- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201110-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: PHP: Multiple vulnerabilities
     Date: October 10, 2011
     Bugs: #306939, #332039, #340807, #350908, #355399, #358791,
           #358975, #369071, #372745, #373965, #380261
       ID: 201110-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities were found in PHP, the worst of which leading
to remote execution of arbitrary code.

Background
=========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-lang/php                 < 5.3.8                    >= 5.3.8

Description
==========
Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.

Impact
=====
A context-dependent attacker could execute arbitrary code, obtain
sensitive information from process memory, bypass intended access
restrictions, or cause a Denial of Service in various ways.

A remote attacker could cause a Denial of Service in various ways,
bypass spam detections, or bypass open_basedir restrictions.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All PHP users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8"

References
=========
[  1 ] CVE-2006-7243
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243
[  2 ] CVE-2009-5016
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016
[  3 ] CVE-2010-1128
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128
[  4 ] CVE-2010-1129
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129
[  5 ] CVE-2010-1130
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130
[  6 ] CVE-2010-1860
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860
[  7 ] CVE-2010-1861
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861
[  8 ] CVE-2010-1862
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862
[  9 ] CVE-2010-1864
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864
[ 10 ] CVE-2010-1866
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866
[ 11 ] CVE-2010-1868
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868
[ 12 ] CVE-2010-1914
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914
[ 13 ] CVE-2010-1915
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915
[ 14 ] CVE-2010-1917
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917
[ 15 ] CVE-2010-2093
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093
[ 16 ] CVE-2010-2094
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094
[ 17 ] CVE-2010-2097
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097
[ 18 ] CVE-2010-2100
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100
[ 19 ] CVE-2010-2101
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101
[ 20 ] CVE-2010-2190
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190
[ 21 ] CVE-2010-2191
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191
[ 22 ] CVE-2010-2225
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225
[ 23 ] CVE-2010-2484
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484
[ 24 ] CVE-2010-2531
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531
[ 25 ] CVE-2010-2950
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950
[ 26 ] CVE-2010-3062
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062
[ 27 ] CVE-2010-3063
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063
[ 28 ] CVE-2010-3064
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064
[ 29 ] CVE-2010-3065
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065
[ 30 ] CVE-2010-3436
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436
[ 31 ] CVE-2010-3709
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709
[ 32 ] CVE-2010-3709
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709
[ 33 ] CVE-2010-3710
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710
[ 34 ] CVE-2010-3710
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710
[ 35 ] CVE-2010-3870
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870
[ 36 ] CVE-2010-4150
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150
[ 37 ] CVE-2010-4409
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409
[ 38 ] CVE-2010-4645
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645
[ 39 ] CVE-2010-4697
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4697
[ 40 ] CVE-2010-4698
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4698
[ 41 ] CVE-2010-4699
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4699
[ 42 ] CVE-2010-4700
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4700
[ 43 ] CVE-2011-0420
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0420
[ 44 ] CVE-2011-0421
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0421
[ 45 ] CVE-2011-0708
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0708
[ 46 ] CVE-2011-0752
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0752
[ 47 ] CVE-2011-0753
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0753
[ 48 ] CVE-2011-0755
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0755
[ 49 ] CVE-2011-1092
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1092
[ 50 ] CVE-2011-1148
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148
[ 51 ] CVE-2011-1153
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1153
[ 52 ] CVE-2011-1464
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1464
[ 53 ] CVE-2011-1466
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1466
[ 54 ] CVE-2011-1467
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1467
[ 55 ] CVE-2011-1468
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1468
[ 56 ] CVE-2011-1469
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1469
[ 57 ] CVE-2011-1470
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1470
[ 58 ] CVE-2011-1471
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1471
[ 59 ] CVE-2011-1657
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1657
[ 60 ] CVE-2011-1938
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1938
[ 61 ] CVE-2011-2202
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2202
[ 62 ] CVE-2011-2483
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483
[ 63 ] CVE-2011-3182
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3182
[ 64 ] CVE-2011-3189
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3189
[ 65 ] CVE-2011-3267
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3267
[ 66 ] CVE-2011-3268
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3268

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201110-06

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201110-06: PHP: Multiple vulnerabilities

Multiple vulnerabilities were found in PHP, the worst of which leading to remote execution of arbitrary code.

Summary

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Resolution

All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8"

References

[ 1 ] CVE-2006-7243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243 [ 2 ] CVE-2009-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016 [ 3 ] CVE-2010-1128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128 [ 4 ] CVE-2010-1129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129 [ 5 ] CVE-2010-1130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130 [ 6 ] CVE-2010-1860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860 [ 7 ] CVE-2010-1861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861 [ 8 ] CVE-2010-1862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862 [ 9 ] CVE-2010-1864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864 [ 10 ] CVE-2010-1866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866 [ 11 ] CVE-2010-1868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868 [ 12 ] CVE-2010-1914 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914 [ 13 ] CVE-2010-1915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915 [ 14 ] CVE-2010-1917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917 [ 15 ] CVE-2010-2093 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093 [ 16 ] CVE-2010-2094 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094 [ 17 ] CVE-2010-2097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097 [ 18 ] CVE-2010-2100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100 [ 19 ] CVE-2010-2101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101 [ 20 ] CVE-2010-2190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190 [ 21 ] CVE-2010-2191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191 [ 22 ] CVE-2010-2225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225 [ 23 ] CVE-2010-2484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484 [ 24 ] CVE-2010-2531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531 [ 25 ] CVE-2010-2950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950 [ 26 ] CVE-2010-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062 [ 27 ] CVE-2010-3063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063 [ 28 ] CVE-2010-3064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064 [ 29 ] CVE-2010-3065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065 [ 30 ] CVE-2010-3436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436 [ 31 ] CVE-2010-3709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709 [ 32 ] CVE-2010-3709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709 [ 33 ] CVE-2010-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710 [ 34 ] CVE-2010-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710 [ 35 ] CVE-2010-3870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870 [ 36 ] CVE-2010-4150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150 [ 37 ] CVE-2010-4409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409 [ 38 ] CVE-2010-4645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645 [ 39 ] CVE-2010-4697 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4697 [ 40 ] CVE-2010-4698 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4698 [ 41 ] CVE-2010-4699 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4699 [ 42 ] CVE-2010-4700 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4700 [ 43 ] CVE-2011-0420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0420 [ 44 ] CVE-2011-0421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0421 [ 45 ] CVE-2011-0708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0708 [ 46 ] CVE-2011-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0752 [ 47 ] CVE-2011-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0753 [ 48 ] CVE-2011-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0755 [ 49 ] CVE-2011-1092 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1092 [ 50 ] CVE-2011-1148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148 [ 51 ] CVE-2011-1153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1153 [ 52 ] CVE-2011-1464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1464 [ 53 ] CVE-2011-1466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1466 [ 54 ] CVE-2011-1467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1467 [ 55 ] CVE-2011-1468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1468 [ 56 ] CVE-2011-1469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1469 [ 57 ] CVE-2011-1470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1470 [ 58 ] CVE-2011-1471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1471 [ 59 ] CVE-2011-1657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1657 [ 60 ] CVE-2011-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1938 [ 61 ] CVE-2011-2202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2202 [ 62 ] CVE-2011-2483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483 [ 63 ] CVE-2011-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3182 [ 64 ] CVE-2011-3189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3189 [ 65 ] CVE-2011-3267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3267 [ 66 ] CVE-2011-3268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3268

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201110-06

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: High
Title: PHP: Multiple vulnerabilities
Date: October 10, 2011
Bugs: #306939, #332039, #340807, #350908, #355399, #358791,
ID: 201110-06

Synopsis

Multiple vulnerabilities were found in PHP, the worst of which leading to remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.3.8 >= 5.3.8

Impact

===== A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways. A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions.

Workaround

There is no known workaround at this time.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved