[TOOL] Suhosin - Advanced Protection System for PHP



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Suhosin - Advanced Protection System for PHP
------------------------------------------------------------------------


SUMMARY



DETAILS

Suhosin is an advanced protection system for PHP installations. It was
designed to protect servers and users from known and unknown flaws in PHP
applications and the PHP core. Suhosin comes in two independent parts,
that can be used separately or in combination. The first part is a small
patch against the PHP core, that implements a few low-level protections
against buffer overflows or format string vulnerabilities and the second
part is a powerful PHP extension that implements all the other
protections.


ADDITIONAL INFORMATION

The information has been provided by <mailto:sesser@xxxxxxxxxxxxxxxx>
Stefan Esser.
To keep updated with the tool visit the project's homepage at:
<http://www.hardened-php.net/suhosin/index.html>
http://www.hardened-php.net/suhosin/index.html



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [UNIX] Multiple Vulnerabilities within PHP 4/5 (pack, unpack, safe_mode_exec_dir, safe_mode, realpat
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... PHP is "a widely-used general-purpose scripting language that is ... several vulnerabilities within PHP were ... unserialize() - Wrong Handling of Negative References ...
    (Securiteam)
  • [UNIX] Dotdeb PHP Email Header Injection Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Dotdeb PHP Email Header Injection Vulnerability ... This patch adds an X-PHP-Script header to ...
    (Securiteam)
  • [NEWS] PHP getimagesize() Multiple DoS Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... PHP is a widely-used general-purpose scripting language that is especially ... Remote exploitation of a denial of service condition in the PHP ... Local exploitation of an input validation vulnerability in The PHP Group's ...
    (Securiteam)
  • [UNIX] PHP 5.1.6 / 4.4.4 Critical php_admin* Bypass by ini_restore()
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... There is a privilage escalation vulnerability in PHP. ... Used to set a boolean configuration directive. ... can not be overridden by .htaccess or virtualhost directives. ...
    (Securiteam)
  • [UNIX] PHP memory_limit Remote Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... According to Security Space PHP is the most popular Apache module and is ... When PHP allocates a block of memory it ...
    (Securiteam)