[nycphp-talk] Latest security alert ... CVE-2006-4812
Jon Baer
jonbaer at jonbaer.com
Wed Oct 11 22:45:40 EDT 2006
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4812
http://www.hardened-php.net/advisory_092006.133.html
Looks like everyone should patch up no? ...
BTW, does anyone run the hardened fork? Im a little wierded out by
this statement ...
-snip-
The PHP 5 branch of the PHP source code lacks the protection
against possible integer overflows inside ecalloc() that is
present in the PHP 4 branch and also for several years part of
our Hardening-Patch and our new Suhosin-Patch.
-snip-
Several years?
- Jon
More information about the talk
mailing list