- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: October 10, 2011 Bugs: #306939, #332039, #340807, #350908, #355399, #358791, #358975, #369071, #372745, #373965, #380261 ID: 201110-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in PHP, the worst of which leading to remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.3.8 >= 5.3.8 Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways. A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.8" References ========== [ 1 ] CVE-2006-7243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7243 [ 2 ] CVE-2009-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5016 [ 3 ] CVE-2010-1128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1128 [ 4 ] CVE-2010-1129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1129 [ 5 ] CVE-2010-1130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1130 [ 6 ] CVE-2010-1860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1860 [ 7 ] CVE-2010-1861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1861 [ 8 ] CVE-2010-1862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1862 [ 9 ] CVE-2010-1864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1864 [ 10 ] CVE-2010-1866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1866 [ 11 ] CVE-2010-1868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1868 [ 12 ] CVE-2010-1914 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1914 [ 13 ] CVE-2010-1915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1915 [ 14 ] CVE-2010-1917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1917 [ 15 ] CVE-2010-2093 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2093 [ 16 ] CVE-2010-2094 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2094 [ 17 ] CVE-2010-2097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2097 [ 18 ] CVE-2010-2100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2100 [ 19 ] CVE-2010-2101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2101 [ 20 ] CVE-2010-2190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2190 [ 21 ] CVE-2010-2191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2191 [ 22 ] CVE-2010-2225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2225 [ 23 ] CVE-2010-2484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2484 [ 24 ] CVE-2010-2531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2531 [ 25 ] CVE-2010-2950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2950 [ 26 ] CVE-2010-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3062 [ 27 ] CVE-2010-3063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3063 [ 28 ] CVE-2010-3064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3064 [ 29 ] CVE-2010-3065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3065 [ 30 ] CVE-2010-3436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3436 [ 31 ] CVE-2010-3709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709 [ 32 ] CVE-2010-3709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3709 [ 33 ] CVE-2010-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710 [ 34 ] CVE-2010-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3710 [ 35 ] CVE-2010-3870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3870 [ 36 ] CVE-2010-4150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4150 [ 37 ] CVE-2010-4409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4409 [ 38 ] CVE-2010-4645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645 [ 39 ] CVE-2010-4697 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4697 [ 40 ] CVE-2010-4698 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4698 [ 41 ] CVE-2010-4699 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4699 [ 42 ] CVE-2010-4700 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4700 [ 43 ] CVE-2011-0420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0420 [ 44 ] CVE-2011-0421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0421 [ 45 ] CVE-2011-0708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0708 [ 46 ] CVE-2011-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0752 [ 47 ] CVE-2011-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0753 [ 48 ] CVE-2011-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0755 [ 49 ] CVE-2011-1092 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1092 [ 50 ] CVE-2011-1148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148 [ 51 ] CVE-2011-1153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1153 [ 52 ] CVE-2011-1464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1464 [ 53 ] CVE-2011-1466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1466 [ 54 ] CVE-2011-1467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1467 [ 55 ] CVE-2011-1468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1468 [ 56 ] CVE-2011-1469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1469 [ 57 ] CVE-2011-1470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1470 [ 58 ] CVE-2011-1471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1471 [ 59 ] CVE-2011-1657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1657 [ 60 ] CVE-2011-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1938 [ 61 ] CVE-2011-2202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2202 [ 62 ] CVE-2011-2483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483 [ 63 ] CVE-2011-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3182 [ 64 ] CVE-2011-3189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3189 [ 65 ] CVE-2011-3267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3267 [ 66 ] CVE-2011-3268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3268 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/