From owner-freebsd-security  Thu Feb 28  7:35: 6 2002
Delivered-To: freebsd-security@freebsd.org
Received: from straylight.ringlet.net (support.nanolink.com [217.75.134.33])
	by hub.freebsd.org (Postfix) with SMTP id 550C337B402
	for <freebsd-security@FreeBSD.ORG>; Thu, 28 Feb 2002 07:34:57 -0800 (PST)
Received: (qmail 75722 invoked by uid 1000); 28 Feb 2002 15:35:13 -0000
Date: Thu, 28 Feb 2002 17:35:13 +0200
From: Peter Pentchev <roam@ringlet.net>
To: Oliver Rompcik <rompcik@informatik.uni-bonn.de>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Multiple Vulnerabilities in PHP fileupload
Message-ID: <20020228173513.E456@straylight.oblivion.bg>
Mail-Followup-To: Oliver Rompcik <rompcik@informatik.uni-bonn.de>,
	freebsd-security@FreeBSD.ORG
References: <02022815554902.01017@pinguin.rompcik>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="KDt/GgjP6HVcx58l"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <02022815554902.01017@pinguin.rompcik>; from rompcik@informatik.uni-bonn.de on Thu, Feb 28, 2002 at 03:55:49PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--KDt/GgjP6HVcx58l
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 28, 2002 at 03:55:49PM +0100, Oliver Rompcik wrote:
> CERT reported several vulnerabilities in all PHP Versions <=3D 4.1.1.
> See advisory at http://www.cert.org/advisories/CA-2002-05.html
>=20
> Fixed version of PHP 4.1.2 is available at http://www.php.net.
> Until fixed FreeBSD binary package is available, users should build 4.1.2=
=20
> from source.

=2E.or from the www/mod_php port, which was updated to include a fix for
this vulnerability 17 hours ago, at Wed Feb 27 22:17:22 2002 UTC.

G'luck,
Peter

--=20
Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
When you are not looking at it, this sentence is in Spanish.

--KDt/GgjP6HVcx58l
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjx+TjEACgkQ7Ri2jRYZRVO+SACdHj4kw1gqe3NMIr9BqVdfWEMA
yskAnjJnL9LoeZs0023NpVPBVtfvvHxB
=M5dO
-----END PGP SIGNATURE-----

--KDt/GgjP6HVcx58l--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message