Advisory ID : FrSIRT/ADV-200Slackware Security Update Fixes Multiple PHP Security By
Advisory ID : FrSIRT/ADV-2005-2322
CVE ID : CVE-2005-2491 - CVE-2005-3054 - CVE-2005-3392 - CVE-2005-3391 - CVE-2005-3390 - CVE-2005-3389 - CVE-2005-3388
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-11-07
Technical Description
Slackware has released updated packages to correct multiple vulnerabilities identified in PHP. These flaws could be exploited by remote attackers to bypass security restrictions or conduct cross site scripting attacks. For additional information, see : FrSIRT/ADV-2005-2254
Affected Products
Slackware 10.2
Solution
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackwar...4.1-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackwar...4.1-i486-1.tgz
References
http://www.frsirt.com/english/advisories/2005/2322
http://slackware.com/security/viewer...ecurity.375069
there treating this as high risk mostly because of php's wide spread use so slackies get up-dating
especially if your running a public webserver on affected version and platform have phun !:)
Instead of me posting these at random intervals may i recommend there RSS Feed
