Package : php4
Vulnerability : several
Problem-Type : remote
CVE ID : CVE-2007-0906 CVE-2007-0907 CVE-2006-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988
Several remote vulnerabilities have been discovered in PHP, a server-side,
HTML-embedded scripting language, which may lead to the execution of
arbitrary code. The Common Vulnerabilities and Exposures project identifies
the following problems:
It was discovered that an integer overflow in the str_replace()
function could lead to the execution of arbitrary code.
It was discovered that a buffer underflow in the sapi_header_op()
function could crash the PHP interpreter.
Stefan Esser discovered that a programming error in the wddx
extension allows information disclosure.
It was discovered that a format string vulnerability in the
odbc_result_all() functions allows the execution of arbitrary code.
It was discovered that super-global variables could be overwritten
with session data.
Stefan Esser discovered that the zend_hash_init() function could
be tricked into an endless loop, allowing denial of service through
resource consumption until a timeout is triggered.
For the stable distribution (sarge) these problems have been fixed in
For the unstable distribution (sid) these problems have been fixed in
version 6:4.4.4-9 of php4 and version 5.2.0-9 of php5.
We recommend that you upgrade your php4 packages.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
will update the internal database
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge