Summary: | <dev-lang/php-5.5.2 : session fixation vulnerability allows remote hijacking of sessions (CVE-2011-4718) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mike, php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=996774 | ||
Whiteboard: | A4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 480460 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-08-14 09:08:12 UTC
I assume that this doesn't affect 5.3 and 5.4? Arches, please test and mark stable: =dev-lang/php-5.5.2 Target keywords : "amd64 x86" amd64 stable x86 stable Thanks for your work GLSA vote: yes Oh, wait, there is bug #480460, dropping state to "stable blocked" then (In reply to Sergey Popov from comment #6) > Oh, wait, there is bug #480460, dropping state to "stable blocked" then As far as I understand 5.3 and 5.4 are unaffected, and s390 has not been stabilised for 5.5 yet, so I don't think this one should be stable blocked. (In reply to Ole Markus With from comment #7) > As far as I understand 5.3 and 5.4 are unaffected, and s390 has not been > stabilised for 5.5 yet, so I don't think this one should be stable blocked. Also, s390 is not supported security arch, so, yeah, my bad. Continue voting... CVE-2011-4718 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718): Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. Added to existing GLSA draft. This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F). This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |