|
|
Subscribe / Log in / New account

php5: multiple vulnerabilities

Package(s):php5 CVE #(s):CVE-2007-3806 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051
Created:May 12, 2008 Updated:January 22, 2009
Description:

From the Debian advisory:

CVE-2007-3806: The glob function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter.

CVE-2008-1384: Integer overflow allows context-dependent attackers to cause a denial of service and possibly have other impact via a printf format parameter with a large width specifier.

CVE-2008-2050: Stack-based buffer overflow in the FastCGI SAPI.

CVE-2008-2051: The escapeshellcmd API function could be attacked via incomplete multibyte chars.

Alerts:
Mandriva MDVSA-2009:022 php 2009-01-21
Mandriva MDVSA-2009:023 php 2009-01-21
Gentoo 200811-05 php 2008-11-16
Ubuntu USN-628-1 php5 2008-07-23
CentOS CESA-2008:0545 php 2008-07-16
CentOS CESA-2008:0544 PHP 2008-07-16
Red Hat RHSA-2008:0545-01 php 2008-07-16
Red Hat RHSA-2008:0544-01 PHP 2008-07-16
Red Hat RHSA-2008:0582-01 PHP 2008-07-22
Red Hat RHSA-2008:0546-01 PHP 2008-07-16
Mandriva MDVSA-2008:128 php 2008-07-03
Mandriva MDVSA-2008:127 php 2008-07-03
Mandriva MDVSA-2008:125 php 2008-07-03
Mandriva MDVSA-2008:126 php 2007-07-03
SuSE SUSE-SR:2008:014 sudo, courier-authlib, gnome-screensaver, clamav, php5, ImageMagick, GraphicsMagick, mtr, bind, pcre, tomcat, squid, freetype2 2008-07-04
Red Hat RHSA-2008:0505-01 RH Application Stack 2008-07-02
Fedora FEDORA-2008-3606 php 2008-06-20
Fedora FEDORA-2008-3864 php 2008-06-20
rPath rPSA-2008-0178-1 php 2008-05-27
rPath rPSA-2008-0176-1 php 2008-05-23
Debian DSA-1578-1 php4 2008-05-17
Debian DSA-1572-1 php5 2008-05-11
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds