Package : php4 Vulnerability : cross-site scripting Problem-Type : remote Debian-specific: no CVE Id : CAN-2003-0442
The transparent session ID feature in the php4 package does not properly escape user-supplied input before inserting it into the generated HTML page. An attacker could use this vulnerability to execute embedded scripts within the context of the generated page.
For the stable distribution (woody) this problem has been fixed in version 4:4.1.2-6woody3.
For the unstable distribution (sid) this problem will be fixed soon. Refer to Debian bug #200736.
We recommend that you update your php4 package.
Upgrade Instructions --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
Debian GNU/Linux 3.0 alias woody --------------------------------