1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - --------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-09.1 |
6 |
- - --------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : mod_php |
9 |
SUMMARY : arbitrary code execution |
10 |
DATE : 2003-02-19 15:56 UTC |
11 |
EXPLOIT : remote |
12 |
|
13 |
- - --------------------------------------------------------------------- |
14 |
|
15 |
This is a re-release of GLSA-200302-09 becuse the first post |
16 |
contained some errors. |
17 |
|
18 |
- From release notes: |
19 |
|
20 |
"PHP contains code for preventing direct access to the CGI binary with |
21 |
configure option "--enable-force-cgi-redirect" and php.ini option |
22 |
"cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these |
23 |
options useless." |
24 |
|
25 |
Read the full release notes at: |
26 |
http://www.php.net/release_4_3_1.php |
27 |
|
28 |
SOLUTION |
29 |
|
30 |
It is recommended that all Gentoo Linux users who are running |
31 |
dev-php/mod_php upgrade to mod_php-4.3.1 as follows: |
32 |
|
33 |
emerge sync |
34 |
emerge -u mod_php |
35 |
emerge clean |
36 |
|
37 |
- - --------------------------------------------------------------------- |
38 |
aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz |
39 |
rphillips@g.o |
40 |
- - --------------------------------------------------------------------- |
41 |
-----BEGIN PGP SIGNATURE----- |
42 |
Version: GnuPG v1.2.1 (GNU/Linux) |
43 |
|
44 |
iD8DBQE+U6k3fT7nyhUpoZMRAgYGAJ0VuZ3QvRgdFE9MfkrsdpNRQnfNwgCgqDwK |
45 |
agZ3yHaDeGja82rJavna2GY= |
46 |
=r2WB |
47 |
-----END PGP SIGNATURE----- |