English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  


--------------------------------------------------------------------------
  Turbolinux Security Advisory TLSA-2002-83
  http://www/turbolinux.co.jp/security/
                                            security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Php

Problem on two security

   Release date : 2002-12-04

   Solution: package : php-4.1.2-14

   Problem
    * Problem of the cross * sight script exists in the processing which reads the CRLF cord/code of the php.
    * Using vulnerability of mail function of the php, non- there is a possibility of mail command being executed.

   Solution:
    Using turbopkg command, please do automatic operation update.
    When necessary, update is done automatically.

Use the following command to verify the version currently installed.

    # rpm -qa | grep package name

    When automatic operation update is used, those which are presently are installed update all objects.
    Select the package, and use the rpm command to select when you would like to update.

    Execution example
    ---------------------------------------------------------------------
    1. In super user modification
    $ su -

    2. Password of super user input
    Password:

    3. Starting the turbopkg
    # turbopkg

    4. Menu selection
    " Update "
    
    " FTP server "
    
    " Update sight "
    
    Optional sight selection

    5. In general user modification
    # exit
    ---------------------------------------------------------------------


    < Turbolinux 8 Server >

    * This problem does not correspond.

    < Turbolinux 8 Workstation >

    php-4.1.2-14.i586.rpm
    php-gd-4.1.2-14.i586.rpm
    php-imap-4.1.2-14.i586.rpm
    php-ldap-4.1.2-14.i586.rpm
    php-manual-4.1.2-14.i586.rpm
    php-ming-4.1.2-14.i586.rpm
    php-mysql-4.1.2-14.i586.rpm
    php-pgsql-4.1.2-14.i586.rpm

    < Turbolinux 7 Server >
    < Turbolinux 7 Workstation >

    php-4.1.2-14.i586.rpm
    php-imap-4.1.2-14.i586.rpm
    php-ldap-4.1.2-14.i586.rpm
    php-manual-4.1.2-14.i586.rpm
    php-mysql-4.1.2-14.i586.rpm
    php-pgsql-4.1.2-14.i586.rpm

    < Turbolinux Server 6.5 >
    < Turbolinux Advanced Server 6 >

    php-3.0.18-15jaJP.i386.rpm
    php-imap-3.0.18-15jaJP.i386.rpm
    php-ldap-3.0.18-15jaJP.i386.rpm
    php-manual-3.0.18-15jaJP.i386.rpm
    php-mysql-3.0.18-15jaJP.i386.rpm
    php-pgsql-3.0.18-15jaJP.i386.rpm

    < Turbolinux Server 6.1 >

    php-3.0.18-15jaJP.i386.rpm
    php-ldap-3.0.18-15jaJP.i386.rpm
    php-manual-3.0.18-15jaJP.i386.rpm
    php-mysql-3.0.18-15jaJP.i386.rpm
    php-pgsql-3.0.18-15jaJP.i386.rpm

    < Turbolinux Workstation 6.0 >

    * Because the php package of 4 types is not recorded in the above-mentioned product, it is not necessary to update.


    * Upon the maintenance of our company FTP sight, we determined that update of the turbopkg is neccesary. Details the below-mentioned URL reference.
http://www.turbolinux.co.jp/download/zabom.html

Package updates: http://www.turbolinux.co.jp/update/

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.