[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: php 5.3.1 update
From:       security curmudgeon <jericho () attrition ! org>
Date:       2009-11-22 5:27:54
Message-ID: Pine.LNX.4.64.0911220526140.27016 () forced ! attrition ! org
[Download RAW message or body]


On Fri, 20 Nov 2009, Thomas Biege wrote:

> PHP was updated to version 5.3.1 and did also address security
> issues: http://www.php.net/releases/5_3_1.php
> 
> Security Enhancements and Fixes in PHP 5.3.1:
> 
> * Added "max_file_uploads" INI directive, which can be set to limit the number of file \
> uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
> * Added missing sanity checks around exif processing.

This was previously disclosed and fixed in the 5.2.x tree. I believe this 
is the same as CVE-2009-3292.

> * Fixed a safe_mode bypass in tempnam().
> * Fixed a open_basedir bypass in posix_mkfifo().
> * Fixed bug #50063 (safe_mode_include_dir fails).
> * Fixed bug #44683 (popen crashes when an invalid mode is passed).

Also not flagged as 'security' up top, but from the changelog:

Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars 
restrictions). (Ilia)

Brian


[prev in list] [next in list] [prev in thread] [next in thread]