found 342339 7.13.2-2 thanks On Wed, Dec 07, 2005 at 10:34:52AM +0100, Moritz Muehlenhoff wrote: >
hi, > Quoting Stefan Esser: > | During a quick scan of the URL parsing code within libcurl, it was > | discovered, that certain malformed URLs trigger an off-by-one(two) > | bufferoverflow. This may lead to unintended arbitrary code execution. > > | Because the attacker must be able to force curl to load such an URL, > | which is not possible through a HTTP redirect, the impact is low. > | However a local attacker might use this vulnerability to break out > | of safe_mode/open_basedir restrictions when PHP is compiled with > | libcurl support. > > Please see http://www.hardened-php.net/advisory_242005.109.html for > more information; it's fixed in 7.15.1 i'm already on it, thank you :) cheers domenico -----[ Domenico Andreoli, aka cavok --[ http://people.debian.org/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50
signature.asc
Description: Digital signature
