Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20091120150328.4495c235@redhat.com>
Date: Fri, 20 Nov 2009 15:03:28 +0100
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: php 5.3.1 update

On Fri, 20 Nov 2009 10:47:35 +0000 Joe Orton <jorton@...hat.com> wrote:

> > PHP was updated to version 5.3.1 and did also address security
> > issues: http://www.php.net/releases/5_3_1.php
> 
> We assigned some CVE names for the new issues here; two correspond to 
> existing issues fixed earlier in 5.2.11.  The CVE names have not made
> it to the web site but were used in the e-mail announcement text:

Link to announcement mail with CVEs:

  http://news.php.net/php.announce/79

> - Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559,
>   Johannes, christian at elmerot dot se)

Reading the upstream bug http://bugs.php.net/bug.php?id=50063 , this is
not a security flaw, rather a safe_mode regression causing uid check to
happen where it should not resulting in over-restrictive safe_mode.

Some links for the other two issues:

> - Fixed a safe_mode bypass in tempnam() identified by Grzegorz
> Stachowiak. (CVE-2009-3557, Rasmus)

  http://securityreason.com/securityalert/6601
  http://svn.php.net/viewvc?view=revision&revision=288945

> - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
>   Stachowiak. (CVE-2009-3558, Rasmus)

  http://securityreason.com/securityalert/6600
  http://svn.php.net/viewvc?view=revision&revision=288943

Looks like CVE-2009-3546 got fixed too.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.