Do you have Esser's site link reference about this? Il giorno 03/feb/2012 09:16, "Thijs Kinkhorst" <[email protected]> ha scritto:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2403-1 [email protected] > http://www.debian.org/security/ Thijs Kinkhorst > February 02, 2012 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : php5 > Vulnerability : code injection > Problem type : remote > Debian-specific: no > CVE ID : CVE-2012-0830 > > Stefan Esser discovered that the implementation of the max_input_vars > configuration variable in a recent PHP security update was flawed such > that it allows remote attackers to crash PHP or potentially execute > code. > > For the oldstable distribution (lenny), no fix is available at this time. > > For the stable distribution (squeeze), this problem has been fixed in > version 5.3.3-7+squeeze7. > > The testing distribution (wheezy) and unstable distribution (sid) > will be fixed soon. > > We recommend that you upgrade your php5 packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEcBAEBAgAGBQJPKv//AAoJEOxfUAG2iX57gpEIANgTI7dZgT2Pdf7ajBy3fFVX > uGSwFoGe9lFVpF2i3tlvB/riN1wlvn6Q13lLjR257DQk0lwi0vwJWFmfITG6CGMS > ARNVdHVBMAZpoyiAsQDdYid7FPJQONxGaubEO9MMGgnBYkMtea7jXtJqrkTCcvvg > 4qccjxnd5VhQ6d2prPqbqjvouC7E3oxLPtw0quc6tzXjVvP0cAD0dICtJHZpgzNb > IjyEWpds5GV+hvPoqa57lqC0BjeUrFQCKJvbwWOAPJvSfE4jn0KE3+LwwS+znSs4 > VvHjsASRw7h0e8vhlrph8dWFeD9Qc8sNInMaf8PvS7CkGrJ7xenEnWnbkUNzXc8= > =2Af1 > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
