Perl and PHP Issues, Citrix XSS

Perl 5.8.8 contains a buffer overflow when processing certain regular expressions. The overflow can occur when switching between byte and Unicode characters. This affects currently installed versions of dev/lang. Users should apply their distributions’ updated version or rebuild the source with a patch applied.

PHP 5.2.4 is vulnerable to multiple issues. Successful exploitation could result in a denial of service condition, could allow an attacker to bypass security restrictions, or ultimately execute arbitrary code. PHP has released version 5.2.5 to address these issues.

Citrix NetScaler contains a XSS bug in the management interface. The vulnerability has been identified in version 8.0, build 47.8 and other versions may be affected. Users of this software should not remain logged in to the management interface while browsing other web sites.

Leave a Reply