Pardus alert 2011-88 (mod_php php-cli php-common)

From:
    	     
 
Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security] [PLSA 2011-88] php: Stack-based Buffer Overflow 
Date:
    	     
 
Tue, 21 Jun 2011 16:12:01 +0300
Message-ID:
    	     
 
<201106211612.01860.meltem@pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-88            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-06-21
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

A  vulnerability has  been  fixed   in   php,,   which   might   allow  
context-dependent attackers to execute arbitrary code. 


Description
===========

CVE-2011-1938: 

Stack-based  buffer overflow  in  the   socket_connect   function   in  
ext/sockets/sockets.c  in PHP  5.3.3   through   5.3.6   might   allow  
context-dependent  attackers to  execute  arbitrary  code  via  a  long 
pathname for a UNIX socket. 



Affected packages:

  Pardus 2009:
    mod_php, all before 5.2.14-93-26
    php-cli, all before 5.2.14-93-26

    php-common, all before 5.2.14-93-26



Resolution
==========

There are update(s) for mod_php, php-cli, php-common.  You  can  update 
them via Package Manager or with a single command from console: 

    pisi up mod_php php-cli php-common

References
==========

  * http://seclists.org/oss-sec/2011/q2/472
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-...
  * http://bugs.pardus.org.tr/show_bug.cgi?id=18211

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security