-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Suresh" == Suresh Ramasubramanian <[EMAIL PROTECTED]> writes:
Suresh> Raj Mathur <[EMAIL PROTECTED]> wrote:
>> [Please upgrade PHP on all distributions -- Raju]
Suresh> just the antique php3 or all phps (4 and 5)?
All of them, as per the CVE entry
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525):
- ---
The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10
and 5.0.3, as reachable by the getimagesize PHP function, allows
remote attackers to cause a denial of service (infinite loop) via a
JPEG image with an invalid marker value, which causes a negative
length value to be passed to php_stream_seek.
- ---
The advisory I posted indicates that the bug may affect PHP3 too,
which is not mentioned in the CVE entry.
Regards,
- -- Raju
- --
Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/
GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
It is the mind that moves
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD8DBQFCYH7YyWjQ78xo0X8RAgCBAKCX9ZMJoM+T4gRLai3j8HaO1hLQJQCgilXt
nskGmjr1U8Qhptiv5bdzIwE=
=TRf7
-----END PGP SIGNATURE-----
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
linux-india-help mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
