Re: [Forward: CERT Advisory CA-2002-21 Vulnerability in PHP]
As stated in the Appendix A of the full advisory, Debian stable and
testing are not vulnerable.
This is because they are still using PHP 4.1.x (the exploit only affects
PHP 4.2.0 and 4.2.1).
Debian unstable (i.e. sid) is vulnerable, as it uses PHP 4.2.1, and from
what I can see as of this
posting, it hasn't been updated to 4.2.2 yet. I assume a package will
be forthcoming very soon
Alvise Belotti wrote:
Does anyone know if this affects Debian Woody (php4
----- Forwarded message from CERT Advisory <email@example.com> -----
Date: Mon, 22 Jul 2002 19:09:01 -0400 (EDT)
From: CERT Advisory <firstname.lastname@example.org>
Organization: CERT(R) Coordination Center - +1 412-268-7090
Subject: CERT Advisory CA-2002-21 Vulnerability in PHP
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2002-21 Vulnerability in PHP
Original release date: July 22, 2002
Last revised: --
A complete revision history can be found at the end of this file.
* Systems running PHP versions 4.2.0 or 4.2.1
A vulnerability has been discovered in PHP. This vulnerability could
be used by a remote attacker to execute arbitrary code or crash PHP
and/or the web server.
----- End forwarded message -----
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org