Gentoo Security Advisory GLSA 200504-15 (PHP) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200504-15.

Solution

All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-php/php-4.3.11' All mod_php users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-php/mod_php-4.3.11' All php-cgi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-php/php-cgi-4.3.11' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200504-15 http://bugs.gentoo.org/show_bug.cgi?id=87517 http://www.php.net/release_4_3_11.php

Insight

Several vulnerabilities were found and fixed in PHP image handling functions, potentially resulting in Denial of Service conditions or the remote execution of arbitrary code.

Severity

Classification

CVE CVE-2005-0524, CVE-2005-0525, CVE-2005-1042, CVE-2005-1043

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200403-02 (Kernel)
Gentoo Security Advisory GLSA 200405-24 (mplayer)
Gentoo Security Advisory GLSA 200407-14 (Unreal Tournament)
Gentoo Security Advisory GLSA 200408-01 (MPlayer)
Gentoo Security Advisory GLSA 200407-06 (libpng)

Take action and discover your vulnerabilities