Back to search

DSA-2399-2 php5 -- several vulnerabilities

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) May 31, 2011 January 28, 2013 December 05, 2013

Available Exploits 

Description

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

Upgrade all packages built against source package php5.

Use `apt-get install` to upgrade any installed packages from this list:

  • libapache2-mod-php5
  • libapache2-mod-php5filter
  • libphp5-embed
  • php-pear
  • php5
  • php5-cgi
  • php5-cli
  • php5-common
  • php5-curl
  • php5-dbg
  • php5-dev
  • php5-enchant
  • php5-fpm
  • php5-gd
  • php5-gmp
  • php5-imap
  • php5-interbase
  • php5-intl
  • php5-ldap
  • php5-mcrypt
  • php5-mysql
  • php5-mysqlnd
  • php5-odbc
  • php5-pgsql
  • php5-pspell
  • php5-recode
  • php5-snmp
  • php5-sqlite
  • php5-sybase
  • php5-tidy
  • php5-xmlrpc
  • php5-xsl

Related Vulnerabilities