Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#4693 - PHP "wordwrap()" Buffer Overflow Vulnerability - ALST

Attached to Project: Arch Linux
Opened by James Fryman (jfryman) - Wednesday, 24 May 2006, 11:31 GMT
Last edited by Alexander Baldeck (kth5) - Wednesday, 24 May 2006, 15:16 GMT
Task Type Bug Report
Category System
Status Closed
Assigned To dorphell (dorphell)
Architecture not specified
Severity Medium
Priority High
Reported Version 0.7.1 Noodle
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
============
Leon Juranic has discovered a vulnerability in PHP, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the PHP "wordwrap()" function. This can be exploited to cause a heap-based buffer overflow via overly long strings passed to the function.

The vulnerability has been confirmed in version 5.1.2 and also reported in version 4.4.2. Other versions may also be affected.

Solution:
=========
Solution:
Update to version 5.1.3.
http://www.php.net/downloads.php

Ensure that PHP scripts do not call the "wordwrap()" PHP function with input originating from untrusted sources.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1991
This task depends upon

Closed by  Judd Vinet (judd)
Wednesday, 24 May 2006, 17:07 GMT
Reason for closing:  Fixed
Additional comments about closing:  Upgraded
Comment by Alexander Baldeck (kth5) - Wednesday, 24 May 2006, 15:15 GMT
PHP should be updated to 5.1.4 which is the latest release.

Loading...