Debian 2.2: PHP4 Security Update to Address Remote Exploit Threats
debian
October 15, 2000
In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code.
Topics Covered
Summary
[Updated version: corrected URLs]
In versions of the PHP 4 packages before version 4.0.3, several format
string bugs could allow properly crafted requests to execute code as the
user running PHP scripts on the web server.
This problem is fixed in versions 4.0.3-0potato1 for Debian 2.2 (potato) and
4.0.3-1 for Debian Unstable (woody). This is a bug fix release and we
recommend
all users of php4 upgrade to it; potato users should note that this is an
upgrade from 4.0b3, but no incompatibilities are expected.
Debian GNU/Linux 2.1 alias slink
Slink does not contain any php4 packages, and is therefore not affected.
Debian GNU/Linux 2.2 (stable) alias potato
Fixes are currently available for the Alpha, Intel ia32, Motorola 680x0,
PowerPC and Sun SPARC architectures, and will be included in 2.2r1.
Source archives:
MD5 checksum: a4a9ce00f9b85966521fccf91c20b1fe
MD5 checksum: 26e0cc7624981b4872e104b62151c4b1
MD5 checksum: e80223ed44a445bbf202cd9a41a8fbbb
Architectu...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!