LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

php5: several vulnerabilities

Package(s):php5 CVE #(s):CVE-2008-3658 CVE-2008-3659 CVE-2008-3660
Created:October 7, 2008 Updated:June 1, 2009
Description: From the Debian advisory:

Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-3658: Buffer overflow in the imageloadfont function allows a denial of service or code execution through a crafted font file.

CVE-2008-3659: Buffer overflow in the memnstr function allows a denial of service or code execution via a crafted delimiter parameter to the explode function.

CVE-2008-3660: Denial of service is possible in the FastCGI module by a remote attacker by making a request with multiple dots before the extension.

Alerts:
Fedora FEDORA-2009-3768 2009-04-21
Fedora FEDORA-2009-3848 2009-04-21
Red Hat RHSA-2009:0350-01 2009-04-14
CentOS CESA-2009:0338 2009-04-07
CentOS CESA-2009:0337 2009-04-06
Red Hat RHSA-2009:0337-01 2009-04-06
Red Hat RHSA-2009:0338-01 2009-04-06
rPath rPSA-2009-0035-1 2009-03-02
Ubuntu USN-720-1 2009-02-12
Mandriva MDVSA-2009:023 2009-01-21
Mandriva MDVSA-2009:022 2009-01-21
Slackware SSA:2008-339-01 2008-12-05
Gentoo 200811-05 2008-11-16
SuSE SUSE-SR:2008:021 2008-10-17
Debian DSA-1647-1 2008-10-07
Mandriva MDVSA-2009:024 2009-01-21
Mandriva MDVSA-2009:021 2009-01-21
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds