Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[REDHAT] Heads up: PHP exploit (fwd)

This came out from CERT yesterday.. It was in the linux-focus mailing
lists on securityfocus on Thursday or so, I think...

The upgrade solves the problems...


-----Original Message-----
From: discuss-admin at [mailto:discuss-admin at] On Behalf Of
David Kramer
Sent: Saturday, March 02, 2002 20:41
To: BLU Boston Linux Unix group
Subject: [REDHAT] Heads up: PHP exploit (fwd)

DDDD   David Kramer                 
DK KD  "That venture capitalists are willing to take any level of DKK D
risk, even a modest one, after all that has happened in the DK KD
ecommerce sector, is inspiring.  They might almost be
DDDD   capable of becoming Red Sox fans"               -Keith Regan

---------- Forwarded message ----------
this one hasn't even hit Bugtraq yet.  I got wind of it via 
departmental mail from someone who follows the snort-sigs list.

There is a PHP problem afoot which affects POST operations in all 
versions of PHP prior to 4.1.2.  Go here for details:

And here for the fix:

I've already patched my production boxes, but there's no help yet for 
rpm'ers, far as I know.  'file_uploads = Off' in php.ini, if you can't 

Hope this helps someone. -d


Discuss mailing list
Discuss at

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /