Bugtraq mailing list archives
[ GLSA 201110-06 ] PHP: Multiple vulnerabilities
From: Tobias Heinlein <keytoaster () gentoo org>
Date: Tue, 11 Oct 2011 00:00:19 +0200
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: PHP: Multiple vulnerabilities
Date: October 10, 2011
Bugs: #306939, #332039, #340807, #350908, #355399, #358791,
#358975, #369071, #372745, #373965, #380261
ID: 201110-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities were found in PHP, the worst of which leading
to remote execution of arbitrary code.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/php < 5.3.8 >= 5.3.8
Description
===========
Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.
Impact
======
A context-dependent attacker could execute arbitrary code, obtain
sensitive information from process memory, bypass intended access
restrictions, or cause a Denial of Service in various ways.
A remote attacker could cause a Denial of Service in various ways,
bypass spam detections, or bypass open_basedir restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8"
References
==========
[ 1 ] CVE-2006-7243
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243
[ 2 ] CVE-2009-5016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016
[ 3 ] CVE-2010-1128
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128
[ 4 ] CVE-2010-1129
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129
[ 5 ] CVE-2010-1130
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130
[ 6 ] CVE-2010-1860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860
[ 7 ] CVE-2010-1861
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861
[ 8 ] CVE-2010-1862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862
[ 9 ] CVE-2010-1864
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864
[ 10 ] CVE-2010-1866
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866
[ 11 ] CVE-2010-1868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868
[ 12 ] CVE-2010-1914
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914
[ 13 ] CVE-2010-1915
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915
[ 14 ] CVE-2010-1917
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917
[ 15 ] CVE-2010-2093
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093
[ 16 ] CVE-2010-2094
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094
[ 17 ] CVE-2010-2097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097
[ 18 ] CVE-2010-2100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100
[ 19 ] CVE-2010-2101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101
[ 20 ] CVE-2010-2190
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190
[ 21 ] CVE-2010-2191
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191
[ 22 ] CVE-2010-2225
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225
[ 23 ] CVE-2010-2484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484
[ 24 ] CVE-2010-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531
[ 25 ] CVE-2010-2950
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950
[ 26 ] CVE-2010-3062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062
[ 27 ] CVE-2010-3063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063
[ 28 ] CVE-2010-3064
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064
[ 29 ] CVE-2010-3065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065
[ 30 ] CVE-2010-3436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436
[ 31 ] CVE-2010-3709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709
[ 32 ] CVE-2010-3709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709
[ 33 ] CVE-2010-3710
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710
[ 34 ] CVE-2010-3710
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710
[ 35 ] CVE-2010-3870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870
[ 36 ] CVE-2010-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150
[ 37 ] CVE-2010-4409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409
[ 38 ] CVE-2010-4645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645
[ 39 ] CVE-2010-4697
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4697
[ 40 ] CVE-2010-4698
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4698
[ 41 ] CVE-2010-4699
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4699
[ 42 ] CVE-2010-4700
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4700
[ 43 ] CVE-2011-0420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0420
[ 44 ] CVE-2011-0421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0421
[ 45 ] CVE-2011-0708
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0708
[ 46 ] CVE-2011-0752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0752
[ 47 ] CVE-2011-0753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0753
[ 48 ] CVE-2011-0755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0755
[ 49 ] CVE-2011-1092
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1092
[ 50 ] CVE-2011-1148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148
[ 51 ] CVE-2011-1153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1153
[ 52 ] CVE-2011-1464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1464
[ 53 ] CVE-2011-1466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1466
[ 54 ] CVE-2011-1467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1467
[ 55 ] CVE-2011-1468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1468
[ 56 ] CVE-2011-1469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1469
[ 57 ] CVE-2011-1470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1470
[ 58 ] CVE-2011-1471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1471
[ 59 ] CVE-2011-1657
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1657
[ 60 ] CVE-2011-1938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1938
[ 61 ] CVE-2011-2202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2202
[ 62 ] CVE-2011-2483
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483
[ 63 ] CVE-2011-3182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3182
[ 64 ] CVE-2011-3189
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3189
[ 65 ] CVE-2011-3267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3267
[ 66 ] CVE-2011-3268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3268
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- [ GLSA 201110-06 ] PHP: Multiple vulnerabilities Tobias Heinlein (Oct 11)