ELSA-2012-0546

Опубликовано: 07 мая 2012

Источник: oracle-oval

Платформа: Oracle Linux 5

Платформа: Oracle Linux 6

Описание

ELSA-2012-0546: php security update (CRITICAL)

[5.3.3-3.8]

correct detection of = in CVE-2012-1823 fix (#818607)

[5.3.3-3.7]

add security fix for CVE-2012-1823 (#818607)

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

php

5.1.6-34.el5_8

php-bcmath

5.1.6-34.el5_8

php-cli

5.1.6-34.el5_8

php-common

5.1.6-34.el5_8

php-dba

5.1.6-34.el5_8

php-devel

5.1.6-34.el5_8

php-gd

5.1.6-34.el5_8

php-imap

5.1.6-34.el5_8

php-ldap

5.1.6-34.el5_8

php-mbstring

5.1.6-34.el5_8

php-mysql

5.1.6-34.el5_8

php-ncurses

5.1.6-34.el5_8

php-odbc

5.1.6-34.el5_8

php-pdo

5.1.6-34.el5_8

php-pgsql

5.1.6-34.el5_8

php-snmp

5.1.6-34.el5_8

php-soap

5.1.6-34.el5_8

php-xml

5.1.6-34.el5_8

php-xmlrpc

5.1.6-34.el5_8

Oracle Linux x86_64

php

5.1.6-34.el5_8

php-bcmath

5.1.6-34.el5_8

php-cli

5.1.6-34.el5_8

php-common

5.1.6-34.el5_8

php-dba

5.1.6-34.el5_8

php-devel

5.1.6-34.el5_8

php-gd

5.1.6-34.el5_8

php-imap

5.1.6-34.el5_8

php-ldap

5.1.6-34.el5_8

php-mbstring

5.1.6-34.el5_8

php-mysql

5.1.6-34.el5_8

php-ncurses

5.1.6-34.el5_8

php-odbc

5.1.6-34.el5_8

php-pdo

5.1.6-34.el5_8

php-pgsql

5.1.6-34.el5_8

php-snmp

5.1.6-34.el5_8

php-soap

5.1.6-34.el5_8

php-xml

5.1.6-34.el5_8

php-xmlrpc

5.1.6-34.el5_8

Oracle Linux i386

php

5.1.6-34.el5_8

php-bcmath

5.1.6-34.el5_8

php-cli

5.1.6-34.el5_8

php-common

5.1.6-34.el5_8

php-dba

5.1.6-34.el5_8

php-devel

5.1.6-34.el5_8

php-gd

5.1.6-34.el5_8

php-imap

5.1.6-34.el5_8

php-ldap

5.1.6-34.el5_8

php-mbstring

5.1.6-34.el5_8

php-mysql

5.1.6-34.el5_8

php-ncurses

5.1.6-34.el5_8

php-odbc

5.1.6-34.el5_8

php-pdo

5.1.6-34.el5_8

php-pgsql

5.1.6-34.el5_8

php-snmp

5.1.6-34.el5_8

php-soap

5.1.6-34.el5_8

php-xml

5.1.6-34.el5_8

php-xmlrpc

5.1.6-34.el5_8

Oracle Linux 6

Oracle Linux x86_64

php

5.3.3-3.el6_2.8

php-bcmath

5.3.3-3.el6_2.8

php-cli

5.3.3-3.el6_2.8

php-common

5.3.3-3.el6_2.8

php-dba

5.3.3-3.el6_2.8

php-devel

5.3.3-3.el6_2.8

php-embedded

5.3.3-3.el6_2.8

php-enchant

5.3.3-3.el6_2.8

php-gd

5.3.3-3.el6_2.8

php-imap

5.3.3-3.el6_2.8

php-intl

5.3.3-3.el6_2.8

php-ldap

5.3.3-3.el6_2.8

php-mbstring

5.3.3-3.el6_2.8

php-mysql

5.3.3-3.el6_2.8

php-odbc

5.3.3-3.el6_2.8

php-pdo

5.3.3-3.el6_2.8

php-pgsql

5.3.3-3.el6_2.8

php-process

5.3.3-3.el6_2.8

php-pspell

5.3.3-3.el6_2.8

php-recode

5.3.3-3.el6_2.8

php-snmp

5.3.3-3.el6_2.8

php-soap

5.3.3-3.el6_2.8

php-tidy

5.3.3-3.el6_2.8

php-xml

5.3.3-3.el6_2.8

php-xmlrpc

5.3.3-3.el6_2.8

php-zts

5.3.3-3.el6_2.8

Oracle Linux i686

php

5.3.3-3.el6_2.8

php-bcmath

5.3.3-3.el6_2.8

php-cli

5.3.3-3.el6_2.8

php-common

5.3.3-3.el6_2.8

php-dba

5.3.3-3.el6_2.8

php-devel

5.3.3-3.el6_2.8

php-embedded

5.3.3-3.el6_2.8

php-enchant

5.3.3-3.el6_2.8

php-gd

5.3.3-3.el6_2.8

php-imap

5.3.3-3.el6_2.8

php-intl

5.3.3-3.el6_2.8

php-ldap

5.3.3-3.el6_2.8

php-mbstring

5.3.3-3.el6_2.8

php-mysql

5.3.3-3.el6_2.8

php-odbc

5.3.3-3.el6_2.8

php-pdo

5.3.3-3.el6_2.8

php-pgsql

5.3.3-3.el6_2.8

php-process

5.3.3-3.el6_2.8

php-pspell

5.3.3-3.el6_2.8

php-recode

5.3.3-3.el6_2.8

php-snmp

5.3.3-3.el6_2.8

php-soap

5.3.3-3.el6_2.8

php-tidy

5.3.3-3.el6_2.8

php-xml

5.3.3-3.el6_2.8

php-xmlrpc

5.3.3-3.el6_2.8

php-zts

5.3.3-3.el6_2.8

Связанные CVE

CVE-2012-1823

Ссылки на источники

Связанные уязвимости

CVE-2012-1823

CVSS3: 9.8

ubuntu

около 13 лет назад

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.