Mehrere Probleme in phpsysinfo
ID: | 200311-06 |
Distribution: | Gentoo |
Plattformen: | Keine Angabe |
Datum: | Di, 25. November 2003, 12:00 |
Referenzen: | Keine Angabe |
Applikationen: | phpsysinfo |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 --------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200311-06 --------------------------------------------------------------------------- GLSA: 200311-06 package: dev-php/phpsysinfo summary: phpSysInfo directory traversal severity: normal Gentoo bug: 26782 date: 2003-11-22 CVE: CAN-2003-0536 exploit: local affected: <=2.1 fixed: >=2.1-r1 DESCRIPTION: phpSysInfo contains two vulnerabilities which could allow local files to be read or arbitrary PHP code to be executed, under the privileges of the web server process. SOLUTION: It is recommended that all Gentoo Linux users who are running dev-php/phpsysinfo upgrade to the fixed version: emerge sync emerge '>=dev-php/phpsysinfo-2.1-r1' emerge clean -- Andrea Barisani |