1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
- - --------------------------------------------------------------------------- |
6 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-06 |
7 |
- - --------------------------------------------------------------------------- |
8 |
|
9 |
GLSA: 200311-06 |
10 |
package: dev-php/phpsysinfo |
11 |
summary: phpSysInfo directory traversal |
12 |
severity: normal |
13 |
Gentoo bug: 26782 |
14 |
date: 2003-11-22 |
15 |
CVE: CAN-2003-0536 |
16 |
exploit: local |
17 |
affected: <=2.1 |
18 |
fixed: >=2.1-r1 |
19 |
|
20 |
DESCRIPTION: |
21 |
|
22 |
|
23 |
phpSysInfo contains two vulnerabilities which could allow local files to be |
24 |
read or arbitrary PHP code to be executed, under the privileges of the web |
25 |
server process. |
26 |
|
27 |
|
28 |
SOLUTION: |
29 |
|
30 |
|
31 |
It is recommended that all Gentoo Linux users who are running |
32 |
dev-php/phpsysinfo upgrade to the fixed version: |
33 |
|
34 |
emerge sync |
35 |
emerge '>=dev-php/phpsysinfo-2.1-r1' |
36 |
emerge clean |
37 |
|
38 |
|
39 |
- -- |
40 |
Andrea Barisani <lcars@g.o> .*. |
41 |
Gentoo Linux Infrastructure Developer V |
42 |
( ) |
43 |
GPG-Key 0xC9EE0905 http://dev.gentoo.org/~lcars/pubkey.asc ( ) |
44 |
491D E9E0 3875 0EC9 10DD 150B CAA9 2C7D C9EE 0905 ^^_^^ |
45 |
|
46 |
|
47 |
-----BEGIN PGP SIGNATURE----- |
48 |
Version: GnuPG v1.2.3 (GNU/Linux) |
49 |
|
50 |
iD8DBQE/wi8LyqksfcnuCQURAmwWAJ9Ry7D8VrFpf1o2NuzqUXYsw0f8BwCfe7RV |
51 |
01JaCZoERigxYEwopTsOp2U= |
52 |
=MOHk |
53 |
-----END PGP SIGNATURE----- |