Several vulnerabilities have been discovered in PHP, a server-side,
HTML-embedded scripting language. The Common Vulnerabilities and
Exposures project identifies the following problems:
- CVE-2007-3806
The glob function allows context-dependent attackers to cause
a denial of service and possibly execute arbitrary code via
an invalid value of the flags parameter.
- CVE-2008-1384
Integer overflow allows context-dependent attackers to cause
a denial of service and possibly have other impact via a
printf format parameter with a large width specifier.
- CVE-2008-2050
Stack-based buffer overflow in the FastCGI SAPI.
- CVE-2008-2051
The escapeshellcmd API function could be attacked via
incomplete multibyte chars.
For the stable distribution (etch), these problems have been fixed in
version 5.2.0-8+etch11.
For the unstable distribution (sid), these problems have been fixed in
version 5.2.6-1.
We recommend that you upgrade your php5 package.