Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

php: arbitrary file creation/overwrite

Package(s):

php5

CVE #(s):

CVE-2011-2202

Created:

June 30, 2011

Updated:

April 13, 2012

Description:

From the Debian advisory:

CVE-2011-2202: Path names in form based file uploads (RFC 1867) were incorrectly validated.

Alerts:

Oracle	ELSA-2011-1423	2011-11-03
Oracle	ELSA-2011-1423	2011-11-03
Scientific Linux	SL-NotF-20111102	2011-11-02
Mandriva	MDVSA-2011:165	2011-11-03
CentOS	CESA-2011:1423	2011-11-03
Red Hat	RHSA-2011:1423-01	2011-11-02
Ubuntu	USN-1231-1	2011-10-18
openSUSE	openSUSE-SU-2011:1138-1	2011-10-17
openSUSE	openSUSE-SU-2011:1137-1	2011-10-17
Gentoo	201110-06	2011-10-10
Fedora	FEDORA-2011-11537	2011-08-26
Fedora	FEDORA-2011-11528	2011-08-26
Fedora	FEDORA-2011-11537	2011-08-26
Fedora	FEDORA-2011-11528	2011-08-26
Fedora	FEDORA-2011-11537	2011-08-26
Fedora	FEDORA-2011-11528	2011-08-26
Slackware	SSA:2011-237-01	2011-08-25
Debian	DSA-2266-1	2011-06-29
Red Hat	RHSA-2012:0033-01	2012-01-18
CentOS	CESA-2012:0033	2012-01-18
Oracle	ELSA-2012-0033	2012-01-18
Scientific Linux	SL-php-20120119	2012-01-19
Red Hat	RHSA-2012:0071-01	2012-01-30
CentOS	CESA-2012:0071	2012-01-30
Oracle	ELSA-2012-0071	2012-01-31
Scientific Linux	SL-php-20120130	2012-01-30
SUSE	SUSE-SU-2012:0496-1	2012-04-12
Mandriva	MDVSA-2012:071	2012-05-10
Oracle	ELSA-2012-1046	2012-06-30

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds