[ GLSA 201110-06 ] PHP: Multiple vulnerabilities

[GLSA]

Gentoo Linux Security Advisory

Title: PHP: Multiple vulnerabilities (GLSA 201110-06)
Severity: high
Exploitable: local, remote
Date: October 10, 2011
Bug(s): #306939, #332039, #340807, #350908, #355399, #358791, #358975, #369071, #372745, #373965, #380261
ID: 201110-06

Synopsis

Multiple vulnerabilities were found in PHP, the worst of which
leading to remote execution of arbitrary code.


Background

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.


Affected Packages

Package: dev-lang/php
Vulnerable: < 5.3.8
Unaffected: >= 5.3.8
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.


Impact

A context-dependent attacker could execute arbitrary code, obtain
sensitive information from process memory, bypass intended access
restrictions, or cause a Denial of Service in various ways.
A remote attacker could cause a Denial of Service in various ways,
bypass spam detections, or bypass open_basedir restrictions.


Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version: