Re: CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload

To: Jeff <jaa.debian@aquabolt.com>
Cc: debian-security@lists.debian.org
Subject: Re: CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload
From: Petro <petro@auctionwatch.com>
Date: Thu, 28 Feb 2002 11:12:24 -0800
Message-id: <[🔎] 20020228191224.GA25236@auctionwatch.com>
In-reply-to: <[🔎] 001501c1c033$35043da0$3264a8c0@kursa>
References: <[🔎] 001501c1c033$35043da0$3264a8c0@kursa>

On Thu, Feb 28, 2002 at 08:37:45AM -0000, Jeff wrote:
> I received this CERT Advisory about 6 hours ago, regarding PHP. 
> The php website confirms the details: www.php.net
> I think this is going to be a problem for us, due to the way
> the Debian packaging works - 
> I guess that the immediate solution in this case is for us to
> try to get the unstable Apache 1.3.23 package + an updated
> PHP4 4.2.1 package + MySQL, SSL etc to work. mmmm - aint
> going to be quick to test this and roll it out into production, 
> and in the mean time, we have production servers running
> a PHP4 that has a now widely known security issue. Oh - and 
> yes, we could go out of business and not accept data, but
> methinks my tenure would be somewhat shortened if I propose
> that at our emergency security meeting in an hours time!
> Help?

    Grab the php4.05 source package, patch and rebuild the package, then 
    distribute.

-- 
Share and Enjoy.

Reply to:

References:
- CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload
  - From: "Jeff" <jaa.debian@aquabolt.com>

Prev by Date: Re: CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload
Next by Date: Security implications of chpasswd.
Previous by thread: Re: CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload
Next by thread: Netsaint
Index(es):
- Date
- Thread