Amazon Linux AMI: Security patch for php (ALAS-2012-95) (multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | July 07, 2012 | February 28, 2014 | July 04, 2017 |
Description
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
amazon-linux-upgrade-phpRelated Vulnerabilities
- ELSA-2012-1037 Moderate: Oracle Linux postgresql and postgresql84 security update
- OS X update for PHP (CVE-2012-2386)
- OS X update for Note (CVE-2012-2386)
- RHSA-2012:1036: postgresql security update
- USN-1461-1: PostgreSQL vulnerabilities
- OS X update for PHP (CVE-2012-2143)
- SUSE Linux Security Vulnerability: CVE-2012-2386
- Sun Patch: SunOS 5.10: PostgreSQL 8.3 source code patch
- DSA-2491-1 postgresql-8.4 -- several vulnerabilities
- Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 documentation patch
- PHP Vulnerability: CVE-2012-2386
- SUSE Linux Security Vulnerability: CVE-2012-2143
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- RHSA-2012:1037: postgresql and postgresql84 security update
- PostgreSQL class C vulnerability in contrib module: CVE-2012-2143
- PHP Vulnerability: CVE-2012-2143
- FreeBSD: FreeBSD -- Incorrect crypt() hashing (FreeBSD-SA-12:02.crypt) (CVE-2012-2143)
- Amazon Linux AMI: Security patch for postgresql9 (ALAS-2012-91) (CVE-2012-2143)
- Gentoo Linux: CVE-2012-2143: PHP: Multiple vulnerabilities
- RHSA-2012:1046: php security update
- Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 source code patch
- USN-1481-1: PHP vulnerabilities
- ELSA-2012-1036 Moderate: Oracle Linux postgresql security update
- Gentoo Linux: CVE-2012-2386: PHP: Multiple vulnerabilities
- OS X update for Note (CVE-2012-2143)
- Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 core patch
- RHSA-2012:1047: php53 security update
- DSA-2492-1 php5 -- buffer overflow
- Alpine Linux: CVE-2012-2143: Multiple vulnerabilities in postgresql < 9.0.8 may allow remote code execution
- ELSA-2012-1263 Moderate: Oracle Linux postgresql and postgresql84 security update
- FreeBSD: databases/postgresql*-server -- crypt vulnerabilities (CVE-2012-2143)
- Amazon Linux AMI: Security patch for postgresql8 (ALAS-2012-94) (multiple CVEs)
- Sun Patch: SunOS 5.10: PostgreSQL 8.3 documentation patch
- ELSA-2012-1046 Moderate: Oracle Linux php security update
- ELSA-2012-1047 Moderate: Oracle Linux php53 security update
- Sun Patch: SunOS 5.10: PostgreSQL 8.3 core patch