Sorry, my listing of cURL exploit is not quite accurate, here's an updated
version with that and some other fixes (let that be a lesson for you, not to
post hastefully and in anger ;-)
Impact:
Fixed possible stack buffer overflow in FastCGI SAPI
Impact:Potential DOS and remote code execution if using FastCGI
Updated PCRE to deal with issues fixed in USN-581-1
Impact:Potential DOS and remote code execution
Fixes CVE-2008-0599
Impact:Potential DOS and remote code execution
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
Impact: Potential overwriting or stealing files on the server if cURL is in
use
Properly address incomplete multibyte chars inside escapeshellcmd()
Impact: Bypassing character based filtering, leading to potentially
remotely running arbitrary commands on the shell
--
Please roll out security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Backports Testing Team, which is subscribed to Hardy Backports.
--
ubuntu-backports mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
