Описание
ELSA-2012-1046: php security update (MODERATE)
[5.3.3-14]
- add security fix for CVE-2010-2950
[5.3.3-13]
- fix tests for CVE-2012-2143, CVE-2012-0789
[5.3.3-12]
- add fix for CVE-2012-2336
[5.3.3-11]
- add security fixes for CVE-2012-0781, CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2386
[5.3.3-9]
- correct detection of = in CVE-2012-1823 fix (#818607)
[5.3.3-8]
- add security fix for CVE-2012-1823 (#818607)
[5.3.3-7]
- add security fix for CVE-2012-0830 (#786744)
[5.3.3-6]
- merge Joe's changes:
- improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH
- add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740732)
[5.3.3-5]
- remove extra php.ini-prod/devel files caused by %patch -b
[5.3.3-4]
- add security fixes for CVE-2011-4885, CVE-2011-4566 (#769755)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
php
5.3.3-14.el6_3
php-bcmath
5.3.3-14.el6_3
php-cli
5.3.3-14.el6_3
php-common
5.3.3-14.el6_3
php-dba
5.3.3-14.el6_3
php-devel
5.3.3-14.el6_3
php-embedded
5.3.3-14.el6_3
php-enchant
5.3.3-14.el6_3
php-gd
5.3.3-14.el6_3
php-imap
5.3.3-14.el6_3
php-intl
5.3.3-14.el6_3
php-ldap
5.3.3-14.el6_3
php-mbstring
5.3.3-14.el6_3
php-mysql
5.3.3-14.el6_3
php-odbc
5.3.3-14.el6_3
php-pdo
5.3.3-14.el6_3
php-pgsql
5.3.3-14.el6_3
php-process
5.3.3-14.el6_3
php-pspell
5.3.3-14.el6_3
php-recode
5.3.3-14.el6_3
php-snmp
5.3.3-14.el6_3
php-soap
5.3.3-14.el6_3
php-tidy
5.3.3-14.el6_3
php-xml
5.3.3-14.el6_3
php-xmlrpc
5.3.3-14.el6_3
php-zts
5.3.3-14.el6_3
Oracle Linux i686
php
5.3.3-14.el6_3
php-bcmath
5.3.3-14.el6_3
php-cli
5.3.3-14.el6_3
php-common
5.3.3-14.el6_3
php-dba
5.3.3-14.el6_3
php-devel
5.3.3-14.el6_3
php-embedded
5.3.3-14.el6_3
php-enchant
5.3.3-14.el6_3
php-gd
5.3.3-14.el6_3
php-imap
5.3.3-14.el6_3
php-intl
5.3.3-14.el6_3
php-ldap
5.3.3-14.el6_3
php-mbstring
5.3.3-14.el6_3
php-mysql
5.3.3-14.el6_3
php-odbc
5.3.3-14.el6_3
php-pdo
5.3.3-14.el6_3
php-pgsql
5.3.3-14.el6_3
php-process
5.3.3-14.el6_3
php-pspell
5.3.3-14.el6_3
php-recode
5.3.3-14.el6_3
php-snmp
5.3.3-14.el6_3
php-soap
5.3.3-14.el6_3
php-tidy
5.3.3-14.el6_3
php-xml
5.3.3-14.el6_3
php-xmlrpc
5.3.3-14.el6_3
php-zts
5.3.3-14.el6_3
Ссылки на источники
Связанные уязвимости
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.