Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

php: multiple vulnerabilities

Package(s):

php

CVE #(s):

CVE-2010-2531 CVE-2010-2484 CVE-2010-2225

Created:

July 27, 2010

Updated:

July 5, 2011

Description:

From the Mandriva advisory:

Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
Fixed SplObjectStorage unserialization problems (CVE-2010-2225).

Alerts:

Ubuntu	USN-1231-1	2011-10-18
Gentoo	201110-06	2011-10-10
Debian	DSA-2266-2	2011-07-01
Debian	DSA-2266-1	2011-06-29
CentOS	CESA-2010:0919	2010-12-01
CentOS	CESA-2010:0919	2010-11-30
Red Hat	RHSA-2010:0919-01	2010-11-29
SUSE	SUSE-SR:2010:017	2010-09-21
Ubuntu	USN-989-1	2010-09-20
openSUSE	openSUSE-SU-2010:0599-1	2010-09-10
Slackware	SSA:2010-240-04	2010-08-30
Fedora	FEDORA-2010-11428	2010-07-27
Fedora	FEDORA-2010-11481	2010-07-27
Fedora	FEDORA-2010-11428	2010-07-27
Fedora	FEDORA-2010-11481	2010-07-27
Fedora	FEDORA-2010-11428	2010-07-27
Fedora	FEDORA-2010-11481	2010-07-27
Pardus	2010-104	2010-08-09
Debian	DSA-2089-1	2010-08-06
Pardus	2010-98	2010-08-02
Mandriva	MDVSA-2010:140	2010-07-27
Mandriva	MDVSA-2010:139	2010-07-27
openSUSE	openSUSE-SU-2010:0678-1	2010-09-29
SUSE	SUSE-SR:2010:018	2010-10-06

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds