php: code execution [LWN.net]

Package(s):

php5

CVE #(s):

CVE-2012-2311 CVE-2012-1823

Created:

May 7, 2012

Updated:

July 2, 2012

Description:

From the Ubuntu advisory:

It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable.

Alerts:

Ubuntu	USN-1437-1	2012-05-04
openSUSE	openSUSE-SU-2012:0590-1	2012-05-07
Red Hat	RHSA-2012:0546-01	2012-05-07
Red Hat	RHSA-2012:0547-01	2012-05-07
CentOS	CESA-2012:0546	2012-05-07
CentOS	CESA-2012:0546	2012-05-07
CentOS	CESA-2012:0547	2012-05-07
Scientific Linux	SL-php-20120508	2012-05-08
Scientific Linux	SL-php5-20120508	2012-05-08
Oracle	ELSA-2012-0546	2012-05-08
Oracle	ELSA-2012-0546	2012-05-08
Debian	DSA-2465-1	2012-05-09
Oracle	ELSA-2012-0547	2012-05-08
SUSE	SUSE-SU-2012:0598-1	2012-05-09
SUSE	SUSE-SU-2012:0598-2	2012-05-09
Mandriva	MDVSA-2012:068-1	2012-05-10
Mandriva	MDVSA-2012:071	2012-05-10
Red Hat	RHSA-2012:0568-01	2012-05-10
Red Hat	RHSA-2012:0569-01	2012-05-10
SUSE	SUSE-SU-2012:0604-1	2012-05-09
Red Hat	RHSA-2012:0570-01	2012-05-11
Fedora	FEDORA-2012-7586	2012-05-27
Fedora	FEDORA-2012-7567	2012-05-27
Fedora	FEDORA-2012-7586	2012-05-27
Fedora	FEDORA-2012-7567	2012-05-27
Fedora	FEDORA-2012-7586	2012-05-27
Fedora	FEDORA-2012-7567	2012-05-27
Red Hat	RHSA-2012:1045-01	2012-06-27
Red Hat	RHSA-2012:1046-01	2012-06-27
Red Hat	RHSA-2012:1047-01	2012-06-27
CentOS	CESA-2012:1045	2012-06-27
CentOS	CESA-2012:1047	2012-06-27
Oracle	ELSA-2012-1045	2012-06-28
Oracle	ELSA-2012-1047	2012-06-28
Oracle	ELSA-2012-1046	2012-06-30
Scientific Linux	SL-php-20120705	2012-07-05
Scientific Linux	SL-php5-20120705	2012-07-05
Scientific Linux	SL-php-20120709	2012-07-09
CentOS	CESA-2012:1046	2012-07-10
Gentoo	201209-03	2012-09-23

(Log in to post comments)