Debian DSA-708-1 : php3 - missing input sanitising
Medium Nessus Plugin ID 18053
SynopsisThe remote Debian host is missing a security-related update.
DescriptionAn iDEFENSE researcher discovered two problems in the image processing functions of PHP, a server-side, HTML-embedded scripting language, of which one is present in PHP3 as well. When reading a JPEG image, PHP can be tricked into an endless loop due to insufficient input validation.
SolutionUpgrade the php3 package.
For the stable distribution (woody) this problem has been fixed in version 3.0.18-23.1woody3.