Описание
ELSA-2011-1423: php53 and php security update (MODERATE)
[5.3.3-3.3]
- improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH
[5.3.3-3.1]
- add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740731)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
php
5.3.3-3.el6_1.3
php-bcmath
5.3.3-3.el6_1.3
php-cli
5.3.3-3.el6_1.3
php-common
5.3.3-3.el6_1.3
php-dba
5.3.3-3.el6_1.3
php-devel
5.3.3-3.el6_1.3
php-embedded
5.3.3-3.el6_1.3
php-enchant
5.3.3-3.el6_1.3
php-gd
5.3.3-3.el6_1.3
php-imap
5.3.3-3.el6_1.3
php-intl
5.3.3-3.el6_1.3
php-ldap
5.3.3-3.el6_1.3
php-mbstring
5.3.3-3.el6_1.3
php-mysql
5.3.3-3.el6_1.3
php-odbc
5.3.3-3.el6_1.3
php-pdo
5.3.3-3.el6_1.3
php-pgsql
5.3.3-3.el6_1.3
php-process
5.3.3-3.el6_1.3
php-pspell
5.3.3-3.el6_1.3
php-recode
5.3.3-3.el6_1.3
php-snmp
5.3.3-3.el6_1.3
php-soap
5.3.3-3.el6_1.3
php-tidy
5.3.3-3.el6_1.3
php-xml
5.3.3-3.el6_1.3
php-xmlrpc
5.3.3-3.el6_1.3
php-zts
5.3.3-3.el6_1.3
Oracle Linux i686
php
5.3.3-3.el6_1.3
php-bcmath
5.3.3-3.el6_1.3
php-cli
5.3.3-3.el6_1.3
php-common
5.3.3-3.el6_1.3
php-dba
5.3.3-3.el6_1.3
php-devel
5.3.3-3.el6_1.3
php-embedded
5.3.3-3.el6_1.3
php-enchant
5.3.3-3.el6_1.3
php-gd
5.3.3-3.el6_1.3
php-imap
5.3.3-3.el6_1.3
php-intl
5.3.3-3.el6_1.3
php-ldap
5.3.3-3.el6_1.3
php-mbstring
5.3.3-3.el6_1.3
php-mysql
5.3.3-3.el6_1.3
php-odbc
5.3.3-3.el6_1.3
php-pdo
5.3.3-3.el6_1.3
php-pgsql
5.3.3-3.el6_1.3
php-process
5.3.3-3.el6_1.3
php-pspell
5.3.3-3.el6_1.3
php-recode
5.3.3-3.el6_1.3
php-snmp
5.3.3-3.el6_1.3
php-soap
5.3.3-3.el6_1.3
php-tidy
5.3.3-3.el6_1.3
php-xml
5.3.3-3.el6_1.3
php-xmlrpc
5.3.3-3.el6_1.3
php-zts
5.3.3-3.el6_1.3
Oracle Linux 5
Oracle Linux ia64
php53
5.3.3-1.el5_7.3
php53-bcmath
5.3.3-1.el5_7.3
php53-cli
5.3.3-1.el5_7.3
php53-common
5.3.3-1.el5_7.3
php53-dba
5.3.3-1.el5_7.3
php53-devel
5.3.3-1.el5_7.3
php53-gd
5.3.3-1.el5_7.3
php53-imap
5.3.3-1.el5_7.3
php53-intl
5.3.3-1.el5_7.3
php53-ldap
5.3.3-1.el5_7.3
php53-mbstring
5.3.3-1.el5_7.3
php53-mysql
5.3.3-1.el5_7.3
php53-odbc
5.3.3-1.el5_7.3
php53-pdo
5.3.3-1.el5_7.3
php53-pgsql
5.3.3-1.el5_7.3
php53-process
5.3.3-1.el5_7.3
php53-pspell
5.3.3-1.el5_7.3
php53-snmp
5.3.3-1.el5_7.3
php53-soap
5.3.3-1.el5_7.3
php53-xml
5.3.3-1.el5_7.3
php53-xmlrpc
5.3.3-1.el5_7.3
Oracle Linux x86_64
php53
5.3.3-1.el5_7.3
php53-bcmath
5.3.3-1.el5_7.3
php53-cli
5.3.3-1.el5_7.3
php53-common
5.3.3-1.el5_7.3
php53-dba
5.3.3-1.el5_7.3
php53-devel
5.3.3-1.el5_7.3
php53-gd
5.3.3-1.el5_7.3
php53-imap
5.3.3-1.el5_7.3
php53-intl
5.3.3-1.el5_7.3
php53-ldap
5.3.3-1.el5_7.3
php53-mbstring
5.3.3-1.el5_7.3
php53-mysql
5.3.3-1.el5_7.3
php53-odbc
5.3.3-1.el5_7.3
php53-pdo
5.3.3-1.el5_7.3
php53-pgsql
5.3.3-1.el5_7.3
php53-process
5.3.3-1.el5_7.3
php53-pspell
5.3.3-1.el5_7.3
php53-snmp
5.3.3-1.el5_7.3
php53-soap
5.3.3-1.el5_7.3
php53-xml
5.3.3-1.el5_7.3
php53-xmlrpc
5.3.3-1.el5_7.3
Oracle Linux i386
php53
5.3.3-1.el5_7.3
php53-bcmath
5.3.3-1.el5_7.3
php53-cli
5.3.3-1.el5_7.3
php53-common
5.3.3-1.el5_7.3
php53-dba
5.3.3-1.el5_7.3
php53-devel
5.3.3-1.el5_7.3
php53-gd
5.3.3-1.el5_7.3
php53-imap
5.3.3-1.el5_7.3
php53-intl
5.3.3-1.el5_7.3
php53-ldap
5.3.3-1.el5_7.3
php53-mbstring
5.3.3-1.el5_7.3
php53-mysql
5.3.3-1.el5_7.3
php53-odbc
5.3.3-1.el5_7.3
php53-pdo
5.3.3-1.el5_7.3
php53-pgsql
5.3.3-1.el5_7.3
php53-process
5.3.3-1.el5_7.3
php53-pspell
5.3.3-1.el5_7.3
php53-snmp
5.3.3-1.el5_7.3
php53-soap
5.3.3-1.el5_7.3
php53-xml
5.3.3-1.el5_7.3
php53-xmlrpc
5.3.3-1.el5_7.3
Ссылки на источники
Связанные уязвимости
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3. ...