CentOS Update For Php53 CESA-2012:0092 Centos5 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

Affected

php53 on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2012-February/018416.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4885, CVE-2012-0830

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
CentOS Security Advisory CESA-2009:0019-01 (hanterm-xf)
CentOS Security Advisory CESA-2009:1154 (dhcp)
CentOS Security Advisory CESA-2009:0333 (libpng)
CentOS Security Advisory CESA-2009:0398-01 (seamonkey)

CentOS Update for php53 CESA-2012:0092 centos5

Take action and discover your vulnerabilities