5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.198 Low
EPSS
Percentile
96.2%
Debian Security Advisory DSA-2408-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2012 http://www.debian.org/security/faq
Package : php5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1072 CVE-2011-4153 CVE-2012-0781 CVE-2012-0788
CVE-2012-0831
Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:
CVE-2011-1072
It was discoverd that insecure handling of temporary files in the PEAR
installer could lead to denial of service.
CVE-2011-4153
Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the zend_strndup() function could lead to denial of service.
CVE-2012-0781
Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the tidy_diagnose() function could lead to denial of service.
CVE-2012-0788
It was discovered that missing checks in the handling of PDORow
objects could lead to denial of service.
CVE-2012-0831
It was discovered that the magic_quotes_gpc setting could be disabled
remotely
This update also addresses PHP bugs, which are not treated as security issues
in Debian (see README.Debian.security), but which were fixed nonetheless:
CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467
CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182
CVE-2011-3267
For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze8.
For the unstable distribution (sid), this problem has been fixed in
version 5.3.10-1.
We recommend that you upgrade your php5 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | sparc | php5-interbase | < 5.3.3-7+squeeze8 | php5-interbase_5.3.3-7+squeeze8_sparc.deb |
Debian | 6 | s390 | php5-gd | < 5.3.3-7+squeeze8 | php5-gd_5.3.3-7+squeeze8_s390.deb |
Debian | 6 | amd64 | php5-odbc | < 5.3.3-7+squeeze8 | php5-odbc_5.3.3-7+squeeze8_amd64.deb |
Debian | 6 | kfreebsd-i386 | php5-pspell | < 5.3.3-7+squeeze8 | php5-pspell_5.3.3-7+squeeze8_kfreebsd-i386.deb |
Debian | 6 | sparc | php5-tidy | < 5.3.3-7+squeeze8 | php5-tidy_5.3.3-7+squeeze8_sparc.deb |
Debian | 6 | i386 | php5-xsl | < 5.3.3-7+squeeze8 | php5-xsl_5.3.3-7+squeeze8_i386.deb |
Debian | 6 | kfreebsd-i386 | php5-ldap | < 5.3.3-7+squeeze8 | php5-ldap_5.3.3-7+squeeze8_kfreebsd-i386.deb |
Debian | 6 | s390 | php5-tidy | < 5.3.3-7+squeeze8 | php5-tidy_5.3.3-7+squeeze8_s390.deb |
Debian | 6 | s390 | php5-recode | < 5.3.3-7+squeeze8 | php5-recode_5.3.3-7+squeeze8_s390.deb |
Debian | 6 | armel | php5-dev | < 5.3.3-7+squeeze8 | php5-dev_5.3.3-7+squeeze8_armel.deb |