LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2012-2688 CVE-2012-3365
Created:July 23, 2012 Updated:February 28, 2013
Description: From the Mandriva advisory:

Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow (CVE-2012-2688).

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors (CVE-2012-3365).

Alerts:
Mandriva MDVSA-2012:108 2012-07-23
Mageia MGASA-2012-0186 2012-07-30
Fedora FEDORA-2012-10936 2012-08-05
Fedora FEDORA-2012-10908 2012-08-05
Fedora FEDORA-2012-10936 2012-08-05
Fedora FEDORA-2012-10908 2012-08-05
Fedora FEDORA-2012-10908 2012-08-05
openSUSE openSUSE-SU-2012:0976-1 2012-08-09
Debian DSA-2527-1 2012-08-13
SUSE SUSE-SU-2012:1034-1 2012-08-24
Ubuntu USN-1569-1 2012-09-17
Gentoo 201209-03 2012-09-23
Red Hat RHSA-2013:0514-02 2013-02-21
Oracle ELSA-2013-0514 2013-02-28
Scientific Linux SL-php-20130228 2013-02-28
CentOS CESA-2013:0514 2013-03-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds