FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- multiple vulnerabilities

Affected packages
5.4 < php5 < 5.4.3
php5 < 5.3.13
php53 < 5.3.13
php52 < 5.2.17_9

Details

VuXML ID 59b68b1e-9c78-11e1-b5e0-000c299b62e1
Discovery 2012-05-08
Entry 2012-05-12

The PHP Development Team reports:

The release of PHP 5.4.13 and 5.4.3 complete a fix for the vulnerability in CGI-based setups as originally described in CVE-2012-1823. (CVE-2012-2311)

Note: mod_php and php-fpm are not vulnerable to this attack.

PHP 5.4.3 fixes a buffer overflow vulnerability in the apache_request_headers() (CVE-2012-2329).

[source]

References

CVE Name CVE-2012-1823
CVE Name CVE-2012-2311
CVE Name CVE-2012-2329

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.