Some vulnerabilities were discovered and corrected in php-5.3.1:
- Added max_file_uploads INI directive, which can be set to limit
the number of file uploads per-request to 20 by default, to prevent
possible DOS via temporary file exhaustion. (Ilia)
- Added missing sanity checks around exif processing. (CVE-2009-3292,
Ilia)
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz
Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
- Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559,
Johannes, christian at elmerot dot se)
Additionally, some packages which require so, have been rebuilt and
are being provided as updates...
Subscribe to this comment's feed
Show/hide comments
Show/hide comment form
