The RedHat Update for php53 and php RHSA-2012:0019-01 addresses predictable hash collisions and integer overflow vulnerabilities
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OpenVAS | Amazon Linux: Security Advisory (ALAS-2012-37) | 8 Sep 201500:00 | – | openvas |
OpenVAS | Fedora Update for maniadrive FEDORA-2012-0504 | 2 Apr 201200:00 | – | openvas |
OpenVAS | Oracle: Security Advisory (ELSA-2012-0019) | 6 Oct 201500:00 | – | openvas |
OpenVAS | CentOS Update for php CESA-2012:0019 centos6 | 30 Jul 201200:00 | – | openvas |
OpenVAS | RedHat Update for php53 and php RHSA-2012:0019-01 | 13 Jan 201200:00 | – | openvas |
OpenVAS | CentOS Update for php53 CESA-2012:0019 centos5 | 30 Jul 201200:00 | – | openvas |
OpenVAS | Fedora Update for maniadrive FEDORA-2012-0420 | 1 Feb 201200:00 | – | openvas |
OpenVAS | Fedora Update for php FEDORA-2012-0504 | 2 Apr 201200:00 | – | openvas |
OpenVAS | Fedora Update for maniadrive FEDORA-2012-0504 | 2 Apr 201200:00 | – | openvas |
OpenVAS | Fedora Update for php-eaccelerator FEDORA-2012-0420 | 1 Feb 201200:00 | – | openvas |
Source | Link |
---|---|
redhat | www.redhat.com/archives/rhsa-announce/2012-January/msg00007.html |
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2012-January/msg00007.html");
script_oid("1.3.6.1.4.1.25623.1.0.870529");
script_version("2024-03-21T05:06:54+0000");
script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
script_tag(name:"creation_date", value:"2012-01-13 10:45:38 +0530 (Fri, 13 Jan 2012)");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:P");
script_xref(name:"RHSA", value:"2012:0019-01");
script_cve_id("CVE-2011-4566", "CVE-2011-4885");
script_name("RedHat Update for php53 and php RHSA-2012:0019-01");
script_tag(name:"summary", value:"The remote host is missing an update for the 'php53 and php'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_5");
script_tag(name:"affected", value:"php53 and php on Red Hat Enterprise Linux (v. 5 server)");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
It was found that the hashing routine used by PHP arrays was susceptible
to predictable hash collisions. If an HTTP POST request to a PHP
application contained many parameters whose names map to the same hash
value, a large amount of CPU time would be consumed. This flaw has been
mitigated by adding a new configuration directive, max_input_vars, that
limits the maximum number of parameters processed per request. By
default, max_input_vars is set to 1000. (CVE-2011-4885)
An integer overflow flaw was found in the PHP exif extension. On 32-bit
systems, a specially-crafted image file could cause the PHP interpreter to
crash or disclose portions of its memory when a PHP script tries to extract
Exchangeable image file format (Exif) metadata from the image file.
(CVE-2011-4566)
Red Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT
acknowledges Julian Wlde and Alexander Klink as the original reporters of
CVE-2011-4885.
All php53 and php users should upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to take
effect.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"php53", rpm:"php53~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-bcmath", rpm:"php53-bcmath~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-cli", rpm:"php53-cli~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-common", rpm:"php53-common~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-dba", rpm:"php53-dba~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-debuginfo", rpm:"php53-debuginfo~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-devel", rpm:"php53-devel~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-gd", rpm:"php53-gd~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-imap", rpm:"php53-imap~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-intl", rpm:"php53-intl~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-ldap", rpm:"php53-ldap~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-mbstring", rpm:"php53-mbstring~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-mysql", rpm:"php53-mysql~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-odbc", rpm:"php53-odbc~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-pdo", rpm:"php53-pdo~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-pgsql", rpm:"php53-pgsql~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-process", rpm:"php53-process~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-pspell", rpm:"php53-pspell~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-snmp", rpm:"php53-snmp~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-soap", rpm:"php53-soap~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-xml", rpm:"php53-xml~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-xmlrpc", rpm:"php53-xmlrpc~5.3.3~1.el5_7.5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo