Описание
ELSA-2012-0547: php53 security update (CRITICAL)
[5.3.3-7]
- correct detection of = in CVE-2012-1823 fix (#818607)
[5.3.3-6]
- add security fix for CVE-2012-1823 (#818607)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
php53
5.3.3-7.el5_8
php53-bcmath
5.3.3-7.el5_8
php53-cli
5.3.3-7.el5_8
php53-common
5.3.3-7.el5_8
php53-dba
5.3.3-7.el5_8
php53-devel
5.3.3-7.el5_8
php53-gd
5.3.3-7.el5_8
php53-imap
5.3.3-7.el5_8
php53-intl
5.3.3-7.el5_8
php53-ldap
5.3.3-7.el5_8
php53-mbstring
5.3.3-7.el5_8
php53-mysql
5.3.3-7.el5_8
php53-odbc
5.3.3-7.el5_8
php53-pdo
5.3.3-7.el5_8
php53-pgsql
5.3.3-7.el5_8
php53-process
5.3.3-7.el5_8
php53-pspell
5.3.3-7.el5_8
php53-snmp
5.3.3-7.el5_8
php53-soap
5.3.3-7.el5_8
php53-xml
5.3.3-7.el5_8
php53-xmlrpc
5.3.3-7.el5_8
Oracle Linux x86_64
php53
5.3.3-7.el5_8
php53-bcmath
5.3.3-7.el5_8
php53-cli
5.3.3-7.el5_8
php53-common
5.3.3-7.el5_8
php53-dba
5.3.3-7.el5_8
php53-devel
5.3.3-7.el5_8
php53-gd
5.3.3-7.el5_8
php53-imap
5.3.3-7.el5_8
php53-intl
5.3.3-7.el5_8
php53-ldap
5.3.3-7.el5_8
php53-mbstring
5.3.3-7.el5_8
php53-mysql
5.3.3-7.el5_8
php53-odbc
5.3.3-7.el5_8
php53-pdo
5.3.3-7.el5_8
php53-pgsql
5.3.3-7.el5_8
php53-process
5.3.3-7.el5_8
php53-pspell
5.3.3-7.el5_8
php53-snmp
5.3.3-7.el5_8
php53-soap
5.3.3-7.el5_8
php53-xml
5.3.3-7.el5_8
php53-xmlrpc
5.3.3-7.el5_8
Oracle Linux i386
php53
5.3.3-7.el5_8
php53-bcmath
5.3.3-7.el5_8
php53-cli
5.3.3-7.el5_8
php53-common
5.3.3-7.el5_8
php53-dba
5.3.3-7.el5_8
php53-devel
5.3.3-7.el5_8
php53-gd
5.3.3-7.el5_8
php53-imap
5.3.3-7.el5_8
php53-intl
5.3.3-7.el5_8
php53-ldap
5.3.3-7.el5_8
php53-mbstring
5.3.3-7.el5_8
php53-mysql
5.3.3-7.el5_8
php53-odbc
5.3.3-7.el5_8
php53-pdo
5.3.3-7.el5_8
php53-pgsql
5.3.3-7.el5_8
php53-process
5.3.3-7.el5_8
php53-pspell
5.3.3-7.el5_8
php53-snmp
5.3.3-7.el5_8
php53-soap
5.3.3-7.el5_8
php53-xml
5.3.3-7.el5_8
php53-xmlrpc
5.3.3-7.el5_8
Связанные CVE
Связанные уязвимости
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.