Re: [Forward: CERT Advisory CA-2002-21 Vulnerability in PHP]

[Daniel Sloan <daniel.sloan@vu.edu.au>]

As stated in the Appendix A of the full advisory, Debian stable and 
testing are not vulnerable.
This is because they are still using PHP 4.1.x (the exploit only affects 
PHP 4.2.0 and 4.2.1).

Debian unstable (i.e. sid) is vulnerable, as it uses PHP 4.2.1, and from 
what I can see as of this
posting, it hasn't been updated to 4.2.2 yet.  I assume a package will 
be forthcoming very soon
though :-)


Alvise Belotti wrote:

> Does anyone know if this affects Debian Woody (php4
> 4.1.2-4) too?
> Tnx
> ----- Forwarded message from CERT Advisory <cert-advisory@cert.org> -----
>
> Date: Mon, 22 Jul 2002 19:09:01 -0400 (EDT)
> From: CERT Advisory <cert-advisory@cert.org>
> To: cert-advisory@cert.org
> Organization: CERT(R) Coordination Center - +1 412-268-7090
> Subject: CERT Advisory CA-2002-21 Vulnerability in PHP
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> CERT Advisory CA-2002-21 Vulnerability in PHP
>
>   Original release date: July 22, 2002
>   Last revised: --
>   Source: CERT/CC
>
>   A complete revision history can be found at the end of this file.
>
> Systems Affected
>
>     * Systems running PHP versions 4.2.0 or 4.2.1
>
> Overview
>
>   A  vulnerability  has been discovered in PHP. This vulnerability could
>   be  used  by  a remote attacker to execute arbitrary code or crash PHP
>   and/or the web server.
> [...cut...]
> ----- End forwarded message -----
>  
>
> Alvise Belotti,
>  



--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org