CentOS Update For Php CESA-2012:0093 Centos4 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

Affected

php on CentOS 4

References

http://lists.centos.org/pipermail/centos-announce/2012-February/018418.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4885, CVE-2012-0830

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0325 (seamonkey)
CentOS Security Advisory CESA-2009:0018 (xterm)
CentOS Security Advisory CESA-2009:1127 (kdelibs)
CentOS Security Advisory CESA-2009:0325-01 (seamonkey)
CentOS Security Advisory CESA-2009:0354 (evolution-data-server)

CentOS Update for php CESA-2012:0093 centos4

Take action and discover your vulnerabilities