PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser found a problem with the “memory_limit” handling of PHP which allows remote attackers to execute arbitrary code as the user running the PHP interpreter. This problem has been fixed. Additionally a problem within the “strip_tags” function has been found and fixed which allowed remote attackers to inject arbitrary tags into certain web browsers, issuing XSS related attacks. Since there is no easy workaround except disabling PHP, we recommend an update for users running the PHP interpreter within the apache web server.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.1 | x86_64 | php4-mysql | < 4.3.4-43.11 | php4-mysql-4.3.4-43.11.x86_64.rpm |
openSUSE | 9.0 | i586 | mod_php4 | < 4.3.3-177 | mod_php4-4.3.3-177.i586.rpm |
openSUSE | 8.2 | i586 | mod_php4-core | < 4.3.1-169 | mod_php4-core-4.3.1-169.i586.rpm |
openSUSE | 9.0 | i586 | mod_php4-servlet | < 4.3.3-177 | mod_php4-servlet-4.3.3-177.i586.rpm |
openSUSE | 9.1 | i586 | php4 | < 4.3.4-43.11 | php4-4.3.4-43.11.i586.rpm |
openSUSE | 8.1 | i586 | mod_php4-servlet | < 4.2.2-479 | mod_php4-servlet-4.2.2-479.i586.rpm |
openSUSE | 9.1 | i586 | php4-imap | < 4.3.4-43.11 | php4-imap-4.3.4-43.11.i586.rpm |
openSUSE | 8.1 | i586 | mod_php4-core | < 4.2.2-479 | mod_php4-core-4.2.2-479.i586.rpm |
openSUSE | 9.1 | i586 | php4-servlet | < 4.3.4-43.11 | php4-servlet-4.3.4-43.11.i586.rpm |
openSUSE | 9.0 | x86_64 | mod_php4-servlet | < 4.3.3-177 | mod_php4-servlet-4.3.3-177.x86_64.rpm |