5386 – PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1

Bug 5386 - PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1

Summary: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	x86 Linux

Importance:	High blocker (vote)
Assignee:	Ryan Phillips (RETIRED)

URL:	http://cvs.php.net/co.php/phpweb/rele...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-07-22 07:56 UTC by Toni Viemerö
Modified:	2003-02-04 19:42 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Toni Viemerö 2002-07-22 07:56:51 UTC

The PHP Group has learned of a serious security vulnerability in PHP versions 
4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the 
privileges of the web server. This vulnerability may be exploited to compromise 
the web server and, under certain conditions, to gain privileged access.
The PHP Group has released a new PHP version, 4.2.2, which incorporates a fix 
for the vulnerability.

Comment 1 Seemant Kulleen (RETIRED) gentoo-dev

2002-07-22 08:11:12 UTC

Ryan, please investigate and patch/fix as appropriate, then drop me an e-mail so
that I can send out a GLSA

Comment 2 Toni Viemerö 2002-07-22 08:12:48 UTC

Here's the advisory link: http://security.e-matters.de/advisories/022002.html

Comment 3 Ryan Phillips (RETIRED) gentoo-dev

2002-07-22 13:13:50 UTC

Appears Aliz committed the update and the security update was sent