Bryce Nichols

**Name of the Vulnerable Software and Affected Versions** PHP package in Slackware versions 8.1 through 9.1 **Description** The issue allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path because the PHP package, when linked against a static library, includes /tmp in the search path. **Recommendations** For Slackware versions 8.1 through 9.1, consider restricting access to the /tmp directory to prevent local users from inserting malicious shared libraries. As a temporary workaround, avoid using static libraries with the PHP package until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.