Rapid7 Vulnerability & Exploit Database

RHSA-2012:0092: php53 security update

Back to Search

RHSA-2012:0092: php53 security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
02/06/2012
Created
07/25/2018
Added
02/06/2012
Modified
07/04/2017

Description

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Server.It was discovered that the fix for CVE-2011-4885 (released viaRHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introducedan uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly,execute arbitrary code. (CVE-2012-0830)All php53 users should upgrade to these updated packages, which contain abackported patch to resolve this issue. After installing the updatedpackages, the httpd daemon must be restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-php53
  • redhat-upgrade-php53-bcmath
  • redhat-upgrade-php53-cli
  • redhat-upgrade-php53-common
  • redhat-upgrade-php53-dba
  • redhat-upgrade-php53-devel
  • redhat-upgrade-php53-gd
  • redhat-upgrade-php53-imap
  • redhat-upgrade-php53-intl
  • redhat-upgrade-php53-ldap
  • redhat-upgrade-php53-mbstring
  • redhat-upgrade-php53-mysql
  • redhat-upgrade-php53-odbc
  • redhat-upgrade-php53-pdo
  • redhat-upgrade-php53-pgsql
  • redhat-upgrade-php53-process
  • redhat-upgrade-php53-pspell
  • redhat-upgrade-php53-snmp
  • redhat-upgrade-php53-soap
  • redhat-upgrade-php53-xml
  • redhat-upgrade-php53-xmlrpc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;