-
November 7th, 2005, 07:21 PM
#1
Advisory ID : FrSIRT/ADV-200Slackware Security Update Fixes Multiple PHP Security By
Advisory ID : FrSIRT/ADV-2005-2322
CVE ID : CVE-2005-2491 - CVE-2005-3054 - CVE-2005-3392 - CVE-2005-3391 - CVE-2005-3390 - CVE-2005-3389 - CVE-2005-3388
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-11-07
Technical Description
Slackware has released updated packages to correct multiple vulnerabilities identified in PHP. These flaws could be exploited by remote attackers to bypass security restrictions or conduct cross site scripting attacks. For additional information, see : FrSIRT/ADV-2005-2254
Affected Products
Slackware 10.2
Solution
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackwar...4.1-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackwar...4.1-i486-1.tgz
References
http://www.frsirt.com/english/advisories/2005/2322
http://slackware.com/security/viewer...ecurity.375069
there treating this as high risk mostly because of php's wide spread use so slackies get up-dating
especially if your running a public webserver on affected version and platform have phun !
Instead of me posting these at random intervals may i recommend there RSS Feed
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
http://muaythaiscotland.com/
-
November 7th, 2005, 07:28 PM
#2
There are actually quite a few that were released the other day. I was kind of shocked. Don't think that many had ever been released
Remember kids:
slapt-get update
slapt-get upgrade
Or
swaret --update
swaret --upgrade
Or if you're like me:
wget ftp://ftp.slackware.com....
upgradepkg *.tgz
-
November 7th, 2005, 07:32 PM
#3
Gore there rolling out a good few every day from silly little **** to remote root sploits just the way the web works wonder how much of it weill get discussed here
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
http://muaythaiscotland.com/
-
November 7th, 2005, 08:07 PM
#4
I roll my own apache 2, php, mysql and postgresql combo.. and keep it updated
(slack is apache 1.3 standard)
I'd prefer to totally ditch mysql but that would propably involve me rewriting vital parts of nucleuscms, which I don't have the time for atm.
But for the rest, it's swaret --update && swaret --upgrade for me..
Thanks for the heads up..
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|