Alerts from SecurityFocus Newsletter #322

Summarized by Daniel Convissor

PHP

  • PHP Apache 2 Local Denial of Service Vulnerability
    This SF report says the matter has been resolved in 4.4.1. But looking at the CVS log messages at http://cvs.php.net/php-src/sapi/apache2handler/sapi_apache2.c one can see that further important fixes for this SAPI were implemented on 18 Nov 2005 which have yet to be incorporated into an official release.

APPLICATIONS USING PHP

RELATED STUFF

ITEMS OF INTEREST FROM OTHER SOURCES

  • PEAR HTML_Form Cross-Site Scripting and Remote Code Injection Vulnerabilities
    Release 1.3.0 of PEAR's HTML_Form package contains important security fixes.
XML feed