Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201209-03 ] PHP: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1571

PostPosted: Mon Sep 24, 2012 12:26 am    Post subject: [ GLSA 201209-03 ] PHP: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: PHP: Multiple vulnerabilities (GLSA 201209-03)
Severity: high
Exploitable: remote
Date: September 24, 2012
Bug(s): #384301, #396311, #396533, #399247, #399567, #399573, #401997, #410957, #414553, #421489, #427354, #429630
ID: 201209-03

Synopsis

Multiple vulnerabilities were found in PHP, the worst of which lead
to remote execution of arbitrary code.


Background

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.


Affected Packages

Package: dev-lang/php
Vulnerable: < 5.3.15
Vulnerable: < 5.4.5
Unaffected: >= 5.3.15
Unaffected: >= 5.4.5
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.


Impact

A remote attacker could execute arbitrary code with the privileges of
the process, cause a Denial of Service condition, obtain sensitive
information, create arbitrary files, conduct directory traversal attacks,
bypass protection mechanisms, or perform further attacks with unspecified
impact.


Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.15"
   
All PHP users on ARM should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.5"
   


References

CVE-2011-1398
CVE-2011-3379
CVE-2011-4566
CVE-2011-4885
CVE-2012-0057
CVE-2012-0788
CVE-2012-0789
CVE-2012-0830
CVE-2012-0831
CVE-2012-1172
CVE-2012-1823
CVE-2012-2143
CVE-2012-2311
CVE-2012-2335
CVE-2012-2336
CVE-2012-2386
CVE-2012-2688
CVE-2012-3365
CVE-2012-3450
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum