---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Mandriva update for php SECUNIA ADVISORY ID: SA22424 VERIFY ADVISORY: http://secunia.com/advisories/22424/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system OPERATING SYSTEM: Mandriva Linux 2006 http://secunia.com/product/9020/ Mandriva Linux 2007 http://secunia.com/product/12165/ DESCRIPTION: Mandriva has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA22235 SA22282 SOLUTION: Apply updated packages. Additionally the vendor recommends to disable the "symlink()" function when using the "open_basedir" feature. Mandriva Linux 2006 7b9ad6634f3b5307025b87ad98561bd4 2006.0/i586/libphp5_common5-5.0.4-9.16.20060mdk.i586.rpm 0d8236ff100de2f5302823d5ba5b2352 2006.0/i586/php-cgi-5.0.4-9.16.20060mdk.i586.rpm 2a571c3bce931c414c23cf60a7adf794 2006.0/i586/php-cli-5.0.4-9.16.20060mdk.i586.rpm 1b5cc543c1274843eaa00e72d9ee0862 2006.0/i586/php-devel-5.0.4-9.16.20060mdk.i586.rpm 7c1c90f460b51eb7675f9fa297e49db6 2006.0/i586/php-fcgi-5.0.4-9.16.20060mdk.i586.rpm 017578a23304ae4f57d24de3d3f15cd8 2006.0/SRPMS/php-5.0.4-9.16.20060mdk.src.rpm Mandriva Linux 2006/X86_64 2a059bc5330467dbeba77ea79b647874 2006.0/x86_64/lib64php5_common5-5.0.4-9.16.20060mdk.x86_64.rpm 3a59479574575a357e841abfbce8b143 2006.0/x86_64/php-cgi-5.0.4-9.16.20060mdk.x86_64.rpm 75e164fa3b7be5cd31d89c14e97abc7c 2006.0/x86_64/php-cli-5.0.4-9.16.20060mdk.x86_64.rpm 247d30753dfd7905dd551acddfe9ec38 2006.0/x86_64/php-devel-5.0.4-9.16.20060mdk.x86_64.rpm 30c793f9c493c8f75d554b9831adcc41 2006.0/x86_64/php-fcgi-5.0.4-9.16.20060mdk.x86_64.rpm 017578a23304ae4f57d24de3d3f15cd8 2006.0/SRPMS/php-5.0.4-9.16.20060mdk.src.rpm Mandriva Linux 2007 6fe8562e783fc7ba1ffe6004747f6ea1 2007.0/i586/libphp5_common5-5.1.6-1.2mdv2007.0.i586.rpm 9535734bceebf3f5866d88df9ce13416 2007.0/i586/php-cgi-5.1.6-1.2mdv2007.0.i586.rpm 9c205cc11ea4bd566528cf484da6a799 2007.0/i586/php-cli-5.1.6-1.2mdv2007.0.i586.rpm ea9d3720bab8912cedb03ba031448f02 2007.0/i586/php-devel-5.1.6-1.2mdv2007.0.i586.rpm dbfdb03f5d8959305a74bee6d01f87bb 2007.0/i586/php-fcgi-5.1.6-1.2mdv2007.0.i586.rpm 7576b12cb3591dbc2ccda6a364ad78a0 2007.0/SRPMS/php-5.1.6-1.2mdv2007.0.src.rpm Mandriva Linux 2007/X86_64 1d5b9358b862e3d5a329d9e8dfdca7d6 2007.0/x86_64/lib64php5_common5-5.1.6-1.2mdv2007.0.x86_64.rpm e761594b551c9416d3c525acd3404ec9 2007.0/x86_64/php-cgi-5.1.6-1.2mdv2007.0.x86_64.rpm e33c203f34d05200eae7e807eb55db06 2007.0/x86_64/php-cli-5.1.6-1.2mdv2007.0.x86_64.rpm 8ff2c627456c5be71a49fe9713d7a04b 2007.0/x86_64/php-devel-5.1.6-1.2mdv2007.0.x86_64.rpm 251c46935c1137cec958766aef5940ee 2007.0/x86_64/php-fcgi-5.1.6-1.2mdv2007.0.x86_64.rpm 7576b12cb3591dbc2ccda6a364ad78a0 2007.0/SRPMS/php-5.1.6-1.2mdv2007.0.src.rpm ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKSA-2006:185 OTHER REFERENCES: SA22235: http://secunia.com/advisories/22235/ SA22282: http://secunia.com/advisories/22282/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------