php: multiple vulnerabilities [LWN.net]

Package(s):

php5

CVE #(s):

CVE-2011-4153 CVE-2012-0788 CVE-2012-0831

Created:

February 10, 2012

Updated:

February 28, 2013

Description:

From the Ubuntu advisory:

It was discovered that PHP did not always check the return value of the zend_strndup function. This could allow a remote attacker to cause a denial of service. (CVE-2011-4153)

It was discovered that PHP did not properly enforce that PDORow objects could not be serialized and not be saved in a session. A remote attacker could use this to cause a denial of service via an application crash. (CVE-2012-0788)

It was discovered that PHP allowed the magic_quotes_gpc setting to be disabled remotely. This could allow a remote attacker to bypass restrictions that could prevent an SQL injection. (CVE-2012-0831)

Alerts:

Ubuntu	USN-1358-1	2012-02-09
Debian	DSA-2408-1	2012-02-13
Ubuntu	USN-1358-2	2012-02-13
SUSE	SUSE-SU-2012:0411-1	2012-03-24
openSUSE	openSUSE-SU-2012:0426-1	2012-03-29
SUSE	SUSE-SU-2012:0472-1	2012-04-06
SUSE	SUSE-SU-2012:0496-1	2012-04-12
Mandriva	MDVSA-2012:065	2012-04-27
Fedora	FEDORA-2012-6907	2012-05-07
Fedora	FEDORA-2012-6911	2012-05-07
Fedora	FEDORA-2012-6907	2012-05-07
Fedora	FEDORA-2012-6911	2012-05-07
Fedora	FEDORA-2012-6907	2012-05-07
Fedora	FEDORA-2012-6911	2012-05-07
Mandriva	MDVSA-2012:071	2012-05-10
Red Hat	RHSA-2012:1045-01	2012-06-27
Red Hat	RHSA-2012:1046-01	2012-06-27
Red Hat	RHSA-2012:1047-01	2012-06-27
CentOS	CESA-2012:1045	2012-06-27
CentOS	CESA-2012:1047	2012-06-27
Oracle	ELSA-2012-1045	2012-06-28
Oracle	ELSA-2012-1047	2012-06-28
Oracle	ELSA-2012-1046	2012-06-30
Scientific Linux	SL-php-20120705	2012-07-05
Scientific Linux	SL-php5-20120705	2012-07-05
Scientific Linux	SL-php-20120709	2012-07-09
CentOS	CESA-2012:1046	2012-07-10
Gentoo	201209-03	2012-09-23
Red Hat	RHSA-2013:0514-02	2013-02-21
Oracle	ELSA-2013-0514	2013-02-28
Scientific Linux	SL-php-20130228	2013-02-28
CentOS	CESA-2013:0514	2013-03-09

(Log in to post comments)