[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Forward: CERT Advisory CA-2002-21 Vulnerability in PHP]

As stated in the Appendix A of the full advisory, Debian stable and testing are not vulnerable. This is because they are still using PHP 4.1.x (the exploit only affects PHP 4.2.0 and 4.2.1).

Debian unstable (i.e. sid) is vulnerable, as it uses PHP 4.2.1, and from what I can see as of this posting, it hasn't been updated to 4.2.2 yet. I assume a package will be forthcoming very soon
though :-)

Alvise Belotti wrote:

Does anyone know if this affects Debian Woody (php4
4.1.2-4) too?
----- Forwarded message from CERT Advisory <cert-advisory@cert.org> -----

Date: Mon, 22 Jul 2002 19:09:01 -0400 (EDT)
From: CERT Advisory <cert-advisory@cert.org>
To: cert-advisory@cert.org
Organization: CERT(R) Coordination Center - +1 412-268-7090
Subject: CERT Advisory CA-2002-21 Vulnerability in PHP


CERT Advisory CA-2002-21 Vulnerability in PHP

  Original release date: July 22, 2002
  Last revised: --
  Source: CERT/CC

  A complete revision history can be found at the end of this file.

Systems Affected

    * Systems running PHP versions 4.2.0 or 4.2.1


  A  vulnerability  has been discovered in PHP. This vulnerability could
  be  used  by  a remote attacker to execute arbitrary code or crash PHP
  and/or the web server.
----- End forwarded message -----
Alvise Belotti,

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: