Mandriva Linux Security Advisory : php (MDVSA-2009:302)
High Nessus Plugin ID 48158
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionSome vulnerabilities were discovered and corrected in php-5.3.1 :
- Added max_file_uploads INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
- Added missing sanity checks around exif processing.
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Fixed bug #50063 (safe_mode_include_dir fails).
(CVE-2009-3559, Johannes, christian at elmerot dot se)
Additionally, some packages which require so, have been rebuilt and are being provided as updates.
SolutionUpdate the affected packages.