View previous topic :: View next topic |
Author |
Message |
GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Sep 24, 2012 12:26 am Post subject: [ GLSA 201209-03 ] PHP: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: PHP: Multiple vulnerabilities (GLSA 201209-03)
Severity: high
Exploitable: remote
Date: September 24, 2012
Bug(s): #384301, #396311, #396533, #399247, #399567, #399573, #401997, #410957, #414553, #421489, #427354, #429630
ID: 201209-03
Synopsis
Multiple vulnerabilities were found in PHP, the worst of which lead
to remote execution of arbitrary code.
Background
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Affected Packages
Package: dev-lang/php
Vulnerable: < 5.3.15
Vulnerable: < 5.4.5
Unaffected: >= 5.3.15
Unaffected: >= 5.4.5
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.
Impact
A remote attacker could execute arbitrary code with the privileges of
the process, cause a Denial of Service condition, obtain sensitive
information, create arbitrary files, conduct directory traversal attacks,
bypass protection mechanisms, or perform further attacks with unspecified
impact.
Workaround
There is no known workaround at this time.
Resolution
All PHP users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.15"
| All PHP users on ARM should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.5"
|
References
CVE-2011-1398
CVE-2011-3379
CVE-2011-4566
CVE-2011-4885
CVE-2012-0057
CVE-2012-0788
CVE-2012-0789
CVE-2012-0830
CVE-2012-0831
CVE-2012-1172
CVE-2012-1823
CVE-2012-2143
CVE-2012-2311
CVE-2012-2335
CVE-2012-2336
CVE-2012-2386
CVE-2012-2688
CVE-2012-3365
CVE-2012-3450 |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|