Mandriva Linux Security Advisory 2012-093

newsbot

newsbot

RSS Feed
Mandriva Linux Security Advisory 2012-093 - There is a programming error in the DES implementation used in crypt() in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored. An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service , or, potentially arbitrary code execution with the privileges of the user running the application. The updated php packages have been upgraded to the 5.3.14 version which is not vulnerable to these issues.

Weiterlesen...
 

Ähnliche Themen

Nginx als Reverse Proxy für Nextcloud und Emby

Red Hat Security Advisory 2012-1590-01

Mandriva Linux Security Advisory 2012-184

Mandriva Linux Security Advisory 2012-157

Mandriva Linux Security Advisory 2012-176

Zurück
Oben