pkgsrc.se | The NetBSD package collection

./security/php-suhosin, Advanced protection system for PHP installations

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2011Q4, Version: 5.2.17.0.9.33, Package name: php5-suhosin-5.2.17.0.9.33, Maintainer: cg

Suhosin is an advanced protection system for PHP installations. It was
designed to protect servers and users from known and unknown flaws in
PHP applications and the PHP core. Suhosin comes in two independent
parts, that can be used separately or in combination. The first part is
a small patch against the PHP core, that implements a few low-level
protections against bufferoverflows or format string vulnerabilities and
the second part is a powerful PHP extension that implements all the other
protections.

Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP
installation, which means it is compatible to 3rd party binary extension
like ZendOptimizer.

Required to run:
[lang/php5]

Required to build:
[devel/autoconf] [devel/libtool-base] [devel/automake]

Master sites:

http://download.suhosin.org/

Version history: (Expand)

(2012-01-21) Updated to version: php5-suhosin-5.2.17.0.9.33
(2012-01-08) Package added to pkgsrc.se, version php5-suhosin-5.2.17.0.9.32.1 (created)

CVS history: (Expand)

2012-01-21 10:02:46 by Steven Drake | Files touched by this commit (2)

Log message:
Pullup ticket #3658 - requested by taca
security/php-suhosin security fix

Revisions pulled up:
- security/php-suhosin/Makefile                                 1.5
- security/php-suhosin/distinfo                                 1.4

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jan 20 03:23:34 UTC 2012

   Modified Files:
   	pkgsrc/security/php-suhosin: Makefile distinfo

   Log message:
   Update php-suhosin package to 0.9.33 to fix security problem.

                            SektionEins GmbH
                           www.sektioneins.de

                        -= Security  Advisory =-

        Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack
   Buffer Overflow
    Release Date: 2012/01/19
   Last Modified: 2012/01/19
          Author: Stefan Esser [stefan.esser[at]sektioneins.de]

     Application: Suhosin Extension <= 0.9.32.1
        Severity: A possible stack buffer overflow in Suhosin extension's
                  transparent cookie encryption that can only be triggered
                  in an uncommon and weakened Suhosin configuration can lead
                  to arbitrary remote code execution, if the FORTIFY_SOURCE
                  compile option was not used when Suhosin was compiled.
            Risk: Medium
   Vendor Status: Suhosin Extension 0.9.33 was released which fixes this
   vulnerability
       Reference: http://www.suhosin.org/
                  https://github.com/stefanesser/suhosin