Results 1 to 4 of 4

Thread: Advisory ID : FrSIRT/ADV-200Slackware Security Update Fixes Multiple PHP Security By

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050

    Advisory ID : FrSIRT/ADV-200Slackware Security Update Fixes Multiple PHP Security By

    Advisory ID : FrSIRT/ADV-2005-2322
    CVE ID : CVE-2005-2491 - CVE-2005-3054 - CVE-2005-3392 - CVE-2005-3391 - CVE-2005-3390 - CVE-2005-3389 - CVE-2005-3388
    Rated as : High Risk
    Remotely Exploitable : Yes
    Locally Exploitable : Yes
    Release Date : 2005-11-07

    Technical Description

    Slackware has released updated packages to correct multiple vulnerabilities identified in PHP. These flaws could be exploited by remote attackers to bypass security restrictions or conduct cross site scripting attacks. For additional information, see : FrSIRT/ADV-2005-2254

    Affected Products

    Slackware 10.2

    Solution

    Updated package for Slackware 10.2:
    ftp://ftp.slackware.com/pub/slackwar...4.1-i486-1.tgz

    Updated package for Slackware -current:
    ftp://ftp.slackware.com/pub/slackwar...4.1-i486-1.tgz

    References

    http://www.frsirt.com/english/advisories/2005/2322
    http://slackware.com/security/viewer...ecurity.375069


    there treating this as high risk mostly because of php's wide spread use so slackies get up-dating
    especially if your running a public webserver on affected version and platform have phun !

    Instead of me posting these at random intervals may i recommend there RSS Feed
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  2. #2
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    There are actually quite a few that were released the other day. I was kind of shocked. Don't think that many had ever been released

    Remember kids:

    slapt-get update

    slapt-get upgrade

    Or

    swaret --update

    swaret --upgrade

    Or if you're like me:

    wget ftp://ftp.slackware.com....

    upgradepkg *.tgz

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    Gore there rolling out a good few every day from silly little **** to remote root sploits just the way the web works wonder how much of it weill get discussed here
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  4. #4
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    I roll my own apache 2, php, mysql and postgresql combo.. and keep it updated
    (slack is apache 1.3 standard)
    I'd prefer to totally ditch mysql but that would propably involve me rewriting vital parts of nucleuscms, which I don't have the time for atm.

    But for the rest, it's swaret --update && swaret --upgrade for me..

    Thanks for the heads up..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •