LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2011-63 (mod_php php-cli php-common)



From:
    	      Meltem Parmaksız <meltem@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security]  [PLSA 2011-63] Php: Multiple Vulnerabilities 


Date:
    	      Fri, 8 Apr 2011 08:31:11 +0300


Message-ID:
    	      <201104080831.11763.meltem@pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-63            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-04-07
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

Multible vulnerabilities have been fixed in php, which allow  attackers 
to cause a denial of service, obtain sensitive information or  possibly 
execute arbitrary code. 


Description
===========

CVE-2011-1092: 

Integer  overflow in  ext/shmop/shmop.c  in  PHP  before  5.3.6  allows 
context-dependent attackers to cause a denial of  service  (crash)  and 
possibly read sensitive memory  via  a  large  third  argument  to  the 
shmop_read function. 



CVE-2011-1148: 

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6
and earlier allows context-dependent attackers to  cause  a  denial  of 
service (memory corruption) or possibly have unspecified other impact by
using the same variable for multiple arguments. 



CVE-2011-1153: 

Multiple format string vulnerabilities in  phar_object.c  in  the  phar 
extension in PHP 5.3.5 and earlier allow context-dependent attackers to 
obtain sensitive information from process memory,  cause  a  denial  of 
service (memory corruption), or possibly  execute  arbitrary  code  via 
format string specifiers in an argument to a class method, leading to an
incorrect zend_throw_exception_ex call. 



Affected packages:

  Pardus 2009:
    mod_php, all before 5.2.14-91-24
    php-cli, all before 5.2.14-91-24

    php-common, all before 5.2.14-91-24

  Pardus 2011:
    mod_php, all before 5.2.14-97-p11
    php-cli, all before 5.2.14-97-p11

    php-common, all before 5.2.14-97-p11



Resolution
==========

There are update(s) for mod_php, php-cli, php-common.  You  can  update 
them via Package Manager or with a single command from console: 

  Pardus 2009:
    pisi up mod_php php-cli php-common

  Pardus 2011:
    pisi up mod_php php-cli php-common


References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=17344
  * http://bugs.pardus.org.tr/show_bug.cgi?id=17362
  * http://bugs.pardus.org.tr/show_bug.cgi?id=17411

------------------------------------------------------------------------

_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds