The maintainers of PHP have released two new versions of the scripting language that fix a number of bugs, including a pair of vulnerabilities related to OpenSSL. Versions 5.4.28 and 5.5.12 both contain that important patch, as well as fixes for more than a dozen other vulnerabilities.
The fix for the OpenSSL flaws is in both PHP 5.4.28 and 5.5.12. Both versions also include a slew of other bug fixes, one of which is for CVE-2014-0185, a privilege escalation flaw. The bug could allow an attacker to run arbitrary code in some situations.
Full Article
Userlevel 7
(The following is a update on OpenSSl Flaws.)
By Tom Paye Published June 17, 2014 Quote/ A10: Brace for more OpenSSL bugs
In the wake of the furore caused over the Heartbleed OpenSSL vulnerability, Middle East organisations need to prepare for future OpenSSL bugs, according to Glen Ogden, regional sales director at A10 Networks.
On June 5, the OpenSSL Project published a security advisory revealing six new OpenSSL vulnerabilities. Ogden said that the most serious of these is a ChangeCipherSpec (CCS) injection flaw that affects every version of OpenSSL.
itp.net/ full read here/ http://www.itp.net/598634-a10-brace-for-more-openssl-bugs
By Tom Paye Published June 17, 2014 Quote/ A10: Brace for more OpenSSL bugs
In the wake of the furore caused over the Heartbleed OpenSSL vulnerability, Middle East organisations need to prepare for future OpenSSL bugs, according to Glen Ogden, regional sales director at A10 Networks.
On June 5, the OpenSSL Project published a security advisory revealing six new OpenSSL vulnerabilities. Ogden said that the most serious of these is a ChangeCipherSpec (CCS) injection flaw that affects every version of OpenSSL.
itp.net/ full read here/ http://www.itp.net/598634-a10-brace-for-more-openssl-bugs
Userlevel 7
The following article is a update
Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows.
The flaws were detailed this week by Swiss researchers High-Tech Bridge in versions 5.4.33, 5.5.17 and 5.6.1 on a machine running Ubuntu 14.04.1 LTS and theRadamsa fuzzer.
A patch issued last month for CVE-2014-3669 closed an unserialised function which researcher Symeon Paraschoudis detailed in a technical walk through.
Full article
(Quick PHP patch beats slow research reveal)
By Darren Pauli, 23 Oct 2014Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows.
The flaws were detailed this week by Swiss researchers High-Tech Bridge in versions 5.4.33, 5.5.17 and 5.6.1 on a machine running Ubuntu 14.04.1 LTS and theRadamsa fuzzer.
A patch issued last month for CVE-2014-3669 closed an unserialised function which researcher Symeon Paraschoudis detailed in a technical walk through.
Full article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.