LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

php: multiple vulnerabilities

Package(s):mod_php php-cli php-common CVE #(s):CVE-2010-4697 CVE-2010-4698
Created:February 10, 2011 Updated:May 5, 2011
Description:

From the Pardus advisory:

CVE-2010-4697: Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.

CVE-2010-4698: Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via vectors related to the iimagepstext function and invalid anti-aliasing.

Alerts:
Gentoo 201110-06 2011-10-10
SUSE SUSE-SR:2011:006 2011-04-05
openSUSE openSUSE-SU-2011:0276-1 2011-04-01
Ubuntu USN-1126-2 2011-05-05
Ubuntu USN-1126-1 2011-04-29
Pardus 2011-26 2011-02-09
Debian DSA-2408-1 2012-02-13
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds