Gentoo: mod_php buffer overflow vulnerability
Summary
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-8 - -------------------------------------------------------------------- DATE : 2003-01-13 15:01 UTC
- --------------------------------------------------------------------
From advisory:
"If you use the wordwrap() function on user-supplied input, a specially-crafted input can overflow the allocated buffer and overwrite the heap. Exploit looks very difficult, but still theoretically possible."
Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraq&m=104102689503192&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running dev-php/php-4.2.3 and/or dev-php/mod_php-4.2.3 or earlier update their systems as follows:
emerge rsync emerge php
and/or
emerge mod_php
finish with:
emerge clean
- -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at rphillips@gentoo.org - --------------------------------------------------------------------