[ GLSA 201110-06 ] PHP: Multiple vulnerabilities

2011-10-12T00:00:00
ID SECURITYVULNS:DOC:27147
Type securityvulns
Reporter Securityvulns
Modified 2011-10-12T00:00:00

Description


Gentoo Linux Security Advisory GLSA 201110-06


                                        http://security.gentoo.org/

Severity: High Title: PHP: Multiple vulnerabilities Date: October 10, 2011 Bugs: #306939, #332039, #340807, #350908, #355399, #358791, #358975, #369071, #372745, #373965, #380261 ID: 201110-06


Synopsis

Multiple vulnerabilities were found in PHP, the worst of which leading to remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 5.3.8 >= 5.3.8

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways.

A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8"

References

[ 1 ] CVE-2006-7243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243 [ 2 ] CVE-2009-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016 [ 3 ] CVE-2010-1128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128 [ 4 ] CVE-2010-1129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129 [ 5 ] CVE-2010-1130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130 [ 6 ] CVE-2010-1860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860 [ 7 ] CVE-2010-1861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861 [ 8 ] CVE-2010-1862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862 [ 9 ] CVE-2010-1864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864 [ 10 ] CVE-2010-1866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866 [ 11 ] CVE-2010-1868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868 [ 12 ] CVE-2010-1914 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914 [ 13 ] CVE-2010-1915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915 [ 14 ] CVE-2010-1917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917 [ 15 ] CVE-2010-2093 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093 [ 16 ] CVE-2010-2094 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094 [ 17 ] CVE-2010-2097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097 [ 18 ] CVE-2010-2100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100 [ 19 ] CVE-2010-2101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101 [ 20 ] CVE-2010-2190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190 [ 21 ] CVE-2010-2191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191 [ 22 ] CVE-2010-2225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225 [ 23 ] CVE-2010-2484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484 [ 24 ] CVE-2010-2531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531 [ 25 ] CVE-2010-2950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950 [ 26 ] CVE-2010-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062 [ 27 ] CVE-2010-3063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063 [ 28 ] CVE-2010-3064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064 [ 29 ] CVE-2010-3065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065 [ 30 ] CVE-2010-3436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436 [ 31 ] CVE-2010-3709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709 [ 32 ] CVE-2010-3709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709 [ 33 ] CVE-2010-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710 [ 34 ] CVE-2010-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710 [ 35 ] CVE-2010-3870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870 [ 36 ] CVE-2010-4150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150 [ 37 ] CVE-2010-4409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409 [ 38 ] CVE-2010-4645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645 [ 39 ] CVE-2010-4697 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4697 [ 40 ] CVE-2010-4698 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4698 [ 41 ] CVE-2010-4699 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4699 [ 42 ] CVE-2010-4700 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4700 [ 43 ] CVE-2011-0420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0420 [ 44 ] CVE-2011-0421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0421 [ 45 ] CVE-2011-0708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0708 [ 46 ] CVE-2011-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0752 [ 47 ] CVE-2011-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0753 [ 48 ] CVE-2011-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0755 [ 49 ] CVE-2011-1092 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1092 [ 50 ] CVE-2011-1148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148 [ 51 ] CVE-2011-1153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1153 [ 52 ] CVE-2011-1464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1464 [ 53 ] CVE-2011-1466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1466 [ 54 ] CVE-2011-1467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1467 [ 55 ] CVE-2011-1468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1468 [ 56 ] CVE-2011-1469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1469 [ 57 ] CVE-2011-1470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1470 [ 58 ] CVE-2011-1471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1471 [ 59 ] CVE-2011-1657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1657 [ 60 ] CVE-2011-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1938 [ 61 ] CVE-2011-2202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2202 [ 62 ] CVE-2011-2483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483 [ 63 ] CVE-2011-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3182 [ 64 ] CVE-2011-3189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3189 [ 65 ] CVE-2011-3267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3267 [ 66 ] CVE-2011-3268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3268

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5