Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201110-06 ] PHP: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1577

PostPosted: Sun Oct 16, 2011 4:26 pm    Post subject: [ GLSA 201110-06 ] PHP: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: PHP: Multiple vulnerabilities (GLSA 201110-06)
Severity: high
Exploitable: local, remote
Date: October 10, 2011
Bug(s): #306939, #332039, #340807, #350908, #355399, #358791, #358975, #369071, #372745, #373965, #380261
ID: 201110-06

Synopsis

Multiple vulnerabilities were found in PHP, the worst of which
leading to remote execution of arbitrary code.


Background

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.


Affected Packages

Package: dev-lang/php
Vulnerable: < 5.3.8
Unaffected: >= 5.3.8
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.


Impact

A context-dependent attacker could execute arbitrary code, obtain
sensitive information from process memory, bypass intended access
restrictions, or cause a Denial of Service in various ways.
A remote attacker could cause a Denial of Service in various ways,
bypass spam detections, or bypass open_basedir restrictions.


Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8"
   


References

CVE-2006-7243
CVE-2009-5016
CVE-2010-1128
CVE-2010-1129
CVE-2010-1130
CVE-2010-1860
CVE-2010-1861
CVE-2010-1862
CVE-2010-1864
CVE-2010-1866
CVE-2010-1868
CVE-2010-1914
CVE-2010-1915
CVE-2010-1917
CVE-2010-2093
CVE-2010-2094
CVE-2010-2097
CVE-2010-2100
CVE-2010-2101
CVE-2010-2190
CVE-2010-2191
CVE-2010-2225
CVE-2010-2484
CVE-2010-2531
CVE-2010-2950
CVE-2010-3062
CVE-2010-3063
CVE-2010-3064
CVE-2010-3065
CVE-2010-3436
CVE-2010-3709
CVE-2010-3709
CVE-2010-3710
CVE-2010-3710
CVE-2010-3870
CVE-2010-4150
CVE-2010-4409
CVE-2010-4645
CVE-2010-4697
CVE-2010-4698
CVE-2010-4699
CVE-2010-4700
CVE-2011-0420
CVE-2011-0421
CVE-2011-0708
CVE-2011-0752
CVE-2011-0753
CVE-2011-0755
CVE-2011-1092
CVE-2011-1148
CVE-2011-1153
CVE-2011-1464
CVE-2011-1466
CVE-2011-1467
CVE-2011-1468
CVE-2011-1469
CVE-2011-1470
CVE-2011-1471
CVE-2011-1657
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
CVE-2011-3182
CVE-2011-3189
CVE-2011-3267
CVE-2011-3268
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum