Debian: DSA-2408-1 Critical: PHP5 DoS Risks and Update Instructions
debian
February 13, 2012
Several vulnerabilities have been discovered in PHP, the web scripting language
Topics Covered
Summary
Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:
CVE-2011-1072
It was discoverd that insecure handling of temporary files in the PEAR
installer could lead to denial of service.
CVE-2011-4153
Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the zend_strndup() function could lead to denial of service.
CVE-2012-0781
Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the tidy_diagnose() function could lead to denial of service.
CVE-2012-0788
It was discovered that missing checks in the handling of PDORow
objects could lead to denial of service.
CVE-2012-0831
It was discovered that the magic_quotes_gpc setting could be disabled
remotely
This update also addresses PHP bugs, which are not treated as security issues
in Debian (see README.Debian.security), but which were fixed nonetheless:
CVE-2010-4697, CVE-2011-1092, CVE-2011-...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: php5
CVE ID: CVE-2011-1072 CVE-2011-4153 CVE-2012-0781 CVE-2012-0788
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!