Explore top 10 tips to secure your open-source projects now. Read More
×
Multiple vulnerabilities in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for
PHP 5.3.5 allows local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. (CVE-2011-0441)
Raphael Geisert and Dan Rosenberg discovered that the PEAR installer
allows local users to overwrite arbitrary files via a symlink attack on
the package.xml file, related to the (1) download_dir, (2) cache_dir,
(3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,
CVE-2011-1144)
Ben Schmidt discovered that a use-after-free vulnerability in the PHP
Zend engine could allow an attacker to cause a denial of service (heap
memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)
Martin Barbella discovered a buffer overflow in the PHP GD extension
that allows an attacker to cause a denial of service (application crash)
via a large number of anti...
The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libapache2-mod-php5 5.3.5-1ubuntu7.1 php-pear 5.3.5-1ubuntu7.1 php5 5.3.5-1ubuntu7.1 php5-cgi 5.3.5-1ubuntu7.1 php5-cli 5.3.5-1ubuntu7.1 php5-common 5.3.5-1ubuntu7.1 php5-curl 5.3.5-1ubuntu7.1 php5-dev 5.3.5-1ubuntu7.1 php5-gd 5.3.5-1ubuntu7.1 php5-intl 5.3.5-1ubuntu7.1 Ubuntu 10.10: libapache2-mod-php5 5.3.3-1ubuntu9.4 php-pear 5.3.3-1ubuntu9.4 php5 5.3.3-1ubuntu9.4 php5-cgi 5.3.3-1ubuntu9.4 php5-cli 5.3.3-1ubuntu9.4 php5-common 5.3.3-1ubuntu9.4 php5-curl 5.3.3-1ubuntu9.4 php5-dev 5.3.3-1ubuntu9.4 php5-gd 5.3.3-1ubuntu9.4 php5-intl 5.3.3-1ubuntu9.4 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.8 php-pear 5.3.2-1ubuntu4.8 php5 5.3.2-1ubuntu4.8 php5-cgi 5.3.2-1ubuntu4.8 php5-cli 5.3.2-1ubuntu4.8 php5-common 5.3.2-1ubuntu4.8 php5-curl 5.3.2-1ubuntu4.8 php5-dev 5.3.2-1ubuntu4.8 php5-gd 5.3.2-1ubuntu4.8 php5-intl 5.3.2-1ubuntu4.8 Ubuntu 9.10: libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.9 php-pear 5.2.10.dfsg.1-2ubuntu6.9 php5 5.2.10.dfsg.1-2ubuntu6.9 php5-cgi 5.2.10.dfsg.1-2ubuntu6.9 php5-cli 5.2.10.dfsg.1-2ubuntu6.9 php5-common 5.2.10.dfsg.1-2ubuntu6.9 php5-curl 5.2.10.dfsg.1-2ubuntu6.9 php5-dev 5.2.10.dfsg.1-2ubuntu6.9 php5-gd 5.2.10.dfsg.1-2ubuntu6.9 Ubuntu 8.04 LTS: libapache2-mod-php5 5.2.4-2ubuntu5.15 php-pear 5.2.4-2ubuntu5.15 php5 5.2.4-2ubuntu5.15 php5-cgi 5.2.4-2ubuntu5.15 php5-cli 5.2.4-2ubuntu5.15 php5-common 5.2.4-2ubuntu5.15 php5-curl 5.2.4-2ubuntu5.15 php5-dev 5.2.4-2ubuntu5.15 php5-gd 5.2.4-2ubuntu5.15 Ubuntu 6.06 LTS: libapache2-mod-php5 5.1.2-1ubuntu3.22 php-pear 5.1.2-1ubuntu3.22 php5 5.1.2-1ubuntu3.22 php5-cgi 5.1.2-1ubuntu3.22 php5-cli 5.1.2-1ubuntu3.22 php5-common 5.1.2-1ubuntu3.22 php5-curl 5.1.2-1ubuntu3.22 php5-dev 5.1.2-1ubuntu3.22 php5-gd 5.1.2-1ubuntu3.22 In general, a standard system update will make all the necessary changes.
CVE-2006-7243, CVE-2010-4697, CVE-2010-4698, CVE-2011-0420,
CVE-2011-0421, CVE-2011-0441, CVE-2011-0708, CVE-2011-1072,
CVE-2011-1092, CVE-2011-1144, CVE-2011-1148, CVE-2011-1153,
CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468,
CVE-2011-1469, CVE-2011-1470, CVE-2011-1471
Get the latest Linux and open source security news straight to your inbox.