PHP Transparent Session ID Cross Site Scripting Vulnerability

Solution:
This vulnerability has been addressed in the PHP 4.3.2 release. Users are urged to upgrade as soon as possible.

TurboLinux has released advisory (TLSA-2003-8-25) to address this issue. Users are advised to use the turbopkg tool to apply updates. Further information is available in the referenced advisory.

Mandrake has released a new security advisory, (MDKSA-2003:082). Information on obtaining and applying fixes can be found in the referenced advisory.

Debian has released a new security advisory, (DSA 351-1 ). Information on obtaining and applying fixes can be found in the referenced advisory.

Red Hat has released advisory RHSA-2003:204-01 to address this issue.

OpenPKG has released a new security advisory, OpenPKG-SA-2003.032. Information on obtaining and applying fixes can be found in the referenced advisory.

Conectiva has released a new security advisory, CLA-2003:691. Information on obtaining and applying fixes can be found in the referenced advisory.

Yellow Dog has released a security advisory regarding these issues. Information on obtaining and applying fixes can be found in the referenced advisory.

TurboLinux has released advisory TLSA-2003-47 to address this issue.


PHP PHP 4.0 0

PHP PHP 4.0.1

PHP PHP 4.0.2

PHP PHP 4.0.3

PHP PHP 4.0.4

PHP PHP 4.0.5

PHP PHP 4.0.6

PHP PHP 4.0.7

PHP PHP 4.1 .0

PHP PHP 4.1.1

PHP PHP 4.1.2

PHP PHP 4.2 .0

PHP PHP 4.2.1

PHP PHP 4.2.2

PHP PHP 4.2.3

PHP PHP 4.3

PHP PHP 4.3.1


 

Privacy Statement
Copyright 2010, SecurityFocus