Lucene search
SuseSUSE-SU-2012:0411-1HistoryMar 24, 2012 - 3:08 a.m.
Security update for PHP5 (important)
2012-03-2403:08:28
lists.opensuse.org
15
0.894 High
EPSS
Percentile
98.5%
This update of php5 fixes multiple security flaws:
- CVE-2011-4153, missing checks of return values could
allow remote attackers to cause a denial of service (NULL
pointer dereference) - CVE-2011-4885, denial of service via hash collisions
- CVE-2012-0057, specially crafted XSLT stylesheets
could allow remote attackers to create arbitrary files with
arbitrary content - CVE-2012-0781, remote attackers can cause a denial of
service via specially crafted input to an application that
attempts to perform Tidy::diagnose operations - CVE-2012-0788, applications that use a PDO driver
were prone to denial of service flaws which could be
exploited remotely - CVE-2012-0789, memory leak in the timezone
functionality could allow remote attackers to cause a
denial of service (memory consumption) - CVE-2012-0807, a stack based buffer overflow in
php5’s Suhosin extension could allow remote attackers to
execute arbitrary code via a long string that is used in a
Set-Cookie HTTP header - CVE-2012-0830, this fixes an incorrect fix for
CVE-2011-4885 which could allow remote attackers to execute
arbitrary code via a request containing a large number of
variables - CVE-2012-0831, temporary changes to the
magic_quotes_gpc directive during the importing of
environment variables is not properly performed which makes
it easier for remote attackers to conduct SQL injections
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| SUSE Linux Enterprise Server | 10.4 | ia64 | php5-sysvshm | < 5.2.14-0.26.3 | php5-sysvshm-5.2.14-0.26.3.ia64.rpm |
| SLE SDK | 10.4 | i586 | php5-shmop | < 5.2.14-0.26.3 | php5-shmop-5.2.14-0.26.3.i586.rpm |
| SLE SDK | 10.4 | ppc | apache2-mod_php5 | < 5.2.14-0.26.3 | apache2-mod_php5-5.2.14-0.26.3.ppc.rpm |
| SUSE Linux Enterprise Server | 10.4 | ia64 | php5-tokenizer | < 5.2.14-0.26.3 | php5-tokenizer-5.2.14-0.26.3.ia64.rpm |
| SUSE Linux Enterprise Server | 10.4 | i586 | php5-shmop | < 5.2.14-0.26.3 | php5-shmop-5.2.14-0.26.3.i586.rpm |
| SLE SDK | 10.4 | s390x | php5-wddx | < 5.2.14-0.26.3 | php5-wddx-5.2.14-0.26.3.s390x.rpm |
| SLE SDK | 10.4 | ia64 | php5-mbstring | < 5.2.14-0.26.3 | php5-mbstring-5.2.14-0.26.3.ia64.rpm |
| SLE SDK | 10.4 | ppc | php5-iconv | < 5.2.14-0.26.3 | php5-iconv-5.2.14-0.26.3.ppc.rpm |
| SLE SDK | 10.4 | ppc | php5-gettext | < 5.2.14-0.26.3 | php5-gettext-5.2.14-0.26.3.ppc.rpm |
| SUSE Linux Enterprise Server | 10.4 | ia64 | php5-ncurses | < 5.2.14-0.26.3 | php5-ncurses-5.2.14-0.26.3.ia64.rpm |
Related
nessus
nessus
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)
2012-03-26 00:00:00
openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)
2014-06-13 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:0411-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for update (openSUSE-SU-2012:0426-1)
2012-12-13 00:00:00
SuSE Update for update openSUSE-SU-2012:0426-1 (update)
2012-12-13 00:00:00
suse
suse
update for php5 (important)
2012-03-29 15:08:14
Security update for PHP5 (important)
2012-04-06 03:08:16
Security update for PHP5 (important)
2012-04-12 23:08:15
ubuntu
ubuntu
PHP vulnerabilities
2012-02-10 00:00:00
PHP regression
2012-02-13 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:065 ] php
2012-05-01 00:00:00
PHP security vulnerabilities
2012-02-08 00:00:00
PHP multiple security vulnerabilities
2012-05-24 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: maniadrive-1.2-32.fc15.2
2012-02-14 09:05:18
[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16.2
2012-02-08 22:56:30
[SECURITY] Fedora 15 Update: php-eaccelerator-0.9.6.1-9.fc15.2
2012-02-14 09:05:18
prion
prion
Design/Logic Flaw
2012-02-06 20:55:00
Null pointer dereference
2012-01-18 20:55:00
Null pointer dereference
2012-01-18 20:55:00
redhat
redhat
(RHSA-2012:0093) Critical: php security update
2012-02-02 00:00:00
(RHSA-2012:0092) Critical: php53 security update
2012-02-02 00:00:00
(RHSA-2012:1045) Moderate: php security update
2012-06-27 00:00:00
seebug
seebug
PHP "php_register_variable_ex()"函数任意代码执行漏洞(CVE-2012-0830)
2012-02-03 00:00:00
PHP ‘tidy_diagnose’函数拒绝服务漏洞
2012-01-30 00:00:00
PHP 5.3.8 'tidy_diagnose()'空指针引用拒绝服务漏洞
2012-04-16 00:00:00
cve
cve
amazon
amazon
Critical: php
2012-02-02 16:10:00
ubuntucve
ubuntucve
centos
centos
php security update
2012-02-03 01:41:17
php53 security update
2012-02-03 01:43:26
php security update
2012-06-27 20:21:47
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 01:10:12
Arbitrary Code Execution
2019-05-02 04:42:12
Denial Of Service (DoS)
2019-05-02 04:42:12
oraclelinux
oraclelinux
php security update
2012-06-27 00:00:00
php security, bug fix and enhancement update
2013-02-27 00:00:00
php53 security update
2012-06-27 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2012-09-24 00:00:00
packetstorm
packetstorm
PHP 5.3.8 NULL Pointer Dereference
2012-01-15 00:00:00
PHP 5.3.x Hash Collision Proof Of Concept Code
2012-01-02 00:00:00
PHP 5.3.x Hashtables Proof Of Concept
2012-01-01 00:00:00
debian
debian
[SECURITY] [DSA 2399-1] php5 security update
2012-01-31 07:22:58
[SECURITY] [DSA 2399-2] php5 regression fix
2012-01-31 15:26:47
[SECURITY] [DSA 2403-1] php5 security update
2012-02-02 21:29:48
checkpoint_advisories
checkpoint_advisories
PHP5 Hash Collision Denial Of Service - Ver2 (CVE-2011-4885)
2014-03-03 00:00:00
PHP php_register_variable_ex Function Code Execution (CVE-2012-0830)
2012-05-14 00:00:00
f5
f5
K13588 : PHP vulnerability CVE-2011-4885
2013-09-11 00:00:00
SOL13588 - PHP vulnerability CVE-2011-4885
2012-05-17 00:00:00
osv
osv
php5 - several
2012-01-31 00:00:00
exploitpack
exploitpack
PHP 5.3.8 - Multiple Vulnerabilities
2012-01-14 00:00:00
PHP 5.3.8 - Hashtables Denial of Service
2012-01-01 00:00:00
freebsd
freebsd
php5 -- Denial of Service in php_date_parse_tzfile()
2010-12-08 00:00:00
slackware
slackware
[slackware-security] php
2012-02-10 17:44:15