Security update for PHP5 (important)

2012-09-13T00:09:06
ID SUSE-SU-2012:1156-1
Type suse
Reporter Suse
Modified 2012-09-13T00:09:06

Description

This update fixes CVE-2011-1398 and CVE-2011-4388 (header injection via CR).

This update also changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was assigned.