Mandriva Linux Security Advisory 2009:302: php

44

Some vulnerabilities were discovered and corrected in php-5.3.1:

– Added max_file_uploads INI directive, which can be set to limit
the number of file uploads per-request to 20 by default, to prevent
possible DOS via temporary file exhaustion. (Ilia)
– Added missing sanity checks around exif processing. (CVE-2009-3292,
Ilia)
– Fixed a safe_mode bypass in tempnam() identified by Grzegorz
Stachowiak. (CVE-2009-3557, Rasmus)
– Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
– Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559,
Johannes, christian at elmerot dot se)

Additionally, some packages which require so, have been rebuilt and
are being provided as updates…

Read More