|
|
Log in / Subscribe / Register

Pardus alert 2011-63 (mod_php php-cli php-common)



From:
    	      Meltem Parmaksız <meltem@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security]  [PLSA 2011-63] Php: Multiple Vulnerabilities 


Date:
    	      Fri, 8 Apr 2011 08:31:11 +0300


Message-ID:
    	      <201104080831.11763.meltem@pardus.org.tr>



------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-63            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-04-07
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

Multible vulnerabilities have been fixed in php, which allow  attackers 
to cause a denial of service, obtain sensitive information or  possibly 
execute arbitrary code. 


Description
===========

CVE-2011-1092: 

Integer  overflow in  ext/shmop/shmop.c  in  PHP  before  5.3.6  allows 
context-dependent attackers to cause a denial of  service  (crash)  and 
possibly read sensitive memory  via  a  large  third  argument  to  the 
shmop_read function. 



CVE-2011-1148: 

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6
and earlier allows context-dependent attackers to  cause  a  denial  of 
service (memory corruption) or possibly have unspecified other impact by
using the same variable for multiple arguments. 



CVE-2011-1153: 

Multiple format string vulnerabilities in  phar_object.c  in  the  phar 
extension in PHP 5.3.5 and earlier allow context-dependent attackers to 
obtain sensitive information from process memory,  cause  a  denial  of 
service (memory corruption), or possibly  execute  arbitrary  code  via 
format string specifiers in an argument to a class method, leading to an
incorrect zend_throw_exception_ex call. 



Affected packages:

  Pardus 2009:
    mod_php, all before 5.2.14-91-24
    php-cli, all before 5.2.14-91-24

    php-common, all before 5.2.14-91-24

  Pardus 2011:
    mod_php, all before 5.2.14-97-p11
    php-cli, all before 5.2.14-97-p11

    php-common, all before 5.2.14-97-p11



Resolution
==========

There are update(s) for mod_php, php-cli, php-common.  You  can  update 
them via Package Manager or with a single command from console: 

  Pardus 2009:
    pisi up mod_php php-cli php-common

  Pardus 2011:
    pisi up mod_php php-cli php-common


References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=17344
  * http://bugs.pardus.org.tr/show_bug.cgi?id=17362
  * http://bugs.pardus.org.tr/show_bug.cgi?id=17411

------------------------------------------------------------------------

_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds