Package : php3 Vulnerability : several Problem-Type : remote Debian-specific: no CVE IDs : CAN-2004-0594 CAN-2004-0595
Two vulnerabilities have been discovered in php4 which also apply to the version of php3 in the stable Debian distribution. The Common Vulnerabilities and Exposures project identifies the following problems:
CAN-2004-0594
The memory_limit functionality allows remote attackers to execute arbitrary code under certain circumstances.
CAN-2004-0595
The strip_tags function does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by some web browsers which could lead to cross-site scripting (XSS) vulnerabilities.
For the stable distribution (woody) these problems have been fixed in version 3.0.18-23.1woody2.
For the unstable distribution (sid) these problems have been fixed in version 3.0.18-27.
We recommend that you upgrade your php3 packages.
Upgrade Instructions --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody --------------------------------