Home page logo
/

bugtraq logo Bugtraq mailing list archives

[ GLSA 201110-06 ] PHP: Multiple vulnerabilities
From: Tobias Heinlein <keytoaster () gentoo org>
Date: Tue, 11 Oct 2011 00:00:19 +0200

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201110-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: PHP: Multiple vulnerabilities
     Date: October 10, 2011
     Bugs: #306939, #332039, #340807, #350908, #355399, #358791,
           #358975, #369071, #372745, #373965, #380261
       ID: 201110-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities were found in PHP, the worst of which leading
to remote execution of arbitrary code.

Background
==========

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-lang/php                 < 5.3.8                    >= 5.3.8

Description
===========

Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.

Impact
======

A context-dependent attacker could execute arbitrary code, obtain
sensitive information from process memory, bypass intended access
restrictions, or cause a Denial of Service in various ways.

A remote attacker could cause a Denial of Service in various ways,
bypass spam detections, or bypass open_basedir restrictions.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All PHP users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8"

References
==========

[  1 ] CVE-2006-7243
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243
[  2 ] CVE-2009-5016
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016
[  3 ] CVE-2010-1128
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128
[  4 ] CVE-2010-1129
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129
[  5 ] CVE-2010-1130
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130
[  6 ] CVE-2010-1860
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860
[  7 ] CVE-2010-1861
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861
[  8 ] CVE-2010-1862
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862
[  9 ] CVE-2010-1864
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864
[ 10 ] CVE-2010-1866
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866
[ 11 ] CVE-2010-1868
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868
[ 12 ] CVE-2010-1914
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914
[ 13 ] CVE-2010-1915
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915
[ 14 ] CVE-2010-1917
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917
[ 15 ] CVE-2010-2093
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093
[ 16 ] CVE-2010-2094
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094
[ 17 ] CVE-2010-2097
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097
[ 18 ] CVE-2010-2100
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100
[ 19 ] CVE-2010-2101
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101
[ 20 ] CVE-2010-2190
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190
[ 21 ] CVE-2010-2191
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191
[ 22 ] CVE-2010-2225
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225
[ 23 ] CVE-2010-2484
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484
[ 24 ] CVE-2010-2531
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531
[ 25 ] CVE-2010-2950
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950
[ 26 ] CVE-2010-3062
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062
[ 27 ] CVE-2010-3063
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063
[ 28 ] CVE-2010-3064
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064
[ 29 ] CVE-2010-3065
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065
[ 30 ] CVE-2010-3436
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436
[ 31 ] CVE-2010-3709
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709
[ 32 ] CVE-2010-3709
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709
[ 33 ] CVE-2010-3710
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710
[ 34 ] CVE-2010-3710
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710
[ 35 ] CVE-2010-3870
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870
[ 36 ] CVE-2010-4150
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150
[ 37 ] CVE-2010-4409
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409
[ 38 ] CVE-2010-4645
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645
[ 39 ] CVE-2010-4697
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4697
[ 40 ] CVE-2010-4698
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4698
[ 41 ] CVE-2010-4699
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4699
[ 42 ] CVE-2010-4700
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4700
[ 43 ] CVE-2011-0420
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0420
[ 44 ] CVE-2011-0421
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0421
[ 45 ] CVE-2011-0708
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0708
[ 46 ] CVE-2011-0752
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0752
[ 47 ] CVE-2011-0753
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0753
[ 48 ] CVE-2011-0755
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0755
[ 49 ] CVE-2011-1092
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1092
[ 50 ] CVE-2011-1148
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148
[ 51 ] CVE-2011-1153
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1153
[ 52 ] CVE-2011-1464
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1464
[ 53 ] CVE-2011-1466
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1466
[ 54 ] CVE-2011-1467
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1467
[ 55 ] CVE-2011-1468
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1468
[ 56 ] CVE-2011-1469
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1469
[ 57 ] CVE-2011-1470
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1470
[ 58 ] CVE-2011-1471
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1471
[ 59 ] CVE-2011-1657
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1657
[ 60 ] CVE-2011-1938
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1938
[ 61 ] CVE-2011-2202
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2202
[ 62 ] CVE-2011-2483
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483
[ 63 ] CVE-2011-3182
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3182
[ 64 ] CVE-2011-3189
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3189
[ 65 ] CVE-2011-3267
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3267
[ 66 ] CVE-2011-3268
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3268

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201110-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Attachment: signature.asc
Description: OpenPGP digital signature


  By Date           By Thread  

Current thread:
  • [ GLSA 201110-06 ] PHP: Multiple vulnerabilities Tobias Heinlein (Oct 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault