Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -8 articles for you...
200

Scientific Linux SL5.x Moderate: PHP Security Update for Multiple Flaws

Moderate: php security update. Date: Thu, 5 Jul 2012 16:08:02 -0500 Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it. Sender: Security Errata for Scientific Linux From: Patrick Riehecky Subject: Security ERRATA Moderate: php on SL5.x i386/x86_64 Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Moderate: php security update Issue Date: 2012-06-27 CVE Numbers: CVE-2012-0057 CVE-2011-4153 CVE-2012-0789 CVE-2012-1172 CVE-2012-2336 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172) It was discovered that the fix for CVE-2012-1823, released via a previous update, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to output usage information that triggers an Internal Server Error. (CVE-2012-2336) A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789) It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153) All php usersshould upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. SL5: i386 php-5.1.6-39.el5_8.i386.rpm php-bcmath-5.1.6-39.el5_8.i386.rpm php-cli-5.1.6-39.el5_8.i386.rpm php-common-5.1.6-39.el5_8.i386.rpm php-dba-5.1.6-39.el5_8.i386.rpm php-debuginfo-5.1.6-39.el5_8.i386.rpm php-devel-5.1.6-39.el5_8.i386.rpm php-gd-5.1.6-39.el5_8.i386.rpm php-imap-5.1.6-39.el5_8.i386.rpm php-ldap-5.1.6-39.el5_8.i386.rpm php-mbstring-5.1.6-39.el5_8.i386.rpm php-mysql-5.1.6-39.el5_8.i386.rpm php-ncurses-5.1.6-39.el5_8.i386.rpm php-odbc-5.1.6-39.el5_8.i386.rpm php-pdo-5.1.6-39.el5_8.i386.rpm php-pgsql-5.1.6-39.el5_8.i386.rpm php-snmp-5.1.6-39.el5_8.i386.rpm php-soap-5.1.6-39.el5_8.i386.rpm php-xml-5.1.6-39.el5_8.i386.rpm php-xmlrpc-5.1.6-39.el5_8.i386.rpm x86_64 php-5.1.6-39.el5_8.x86_64.rpm php-bcmath-5.1.6-39.el5_8.x86_64.rpm php-cli-5.1.6-39.el5_8.x86_64.rpm php-common-5.1.6-39.el5_8.x86_64.rpm php-dba-5.1.6-39.el5_8.x86_64.rpm php-debuginfo-5.1.6-39.el5_8.x86_64.rpm php-devel-5.1.6-39.el5_8.x86_64.rpm php-gd-5.1.6-39.el5_8.x86_64.rpm php-imap-5.1.6-39.el5_8.x86_64.rpm php-ldap-5.1.6-39.el5_8.x86_64.rpm php-mbstring-5.1.6-39.el5_8.x86_64.rpm php-mysql-5.1.6-39.el5_8.x86_64.rpm php-ncurses-5.1.6-39.el5_8.x86_64.rpm php-odbc-5.1.6-39.el5_8.x86_64.rpm php-pdo-5.1.6-39.el5_8.x86_64.rpm php-pgsql-5.1.6-39.el5_8.x86_64.rpm php-snmp-5.1.6-39.el5_8.x86_64.rpm php-soap-5.1.6-39.el5_8.x86_64.rpm php-xml-5.1.6-39.el5_8.x86_64.rpm php-xmlrpc-5.1.6-39.el5_8.x86_64.rpm - Scientific Linux Development Team . Moderate PHP security update released for Scientific Linux SL5.x, fixing a range of security vulnerabilities and enhancing system integrity. php security update, scientific linux patch, php flaw fix. . LinuxSecurity.com Team

Calendar%202 Jul 05, 2012 Scientific Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here