circumstances in which the attacker can modify or add database entries
but does not have permissions to truncate the file (CVE-2008-7068).
The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).
Unspecified vulnerability in PHP before 5.2.11 has unknown impact
and attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)
Unspecified vulnerability in the imagecolortransparent function in
PHP before 5.2.11 has unknown impact and attack vectors related to an
incorrect sanity check for the color index. (CVE-2009-3293). However
in Mandriva we don't use the bundled libgd source in php per default,
there is a unsupported package in contrib named php-gd-bundled that
eventually will get updated to pickup these fixes.
This update provides a solution to these vulnerabilities. |
|
Read more...
|
|
|
Source: The Register - Posted by Anthony Pell
|
The quality and security levels of open source code are continuing to improve, according to the latest annual audit by code analysis tools vendor Coverity. |
|
Read more...
|
|
|
|
<< Start < Prev 766 767 768 Next > End >>
|
| Results 6901 - 6909 of 32531 |
