LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2012-2688 CVE-2012-3365
Created:July 23, 2012 Updated:February 28, 2013
Description: From the Mandriva advisory:

Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow (CVE-2012-2688).

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors (CVE-2012-3365).

Alerts:
Mandriva MDVSA-2012:108 2012-07-23
Mageia MGASA-2012-0186 2012-07-30
Fedora FEDORA-2012-10936 2012-08-05
Fedora FEDORA-2012-10908 2012-08-05
Fedora FEDORA-2012-10936 2012-08-05
Fedora FEDORA-2012-10908 2012-08-05
Fedora FEDORA-2012-10908 2012-08-05
openSUSE openSUSE-SU-2012:0976-1 2012-08-09
Debian DSA-2527-1 2012-08-13
SUSE SUSE-SU-2012:1034-1 2012-08-24
Ubuntu USN-1569-1 2012-09-17
Gentoo 201209-03 2012-09-23
Red Hat RHSA-2013:0514-02 2013-02-21
Oracle ELSA-2013-0514 2013-02-28
Scientific Linux SL-php-20130228 2013-02-28
CentOS CESA-2013:0514 2013-03-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds