Tag Archives: Security

Debian Security Update – php5 – 05 Mar 2013

March 6, 2013 11:06 | Leave a Comment |

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues:

  • CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files readable for the webserver.
  • CVE-2013-1643 The soap.wsdl_cache_dir function did not take PHP open_basedir restrictions into account. Note that Debian advises against relying on open_basedir restrictions for security. Read More →
Posted in: Debian 6 | Tagged: , ,

Debian Security Update – Apache2 – 04 Mar 2013

March 5, 2013 11:26 | Leave a Comment |

Several vulnerabilities have been found in the Apache HTTPD server.

  • CVE-2012-3499 The modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp did not properly escape hostnames and URIs in HTML output, causing cross site scripting vulnerabilities.
  • CVE-2012-4558 Mod_proxy_balancer did not properly escape hostnames and URIs in its balancer-manager interface, causing a cross site scripting vulnerability.
  • CVE-2013-1048 Hayawardh Vijayakumar noticed that the apache2ctl script created the lock directory in an unsafe manner, allowing a local attacker to gain elevated privileges via a symlink attack. This is a Debian specific issue. Read More →
Posted in: Debian 6 | Tagged: , , ,