Mandriva Linux Security Advisory 2010-140 - This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version.
9728cbfda6ca6f7ff1a4ca0bc367b17c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed