Rapid7 Vulnerability & Exploit Database

RHSA-2012:0093: php security update

Back to Search

RHSA-2012:0093: php security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
02/06/2012
Created
07/25/2018
Added
02/06/2012
Modified
07/04/2017

Description

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Server.It was discovered that the fix for CVE-2011-4885 (released viaRHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in RedHat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitializedmemory use flaw. A remote attacker could send a specially-crafted HTTPrequest to cause the PHP interpreter to crash or, possibly, executearbitrary code. (CVE-2012-0830)All php users should upgrade to these updated packages, which contain abackported patch to resolve this issue. After installing the updatedpackages, the httpd daemon must be restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-php
  • redhat-upgrade-php-bcmath
  • redhat-upgrade-php-cli
  • redhat-upgrade-php-common
  • redhat-upgrade-php-dba
  • redhat-upgrade-php-debuginfo
  • redhat-upgrade-php-devel
  • redhat-upgrade-php-domxml
  • redhat-upgrade-php-embedded
  • redhat-upgrade-php-enchant
  • redhat-upgrade-php-gd
  • redhat-upgrade-php-imap
  • redhat-upgrade-php-intl
  • redhat-upgrade-php-ldap
  • redhat-upgrade-php-mbstring
  • redhat-upgrade-php-mysql
  • redhat-upgrade-php-ncurses
  • redhat-upgrade-php-odbc
  • redhat-upgrade-php-pdo
  • redhat-upgrade-php-pear
  • redhat-upgrade-php-pgsql
  • redhat-upgrade-php-process
  • redhat-upgrade-php-pspell
  • redhat-upgrade-php-recode
  • redhat-upgrade-php-snmp
  • redhat-upgrade-php-soap
  • redhat-upgrade-php-tidy
  • redhat-upgrade-php-xml
  • redhat-upgrade-php-xmlrpc
  • redhat-upgrade-php-zts

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;