Debian: DSA-2399-2 Important: PHP5 Regression Issue Resolved Now
debian
January 31, 2012
A regression was found in the fix for PHP's XSLT transformations (CVE-2012-0057)
Topics Covered
Summary
Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:
CVE-2011-1938
The UNIX socket handling allowed attackers to trigger a buffer overflow
via a long path name.
CVE-2011-2483
The crypt_blowfish function did not properly handle 8-bit characters,
which made it easier for attackers to determine a cleartext password
by using knowledge of a password hash.
CVE-2011-4566
When used on 32 bit platforms, the exif extension could be used to
trigger an integer overflow in the exif_process_IFD_TAG function
when processing a JPEG file.
CVE-2011-4885
It was possible to trigger hash collisions predictably when parsing
form parameters, which allows remote attackers to cause a denial of
service by sending many crafted parameters.
CVE-2012-0057
When applying a crafted XSLT transform, an attacker could write files
to arbitrary places in the filesystem.
NOTE: the fix for CVE-2011-2483 requi...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: php5
CVE ID: CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!