Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2012-041-02
HistoryFeb 10, 2012 - 5:44 p.m.

[slackware-security] php

2012-02-1017:44:15
Slackware Linux Project
www.slackware.com
16

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.879 High

EPSS

Percentile

98.6%

JSON

New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
13.37, and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:

patches/packages/php-5.3.10-i486-1_slack13.37.txz: Upgraded.
Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830. (Stas, Dmitry)
For more information, see:
https://vulners.com/cve/CVE-2012-0830
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the โ€œGet Slackโ€ section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.3.10-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.10-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.10-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.10-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.10-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.10-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.10-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.10-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.10-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.3.10-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.3.10-x86_64-1.txz

MD5 signatures:

Slackware 12.0 package:
bf5512a57e0e7ba3c9d836636f056036 php-5.3.10-i486-1_slack12.0.tgz

Slackware 12.1 package:
474400e31f8701a07aa97aeee956226e php-5.3.10-i486-1_slack12.1.tgz

Slackware 12.2 package:
f359c739e8db9130806c3cb256990804 php-5.3.10-i486-1_slack12.2.tgz

Slackware 13.0 package:
5b38767541b0367dd64539537ca3cfc5 php-5.3.10-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
bcccb9fdde0e548d999447b352f4b322 php-5.3.10-x86_64-1_slack13.0.txz

Slackware 13.1 package:
7bdee84117e3cd1ac8e6087d9c936355 php-5.3.10-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
2d05770a236fdc52754e1ba9d657d6d7 php-5.3.10-x86_64-1_slack13.1.txz

Slackware 13.37 package:
7555e89aa4dc5a6b68c2fcfd1b8a6dc3 php-5.3.10-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
cf6a47e0046b13b2adba13466b3b5e7e php-5.3.10-x86_64-1_slack13.37.txz

Slackware -current package:
1191d7d49f21f0dba3c4f35cc19e6b88 n/php-5.3.10-i486-1.txz

Slackware x86_64 -current package:
25a12f2407be6f03ff1dc50ad1b3c80b n/php-5.3.10-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg php-5.3.10-i486-1_slack13.37.txz

Then, restart the httpd daemon.

Related

checkpoint_advisories 2
nessus 26
oraclelinux 3
openvas 52
debian 2
freebsd 1
fedora 6
ubuntucve 1
cve 1
amazon 1
redhat 2
prion 1
seebug 1
centos 2
veracode 1
securityvulns 5
ubuntu 2
suse 4
f5 2
gentoo 1
checkpoint_advisories
checkpoint_advisories
PHP php_register_variable_ex Function Code Execution (CVE-2012-0830)
2012-05-14 00:00:00
PHP php_register_variable_ex Function Code Execution - Improved performance (CVE-2012-0830)
2013-03-21 00:00:00
nessus
nessus
Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2012-041-02)
2012-02-13 00:00:00
Debian DSA-2403-2 : php5 - code injection
2012-02-03 00:00:00
FreeBSD : php -- arbitrary remote code execution vulnerability (3fd040be-4f0b-11e1-9e32-0025900931f8)
2012-02-06 00:00:00
oraclelinux
oraclelinux
php security update
2012-02-02 00:00:00
php53 security update
2012-02-02 00:00:00
php security update
2012-06-29 00:00:00
openvas
openvas
Slackware Advisory SSA:2012-041-02 php
2012-09-10 00:00:00
Debian Security Advisory DSA 2403-1 (php5)
2012-02-12 00:00:00
Oracle: Security Advisory (ELSA-2012-0093)
2015-10-06 00:00:00
debian
debian
[SECURITY] [DSA 2403-1] php5 security update
2012-02-02 21:29:48
[SECURITY] [DSA 2403-2] php5 security update
2012-02-06 19:21:50
freebsd
freebsd
php -- arbitrary remote code execution vulnerability
2012-02-02 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16.2
2012-02-08 22:56:30
[SECURITY] Fedora 15 Update: maniadrive-1.2-32.fc15.2
2012-02-14 09:05:18
[SECURITY] Fedora 15 Update: php-eaccelerator-0.9.6.1-9.fc15.2
2012-02-14 09:05:18
ubuntucve
ubuntucve
CVE-2012-0830
2012-02-06 00:00:00
cve
cve
CVE-2012-0830
2012-02-06 20:55:00
amazon
amazon
Critical: php
2012-02-02 16:10:00
redhat
redhat
(RHSA-2012:0093) Critical: php security update
2012-02-02 00:00:00
(RHSA-2012:0092) Critical: php53 security update
2012-02-02 00:00:00
prion
prion
Design/Logic Flaw
2012-02-06 20:55:00
seebug
seebug
PHP "php_register_variable_ex()"ๅ‡ฝๆ•ฐไปปๆ„ไปฃ็ ๆ‰ง่กŒๆผๆดž(CVE-2012-0830)
2012-02-03 00:00:00
centos
centos
php security update
2012-02-03 01:41:17
php53 security update
2012-02-03 01:43:26
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 01:10:12
securityvulns
securityvulns
PHP security vulnerabilities
2012-02-08 00:00:00
[ MDVSA-2012:065 ] php
2012-05-01 00:00:00
PHP multiple security vulnerabilities
2012-05-24 00:00:00
ubuntu
ubuntu
PHP regression
2012-02-13 00:00:00
PHP vulnerabilities
2012-02-10 00:00:00
suse
suse
Security update for PHP5 (important)
2012-03-24 03:08:28
update for php5 (important)
2012-03-29 15:08:14
Security update for PHP5 (important)
2012-04-12 23:08:15
f5
f5
K13519 : Multiple PHP vulnerabilities
2013-09-20 00:00:00
SOL13519 - Multiple PHP vulnerabilities
2012-04-04 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2012-09-24 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.879 High

EPSS

Percentile

98.6%

JSON
Related for SSA-2012-041-02
checkpoint_advisories2nessus26oraclelinux3openvas52debian2freebsd1fedora6ubuntucve1cve1amazon1redhat2prion1seebug1centos2veracode1securityvulns5ubuntu2suse4f52gentoo1