ELSA-2012-1046 Moderate: Oracle Linux php security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | September 28, 2010 | July 17, 2012 | July 04, 2017 |
Available Exploits 
Description
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- APPLE-APPLE-SA-2011-03-21-1
- APPLE-APPLE-SA-2011-10-12-3
- APPLE-APPLE-SA-2012-02-01-1
- APPLE-APPLE-SA-2012-05-09-1
- APPLE-APPLE-SA-2012-09-19-2
- BID-46365
- BID-46843
- BID-46967
- BID-46969
- BID-46970
- BID-46975
- BID-46977
- BID-48259
- BID-49241
- BID-50907
- BID-51193
- BID-51830
- CERT-VN-520827
- CERT-VN-673343
- CERT-VN-903934
- CVE-2010-2950
- CVE-2011-0708
- CVE-2011-1148
- CVE-2011-1466
- CVE-2011-1468
- CVE-2011-1469
- CVE-2011-1470
- CVE-2011-1471
- CVE-2011-1938
- CVE-2011-2202
- CVE-2011-2483
- CVE-2011-4153
- CVE-2011-4566
- CVE-2011-4885
- CVE-2012-0057
- CVE-2012-0781
- CVE-2012-0789
- CVE-2012-0830
- CVE-2012-1172
- CVE-2012-1823
- CVE-2012-2143
- CVE-2012-2336
- CVE-2012-2386
- DEBIAN-DSA-2266
- DEBIAN-DSA-2340
- DEBIAN-DSA-2399
- DEBIAN-DSA-2403
- DEBIAN-DSA-2491
- OSVDB-72644
- OSVDB-78819
- REDHAT-RHSA-2011:1377
- REDHAT-RHSA-2011:1378
- REDHAT-RHSA-2011:1423
- REDHAT-RHSA-2012:0019
- REDHAT-RHSA-2012:0071
- REDHAT-RHSA-2012:0092
- REDHAT-RHSA-2012:0546
- REDHAT-RHSA-2012:0547
- REDHAT-RHSA-2012:0568
- REDHAT-RHSA-2012:1037
- SUSE-SUSE-SA:2011:035
- URL: http://oss.oracle.com/pipermail/el-errata/2012-June/002894.html
- XF-66080
- XF-67606
- XF-67999
- XF-69319
- XF-71612
- XF-72021
- XF-72908
- XF-72911
Solution
oracle-linux-upgrade-phpRelated Vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2011-1471
- ELSA-2012-1037 Moderate: Oracle Linux postgresql and postgresql84 security update
- PHP Vulnerability: CVE-2011-3268
- Gentoo Linux: CVE-2011-3267: PHP: Multiple vulnerabilities
- F5 Networks: K13519 (CVE-2011-3267): Multiple PHP vulnerabilities
- OS X update for PHP (CVE-2012-2386)
- ELSA-2012-0677 Moderate: Oracle Linux postgresql security update
- OS X update for Note (CVE-2012-2386)
- OS X update for AirPort (CVE-2010-2950)
- SUSE Linux Security Vulnerability: CVE-2012-0789
- PHP Vulnerability: CVE-2011-1471
- PHP Vulnerability: CVE-2011-1470
- ELSA-2012-0092 Critical: Oracle Linux php53 security update
- HP System Management Homepage - HPSBMU02764 (CVE-2011-3267): Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
- Gentoo Linux: CVE-2012-1172: PHP: Multiple vulnerabilities
- OS X update for Address Book (CVE-2011-3267)
- HP System Management Homepage - HPSBMU02764 (CVE-2011-2202): Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
- RHSA-2011:1378: postgresql84 security update
- OS X update for PHP (CVE-2011-3268)
- Gentoo Linux: CVE-2011-4566: PHP: Multiple vulnerabilities
- PHP Vulnerability: CVE-2011-3267
- PHP Vulnerability: CVE-2011-2483
- RHSA-2012:1036: postgresql security update
- Amazon Linux AMI: Security patch for php (ALAS-2012-37) (multiple CVEs)
- Cent OS: CVE-2011-1148: CESA-2012:0033 (php)
- SUSE Linux Security Vulnerability: CVE-2011-1148
- USN-1461-1: PostgreSQL vulnerabilities
- OS X update for PHP (CVE-2012-2143)
- ELSA-2012-0019 Moderate: Oracle Linux php53 and php security update
- SUSE Linux Security Vulnerability: CVE-2012-2386
- OS X update for Note (CVE-2012-1823)
- Gentoo Linux: CVE-2011-0708: PHP: Multiple vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2011-1466
- ELSA-2011-1378 Moderate: Oracle Linux postgresql84 security update
- RHSA-2012:0570: php security update
- SUSE Linux Security Vulnerability: CVE-2010-2950
- Sun Patch: SunOS 5.10: PostgreSQL 8.3 source code patch
- F5 Networks: K13519 (CVE-2012-0830): Multiple PHP vulnerabilities
- Gentoo Linux: CVE-2012-1823: PHP: Multiple vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2011-4885
- Cent OS: CVE-2011-1466: CESA-2012:0071 (php)
- PHP Vulnerability: CVE-2011-4885
- OS X update for Address Book (CVE-2011-3268)
- DSA-2491-1 postgresql-8.4 -- several vulnerabilities
- HP-UX: CVE-2011-4153: Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)
- OS X security update 2011-006 for PHP (CVE-2011-1468)
- ELSA-2011-1423 Moderate: Oracle Linux php53 and php security update
- F5 Networks: K13519 (CVE-2011-4566): Multiple PHP vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2012-0781
- ELSA-2013-0514 Moderate: Oracle Linux php security, bug fix and enhancement update
- SUSE Linux Security Vulnerability: CVE-2012-1172
- OS X update for PHP (CVE-2011-4885)
- FreeBSD: php -- multiple vulnerabilities (Multiple CVEs)
- Cent OS: CVE-2011-4566: CESA-2012:0071 (php)
- OS X update for PHP (CVE-2012-0830)
- Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 documentation patch
- HP System Management Homepage - HPSBMU02764 (CVE-2011-1468): Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
- RHSA-2012:0033: php security update
- Gentoo Linux: CVE-2012-0830: PHP: Multiple vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2012-0830
- SUSE Linux Security Vulnerability: CVE-2011-3268
- PHP Vulnerability: CVE-2012-2386
- Cent OS: CVE-2011-2483: CESA-2011:1377 (postgresql)
- F5 Networks: K13519 (CVE-2011-3268): Multiple PHP vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2012-2143
- SUSE Linux Security Advisory: SUSE-SR:2010:017
- Gentoo Linux: CVE-2011-2202: PHP: Multiple vulnerabilities
- Amazon Linux AMI: Security patch for php (ALAS-2011-07) (multiple CVEs)
- ELSA-2012-0093 Critical: Oracle Linux php security update
- PHP Vulnerability: CVE-2011-2202
- ELSA-2012-0071 Moderate: Oracle Linux php security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- PHP Vulnerability: CVE-2012-0781
- OS X update for Apache (CVE-2011-1466)
- RHSA-2012:1037: postgresql and postgresql84 security update
- OS X update for PHP (CVE-2011-3267)
- PHP Vulnerability: CVE-2011-4153
- OS X update for PHP (CVE-2011-1148)
- SUSE Linux Security Vulnerability: CVE-2012-2336
- Amazon Linux AMI: Security patch for php (ALAS-2012-95) (multiple CVEs)
- PHP Vulnerability: CVE-2012-2336
- PostgreSQL class C vulnerability in contrib module: CVE-2012-2143
- Cent OS: CVE-2011-1468: CESA-2011:1423 (php53)
- HP-UX: CVE-2012-1172: Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)
- Cent OS: CVE-2011-1938: CESA-2011:1423 (php53)
- OS X update for Note (CVE-2012-1172)
- USN-1126-1: PHP vulnerabilities
- RHSA-2012:0093: php security update
- Cent OS: CVE-2012-0830: CESA-2012:0093 (php)
- SUSE Linux Security Vulnerability: CVE-2011-4566
- Gentoo Linux: CVE-2011-3268: PHP: Multiple vulnerabilities
- OS X security update 2011-006 for PHP (CVE-2011-0708)
- SUSE Linux Security Vulnerability: CVE-2011-1468
- OS X security update 2011-006 for PHP (CVE-2011-1471)
- USN-1229-1: PostgreSQL vulnerability
- OS X update for Apache (CVE-2011-1468)
- Gentoo Linux: CVE-2012-0057: PHP: Multiple vulnerabilities
- PHP Vulnerability: CVE-2012-0830
- OS X update for PHP (CVE-2011-2483)
- USN-1307-1: PHP vulnerability