Php: Moderate Security Update

Users of Php please be advised of a Moderate security update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

RHSA-2010:0919-01: [RHSA-2010:0919-01] Moderate: php security update
Product: Red Hat Enterprise Linux
Synopsis: Moderate: php security update
Description:

PHP is an HTML-embedded scripting language commonly used with the Apache

HTTP Server.

An input validation flaw was discovered in the PHP session serializer. If a

PHP script generated session variable names from untrusted user input, a

remote attacker could use this flaw to inject an arbitrary variable into

the PHP session. (CVE-2010-3065)

An information leak flaw was discovered in the PHP var_export() function

implementation. If some fatal error occurred during the execution of this

function (such as the exhaustion of memory or script execution time limit),

part of the function’s output was sent to the user as script output,

possibly leading to the disclosure of sensitive information.

(CVE-2010-2531)

Read more at http://www.criticalwatch.com

 

Advertisements