Re: PHP vulnerability

At 10:00 AM +0000 2/28/02, Keith Beeby wrote:

Hi,

Any idea how quickly Tenon will have v4.1.2 ready?

This advisory was posted yesterday. We should have an update on Monday. Thanks for posting this.

-Anita

Until then the only option is to:

Disable fileuploads

If upgrading is not possible or a patch cannot be applied, you can avoid
these vulnerabilities by disabling fileupload support. Edit the PHP
configuration file php.ini as follows:

file_uploads = off
Note that this setting only applies to version 4.0.3 and above. However,
this will prevent you from using fileuploads, which may not be acceptable in
your environment.

See http://www.cert.org/advisories/CA-2002-05.html for more details,

Regards,

Keith


--
Tenon Intersystems                                       805-963-6983
1123 Chapala Street                                   anita@xxxxxxxxx
Santa Barbara, CA 93101                          http://www.tenon.com

Previous by Date:	Re: Fwd: Re: >>> Secure Admin?, Hazlitt Krog
Next by Date:	PHP from the command line, Peter Bengtson
Previous by Thread:	PHP vulnerability, Keith Beeby
Next by Thread:	PHP from the command line, Peter Bengtson
Indexes:	[Date] [Thread] [Top] [All Lists]