PHP cURL Open_Basedir Restriction Bypass Vulnerability
Avaya has released an advisory (ASA-2005-136) that acknowledges this vulnerability for Avaya products. Please see the referenced Avaya advisory for further details.
Conectiva has released an advisory (CLSA-2005:955) and fixes to address this and other issues. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.
Ubuntu Linux has released advisory USN-66-1 to address this, and other issues. Please see the referenced advisory for further information.
Ubuntu has released advisory USN-66-2 to release new fixes for this issue. The fixes included in the previous Ubuntu advisory USN-66-1 still allow for some variants of this issue to occur. Please see the referenced advisory for more information.
Fedora has released Fedora Legacy advisory FLSA:2344 to address various issues in Red Hat Linux 7.3, Red Hat Linux 9.0 and Fedora Core 1 for the i386 architecture. Please see the referenced advisory for more information.
Red Hat released advisory RHSA-2005:405-06 as well as fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.
SGI has released an advisory 20050501-01-U including updated SGI ProPack 3
Service Pack 5 packages to address this BID and other issues. Please see
the referenced advisory for more information.
PHP PHP 4.1.2
PHP PHP 4.2.2
PHP PHP 4.3.3
PHP PHP 4.3.8