http://www.net-security.org/advisory.php?id=8790

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1550-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 17, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : suphp
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-1614
Debian Bug : 475431

It was discovered that suphp, an Apache module to run PHP scripts with
owner permissions handles symlinks insecurely, which may lead to
privilege escalation by local users.



** Posted from http://www.teranews.com **