Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 5386

Summary: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Product: Gentoo Linux Reporter: Toni Viemerö <toni.viemero>
Component: Current packagesAssignee: Ryan Phillips (RETIRED) <rphillips>
Status: RESOLVED FIXED    
Severity: blocker CC: seemant
Priority: High    
Version: 1.2   
Hardware: x86   
OS: Linux   
URL: http://cvs.php.net/co.php/phpweb/release_4_2_2.php
Whiteboard:
Package list:
Runtime testing required: ---

Description Toni Viemerö 2002-07-22 07:56:51 UTC 
The PHP Group has learned of a serious security vulnerability in PHP versions 
4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the 
privileges of the web server. This vulnerability may be exploited to compromise 
the web server and, under certain conditions, to gain privileged access.
The PHP Group has released a new PHP version, 4.2.2, which incorporates a fix 
for the vulnerability.
Comment 1 Seemant Kulleen (RETIRED) gentoo-dev 2002-07-22 08:11:12 UTC 
Ryan, please investigate and patch/fix as appropriate, then drop me an e-mail so
that I can send out a GLSA
Comment 2 Toni Viemerö 2002-07-22 08:12:48 UTC 
Here's the advisory link: http://security.e-matters.de/advisories/022002.html
Comment 3 Ryan Phillips (RETIRED) gentoo-dev 2002-07-22 13:13:50 UTC 
Appears Aliz committed the update and the security update was sent