LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

php: denial of service

Package(s):php CVE #(s):CVE-2011-1148
Created:April 8, 2011 Updated:February 13, 2012
Description: From the Pardus advisory:

CVE-2011-1148: Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.

Alerts:
Oracle ELSA-2011-1423 2011-11-03
Oracle ELSA-2011-1423 2011-11-03
Scientific Linux SL-NotF-20111102 2011-11-02
Mandriva MDVSA-2011:165 2011-11-03
CentOS CESA-2011:1423 2011-11-03
Red Hat RHSA-2011:1423-01 2011-11-02
Gentoo 201110-06 2011-10-10
Fedora FEDORA-2011-11537 2011-08-26
Fedora FEDORA-2011-11528 2011-08-26
Fedora FEDORA-2011-11537 2011-08-26
Fedora FEDORA-2011-11528 2011-08-26
Fedora FEDORA-2011-11537 2011-08-26
Fedora FEDORA-2011-11528 2011-08-26
Slackware SSA:2011-237-01 2011-08-25
openSUSE openSUSE-SU-2011:0645-1 2011-06-16
Pardus 2011-63 2011-04-07
Ubuntu USN-1126-1 2011-04-29
Ubuntu USN-1126-2 2011-05-05
Red Hat RHSA-2012:0033-01 2012-01-18
CentOS CESA-2012:0033 2012-01-18
Oracle ELSA-2012-0033 2012-01-18
Scientific Linux SL-php-20120119 2012-01-19
Debian DSA-2408-1 2012-02-13
Mandriva MDVSA-2012:071 2012-05-10
Oracle ELSA-2012-1046 2012-06-30
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds