SUSE Linux 10 SP4: SUSE-SU-2012:0598-1 Critical: PHP5 Command Injection
suse
May 9, 2012
An update that fixes three vulnerabilities is now available
Summary
This update fixes several security issues in PHP5:
* CVE-2012-1172: A directory traversal bug has been
fixed in php5.
* CVE-2012-1823, CVE-2012-2311: A command injection was
possible when PHP5 was operated in CGI mode using
commandline options. This problem does not affect PHP5 in
the normal Apache module mode setup.
* Also a pack/unpacking bug on big endian 64bit
architectures (ppc64 and s390x) has been fixed. bnc#753778
Security Issue references:
* CVE-2012-1172
References
#752030 #753778 #760536
Cross- CVE-2012-1172 CVE-2012-1823 CVE-2012-2311
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SLE SDK 10 SP4
https://www.suse.com/security/cve/CVE-2012-1172.html
https://www.suse.com/security/cve/CVE-2012-1823.html
https://www.suse.com/security/cve/CVE-2012-2311.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2012:0598-1
Rating: critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!