SUSE: 2012:0604-2 Urgent: PHP5 Remote Code Execution And File Inclusion
suse
May 9, 2012
An update that fixes three vulnerabilities is now available
Summary
This update fixes several security issues in PHP5:
* CVE-2012-1172: A directory traversal bug has been
fixed in PHP5
* CVE-2012-1823, CVE-2012-2311: A command injection was
possible when PHP5 was operated in CGI mode using
commandline options. This problem does not affect PHP5 in
the normal Apache module mode setup.
Security Issue references:
* CVE-2012-1172
Topics Covered
References
#752030 #760536
Cross- CVE-2012-1172 CVE-2012-1823 CVE-2012-2311
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
https://www.suse.com/security/cve/CVE-2012-1172.html
https://www.suse.com/security/cve/CVE-2012-1823.html
https://www.suse.com/security/cve/CVE-2012-2311.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2012:0604-1
Rating: critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!