Lucene search

K
centosCentOS ProjectCESA-2006:0730-01
HistoryNov 07, 2006 - 10:35 p.m.

php security update

2006-11-0722:35:30
CentOS Project
lists.centos.org
45

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.492 Medium

EPSS

Percentile

97.4%

CentOS Errata and Security Advisory CESA-2006:0730-01

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

The Hardened-PHP Project discovered an overflow in the PHP htmlentities()
and htmlspecialchars() routines. If a PHP script used the vulnerable
functions to parse UTF-8 data, a remote attacker sending a carefully
crafted request could trigger the overflow and potentially execute
arbitrary code as the ‘apache’ user. (CVE-2006-5465)

Users of PHP should upgrade to these updated packages which contain a
backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-November/075517.html

Affected packages:
php
php-devel
php-imap
php-ldap
php-manual
php-mysql
php-odbc
php-pgsql

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.492 Medium

EPSS

Percentile

97.4%