Re: php vulnerability

To: debian-devel@lists.debian.org
Subject: Re: php vulnerability
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Sat, 02 Mar 2002 10:08:19 +0100
Message-id: <[🔎] 87pu2nmj5o.fsf@CERT.Uni-Stuttgart.DE>
In-reply-to: <[🔎] E16groj-0005wS-00@rai21.informatik.uni-stuttgart.de> (Rainer Dorsch's message of "Fri, 01 Mar 2002 19:31:41 +0100")
References: <[🔎] E16groj-0005wS-00@rai21.informatik.uni-stuttgart.de>

Rainer Dorsch <rainer.dorsch@informatik.uni-stuttgart.de> writes:

> Hello,
>
> thanks for the quick reply.
>
> They give a workaround at the web page:
>
> http://CERT.Uni-Stuttgart.DE/ticker/article.php?mid=718
>
> That is what I have in place right now.

You should tell your computer security people, too. ;-)

Debian/unstable now has got PHP 4.1.2 (which fixes the problem
upstream), and a DSA for Debian/timetravel has been released, too.  If
you install the packages for potato, you should send us a short
notice, otherwise we might block TCP port 80 traffic to your servers
even if they aren't vulnerable (because we look only at the version
number for determining potentially vulnerable servers).

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Reply to:

References:
- Re: php vulnerability
  - From: Rainer Dorsch <rainer.dorsch@informatik.uni-stuttgart.de>

Prev by Date: Re: ITP: autorun (automount daemon for e.g. cdrom devices)
Next by Date: Re: Package splitting and upgrades
Previous by thread: Re: php vulnerability
Next by thread: Re: php vulnerability
Index(es):
- Date
- Thread