php5 - several vulnerabilities

2013-03-0500:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:

CVE-2013-1635
If a PHP application accepted untrusted SOAP object input remotely
from clients, an attacker could read system files readable for the
webserver.
CVE-2013-1643
The soap.wsdl_cache_dir function did not take PHP open_basedir
restrictions into account. Note that Debian advises against relying
on open_basedir restrictions for security.

For the stable distribution (squeeze), these problems have been fixed in
version 5.3.3-7+squeeze15.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 5.4.4-14.

We recommend that you upgrade your php5 packages.

CPENameOperatorVersion
php5eq5.3.3-7
php5eq5.3.3-7+squeeze2
php5eq5.3.3-7+squeeze14
php5eq5.3.3-7+squeeze3
php5eq5.3.3-7+squeeze1
php5eq5.3.3-7+squeeze13
php5eq5.3.3-7+squeeze6
php5eq5.3.3-7+squeeze8
php5eq5.3.3-7+squeeze9
php5eq5.3.3-7+squeeze5

Name	Operator	Version
php5	eq	5.3.3-7
php5	eq	5.3.3-7+squeeze2
php5	eq	5.3.3-7+squeeze14
php5	eq	5.3.3-7+squeeze3
php5	eq	5.3.3-7+squeeze1
php5	eq	5.3.3-7+squeeze13
php5	eq	5.3.3-7+squeeze6
php5	eq	5.3.3-7+squeeze8
php5	eq	5.3.3-7+squeeze9
php5	eq	5.3.3-7+squeeze5