php5 - code injection

2012-02-0600:00:00

Google

osv.dev

JSON

Stefan Esser discovered that the implementation of the max_input_vars
configuration variable in a recent PHP security update was flawed such
that it allows remote attackers to crash PHP or potentially execute
code.

For the oldstable distribution (lenny), this problem has been fixed in
version 5.2.6.dfsg.1-1+lenny16.

For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze7.

For the unstable distribution (sid), this problem has been fixed in
version 5.3.10-1.

We recommend that you upgrade your php5 packages.

CPENameOperatorVersion
php5eq5.2.6.dfsg.1-1+lenny10
php5eq5.2.6.dfsg.1-1+lenny11
php5eq5.2.6.dfsg.1-1+lenny12
php5eq5.2.6.dfsg.1-1+lenny13
php5eq5.2.6.dfsg.1-1+lenny14
php5eq5.2.6.dfsg.1-1+lenny15
php5eq5.2.6.dfsg.1-1+lenny2
php5eq5.2.6.dfsg.1-1+lenny3
php5eq5.2.6.dfsg.1-1+lenny4
php5eq5.2.6.dfsg.1-1+lenny6

Name	Operator	Version
php5	eq	5.2.6.dfsg.1-1+lenny10
php5	eq	5.2.6.dfsg.1-1+lenny11
php5	eq	5.2.6.dfsg.1-1+lenny12
php5	eq	5.2.6.dfsg.1-1+lenny13
php5	eq	5.2.6.dfsg.1-1+lenny14
php5	eq	5.2.6.dfsg.1-1+lenny15
php5	eq	5.2.6.dfsg.1-1+lenny2
php5	eq	5.2.6.dfsg.1-1+lenny3
php5	eq	5.2.6.dfsg.1-1+lenny4
php5	eq	5.2.6.dfsg.1-1+lenny6

Rows per page:

1-10 of 121

References

www.debian.org/security/2012/dsa-2403

JSON