Bug 662707 (CVE-2006-7243)
Summary: | CVE-2006-7243 php: paths with NULL character were considered valid | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | colin, dmitry, ernest.beinrohr, fedora, jkurik, jorton, ldimaggi, leonard-rh-bugzilla, leo, rcollet, redhat-bugzilla, robert.scheck, rpm, svyatoslav.lempert, webstack-team |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | php 5.3.4 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-09-04 18:59:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 958614, 988714, 1067646, 1067647 | ||
Bug Blocks: | 927185, 952520, 974906 |
Description
Vincent Danen
2010-12-13 16:45:35 UTC
*** This bug has been marked as a duplicate of bug 169857 *** *** Bug 820101 has been marked as a duplicate of this bug. *** ownCloud 5.0.5 setup complains that a fully RHEL 6 is vulnerable to this. Not very nice - even this is just moderate. Any plans to fix this? Cross-filed case 00836562 in the Red Hat customer portal. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1307 https://rhn.redhat.com/errata/RHSA-2013-1307.html Statement: (none) This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1615 https://rhn.redhat.com/errata/RHSA-2013-1615.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0311 https://rhn.redhat.com/errata/RHSA-2014-0311.html Thank to Remi Collet for pointing out that parts of the upstream patch are applicable to additional packages available in EPEL-5. Those are either for modules that were not part of PHP upstream in version 5.1.6, or that are not built in Red Hat Enterprise Linux 5 packages. php-pecl-zip php-pecl-fileinfo php-extras (tidy module) CCing respective owners. zip: http://pkgs.fedoraproject.org/cgit/php-pecl-zip.git/commit/?h=el5&id=3c94f430d28fe042709348721d92d21b87640301 fileinfo: http://pkgs.fedoraproject.org/cgit/php-pecl-Fileinfo.git/commit/?h=el5&id=b97721c3170163d79527c265f02258e5bc8bbd99 tidy: http://pkgs.fedoraproject.org/cgit/php-extras.git/commit/?h=el5&id=b704d7895d947fcb040393df6cc21c9f2c8572d5 Build + update will come ASAP. |