Lucene search
RedHatRHSA-2014:0312HistoryMar 18, 2014 - 12:00 a.m.
(RHSA-2014:0312) Critical: php security update
2014-03-1800:00:00
access.redhat.com
37
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.5%
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A buffer overflow flaw was found in the way PHP parsed floating point
numbers from their text representation. If a PHP application converted
untrusted input strings to numbers, an attacker able to provide such input
could cause the application to crash or, possibly, execute arbitrary code
with the privileges of the application. (CVE-2009-0689)
All php users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 5 | src | php | < 5.1.6-40.el5_9.2 | php-5.1.6-40.el5_9.2.src.rpm |
| RedHat | 5 | s390x | php-pdo | < 5.1.6-40.el5_9.2 | php-pdo-5.1.6-40.el5_9.2.s390x.rpm |
| RedHat | 5 | s390x | php-mbstring | < 5.1.6-40.el5_9.2 | php-mbstring-5.1.6-40.el5_9.2.s390x.rpm |
| RedHat | 5 | ppc | php-common | < 5.1.6-40.el5_9.2 | php-common-5.1.6-40.el5_9.2.ppc.rpm |
| RedHat | 5 | ia64 | php | < 5.1.6-27.el5_6.7 | php-5.1.6-27.el5_6.7.ia64.rpm |
| RedHat | 5 | x86_64 | php-mbstring | < 5.1.6-27.el5_6.7 | php-mbstring-5.1.6-27.el5_6.7.x86_64.rpm |
| RedHat | 5 | i386 | php-ldap | < 5.1.6-40.el5_9.2 | php-ldap-5.1.6-40.el5_9.2.i386.rpm |
| RedHat | 5 | x86_64 | php-bcmath | < 5.1.6-40.el5_9.2 | php-bcmath-5.1.6-40.el5_9.2.x86_64.rpm |
| RedHat | 5 | ppc | php-bcmath | < 5.1.6-40.el5_9.2 | php-bcmath-5.1.6-40.el5_9.2.ppc.rpm |
| RedHat | 5 | ppc | php-gd | < 5.1.6-40.el5_9.2 | php-gd-5.1.6-40.el5_9.2.ppc.rpm |
Related
nessus
nessus
openSUSE Security Update : opera (opera-1599)
2009-11-30 00:00:00
Debian DLA-376-1 : mono security update
2016-01-04 00:00:00
securityvulns
securityvulns
MacOS X 10.5/10.6 libc/strtod(3) buffer overflow
2010-01-08 00:00:00
Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)
2009-12-15 00:00:00
Sun Solaris 10 libc/*convert (*cvt) buffer overflow
2010-05-27 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: mono-4.0.5-2.fc23
2015-12-29 22:26:22
[SECURITY] Fedora 11 Update: seamonkey-1.1.19-1.fc11
2010-04-21 21:53:31
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:58:49
threatpost
threatpost
'High Risk' Flaw Fixed in Google Chrome
2009-10-06 22:32:02
cve
cve
CVE-2009-0689
2009-07-01 13:00:00
CVE-2009-1563
2009-10-29 14:30:00
openvas
openvas
SLES11: Security update for kdelibs3
2009-12-14 00:00:00
Debian: Security Advisory (DLA-376-1)
2023-03-08 00:00:00
CentOS Update for kdelibs CESA-2009:1601 centos4 i386
2011-08-09 00:00:00
debian
debian
[SECURITY] [DLA 376-1] mono security update
2015-12-30 11:29:31
[SECURITY] [DSA 1998-1] New kdelibs packages fix arbitrary code execution
2010-02-17 18:25:18
[Backports-security-announce] Security Update for nsrp
2010-07-21 08:26:53
seebug
seebug
多个BSD系统gdtoa/misc.c文件内存破坏漏洞
2009-06-30 00:00:00
Sun Solaris多个libc库数字转换函数缓冲区溢出漏洞
2010-05-25 00:00:00
KDE KDELibs 'dtoa()'远程代码执行漏洞
2009-11-24 00:00:00
prion
prion
Heap overflow
2009-07-01 13:00:00
redhat
redhat
(RHSA-2009:1601) Critical: kdelibs security update
2009-11-24 00:00:00
(RHSA-2014:0311) Critical: php security update
2014-03-18 00:00:00
(RHSA-2009:1531) Critical: seamonkey security update
2009-10-27 00:00:00
packetstorm
packetstorm
Flock 2.5.2 Remote Array Overrun
2009-12-12 00:00:00
J 6.02.023 Array Overrun
2010-01-09 00:00:00
Matlab R2009b Array Overrun
2010-01-09 00:00:00
opera
opera
Heap buffer overflow in string to number conversion
2009-11-20 00:00:00
debiancve
debiancve
CVE-2009-0689
2009-07-01 13:00:00
osv
osv
mono - security update
2018-11-01 00:00:00
mono - security update
2015-12-30 00:00:00
kdelibs - arbitrary code execution
2010-02-17 00:00:00
mageia
mageia
Updated mono packages fix security vulnerability
2016-01-14 04:44:39
centos
centos
kdelibs security update
2009-11-25 14:52:10
php security update
2014-03-19 01:15:26
seamonkey security update
2009-10-28 13:15:48
oraclelinux
oraclelinux
kdelibs security update
2009-11-24 00:00:00
php security update
2014-03-18 00:00:00
chrome
chrome
Stable Channel Update
2009-09-30 00:00:00
ubuntu
ubuntu
KDE vulnerabilities
2009-12-11 00:00:00
Thunderbird vulnerabilities
2010-03-18 00:00:00
exploitpack
exploitpack
Sunbird 0.9 - Array Overrun Code Execution
2009-12-11 00:00:00
Opera 10.01 - Remote Array Overrun
2009-11-19 00:00:00
SeaMonkey 1.1.8 - Remote Array Overrun
2009-11-19 00:00:00
mozilla
mozilla
Heap buffer overflow in string to number conversion — Mozilla
2009-10-27 00:00:00
freebsd
freebsd
mono -- DoS and code execution
2015-12-19 00:00:00
opera -- multiple vulnerabilities
2009-11-23 00:00:00
mozilla -- multiple vulnerabilities
2010-03-16 00:00:00
exploitdb
exploitdb
Sunbird 0.9 - Array Overrun Code Execution
2009-12-11 00:00:00
K-Meleon 1.5.3 - Remote Array Overrun
2009-11-19 00:00:00
Opera 10.01 - Remote Array Overrun
2009-11-19 00:00:00
hackerone
hackerone
Ruby: Ruby: Heap Overflow in Floating Point Parsing
2013-11-22 00:00:00
ubuntucve
ubuntucve
CVE-2009-0689
2009-07-01 00:00:00
suse
suse
Security update for ruby (critical)
2013-12-05 18:04:15
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.5%
Related for RHSA-2014:0312