-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2408-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
February 13, 2012                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php5
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-1072 CVE-2011-4153 CVE-2012-0781 CVE-2012-0788 
                 CVE-2012-0831 

Several vulnerabilities have been discovered in PHP, the web scripting 
language. The Common Vulnerabilities and Exposures project identifies 
the following issues:

CVE-2011-1072

   It was discoverd that insecure handling of temporary files in the PEAR
   installer could lead to denial of service.

CVE-2011-4153

   Maksymilian Arciemowicz discovered that a NULL pointer dereference in
   the zend_strndup() function could lead to denial of service.

CVE-2012-0781

   Maksymilian Arciemowicz discovered that a NULL pointer dereference in
   the tidy_diagnose() function could lead to denial of service.

CVE-2012-0788

   It was discovered that missing checks in the handling of PDORow
   objects could lead to denial of service.

CVE-2012-0831

   It was discovered that the magic_quotes_gpc setting could be disabled
   remotely

This update also addresses PHP bugs, which are not treated as security issues
in Debian (see README.Debian.security), but which were fixed nonetheless:
CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467
CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182
CVE-2011-3267

For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze8.

For the unstable distribution (sid), this problem has been fixed in
version 5.3.10-1.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-2408-1: php5 security update

February 13, 2012
Several vulnerabilities have been discovered in PHP, the web scripting language

Summary

Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:

CVE-2011-1072

It was discoverd that insecure handling of temporary files in the PEAR
installer could lead to denial of service.

CVE-2011-4153

Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the zend_strndup() function could lead to denial of service.

CVE-2012-0781

Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the tidy_diagnose() function could lead to denial of service.

CVE-2012-0788

It was discovered that missing checks in the handling of PDORow
objects could lead to denial of service.

CVE-2012-0831

It was discovered that the magic_quotes_gpc setting could be disabled
remotely

This update also addresses PHP bugs, which are not treated as security issues
in Debian (see README.Debian.security), but which were fixed nonetheless:
CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467
CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182
CVE-2011-3267

For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze8.

For the unstable distribution (sid), this problem has been fixed in
version 5.3.10-1.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Package : php5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1072 CVE-2011-4153 CVE-2012-0781 CVE-2012-0788
CVE-2012-0831

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved