VuXML: php -- multiple vulnerabilities

php -- multiple vulnerabilities

Affected packages
		php4	<	4.4.4
5	<=	php4	<	5.1.5
		php5	<	4.4.4
5	<=	php5	<	5.1.5
		mod_php4	<	4.4.4
5	<=	mod_php4	<	5.1.5
		mod_php5	<	4.4.4
5	<=	mod_php5	<	5.1.5
		php4-cgi	<	4.4.4
5	<=	php4-cgi	<	5.1.5
		php4-cli	<	4.4.4
5	<=	php4-cli	<	5.1.5
		php4-dtc	<	4.4.4
5	<=	php4-dtc	<	5.1.5
		php4-horde	<	4.4.4
5	<=	php4-horde	<	5.1.5
		php4-nms	<	4.4.4
5	<=	php4-nms	<	5.1.5
		php5-cgi	<	4.4.4
5	<=	php5-cgi	<	5.1.5
		php5-cli	<	4.4.4
5	<=	php5-cli	<	5.1.5
		php5-dtc	<	4.4.4
5	<=	php5-dtc	<	5.1.5
		php5-horde	<	4.4.4
5	<=	php5-horde	<	5.1.5
		php5-nms	<	4.4.4
5	<=	php5-nms	<	5.1.5

Details

VuXML ID	ea09c5df-4362-11db-81e1-000e0c2e438a
Discovery	2006-08-18
Entry	2006-09-13
Modified	2014-03-28

VuXML ID

ea09c5df-4362-11db-81e1-000e0c2e438a

Discovery

2006-08-18

Entry

2006-09-13

Modified

2014-03-28

The PHP development team reports:

Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.

Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.

Fixed possible open_basedir/safe_mode bypass in cURL extension and with realpath cache.

Fixed overflow in GD extension on invalid GIF images.

Fixed a buffer overflow inside sscanf() function.

Fixed an out of bounds read inside stripos() function.

Fixed memory_limit restriction on 64 bit system.

[source]

References

CVE Name

CVE-2006-4481

CVE Name

CVE-2006-4482

CVE Name

CVE-2006-4483

CVE Name

CVE-2006-4484

CVE Name

CVE-2006-4485

CVE Name

CVE-2006-4486

URL

http://www.php.net/release_4_4_4.php

URL

http://www.php.net/release_5_1_5.php