Lucene search

K
suseSuseSUSE-SU-2012:0411-1
HistoryMar 24, 2012 - 3:08 a.m.

Security update for PHP5 (important)

2012-03-2403:08:28
lists.opensuse.org
28

EPSS

0.888

Percentile

98.8%

This update of php5 fixes multiple security flaws:

  • CVE-2011-4153, missing checks of return values could
    allow remote attackers to cause a denial of service (NULL
    pointer dereference)
  • CVE-2011-4885, denial of service via hash collisions
  • CVE-2012-0057, specially crafted XSLT stylesheets
    could allow remote attackers to create arbitrary files with
    arbitrary content
  • CVE-2012-0781, remote attackers can cause a denial of
    service via specially crafted input to an application that
    attempts to perform Tidy::diagnose operations
  • CVE-2012-0788, applications that use a PDO driver
    were prone to denial of service flaws which could be
    exploited remotely
  • CVE-2012-0789, memory leak in the timezone
    functionality could allow remote attackers to cause a
    denial of service (memory consumption)
  • CVE-2012-0807, a stack based buffer overflow in
    php5’s Suhosin extension could allow remote attackers to
    execute arbitrary code via a long string that is used in a
    Set-Cookie HTTP header
  • CVE-2012-0830, this fixes an incorrect fix for
    CVE-2011-4885 which could allow remote attackers to execute
    arbitrary code via a request containing a large number of
    variables
  • CVE-2012-0831, temporary changes to the
    magic_quotes_gpc directive during the importing of
    environment variables is not properly performed which makes
    it easier for remote attackers to conduct SQL injections