Описание
ELSA-2014-0311: php security update (CRITICAL)
[5.1.6-44]
- add security fixes for CVE-2006-7243, CVE-2009-0689
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
php
5.1.6-44.el5_10
php-bcmath
5.1.6-44.el5_10
php-cli
5.1.6-44.el5_10
php-common
5.1.6-44.el5_10
php-dba
5.1.6-44.el5_10
php-devel
5.1.6-44.el5_10
php-gd
5.1.6-44.el5_10
php-imap
5.1.6-44.el5_10
php-ldap
5.1.6-44.el5_10
php-mbstring
5.1.6-44.el5_10
php-mysql
5.1.6-44.el5_10
php-ncurses
5.1.6-44.el5_10
php-odbc
5.1.6-44.el5_10
php-pdo
5.1.6-44.el5_10
php-pgsql
5.1.6-44.el5_10
php-snmp
5.1.6-44.el5_10
php-soap
5.1.6-44.el5_10
php-xml
5.1.6-44.el5_10
php-xmlrpc
5.1.6-44.el5_10
Oracle Linux x86_64
php
5.1.6-44.el5_10
php-bcmath
5.1.6-44.el5_10
php-cli
5.1.6-44.el5_10
php-common
5.1.6-44.el5_10
php-dba
5.1.6-44.el5_10
php-devel
5.1.6-44.el5_10
php-gd
5.1.6-44.el5_10
php-imap
5.1.6-44.el5_10
php-ldap
5.1.6-44.el5_10
php-mbstring
5.1.6-44.el5_10
php-mysql
5.1.6-44.el5_10
php-ncurses
5.1.6-44.el5_10
php-odbc
5.1.6-44.el5_10
php-pdo
5.1.6-44.el5_10
php-pgsql
5.1.6-44.el5_10
php-snmp
5.1.6-44.el5_10
php-soap
5.1.6-44.el5_10
php-xml
5.1.6-44.el5_10
php-xmlrpc
5.1.6-44.el5_10
Oracle Linux i386
php
5.1.6-44.el5_10
php-bcmath
5.1.6-44.el5_10
php-cli
5.1.6-44.el5_10
php-common
5.1.6-44.el5_10
php-dba
5.1.6-44.el5_10
php-devel
5.1.6-44.el5_10
php-gd
5.1.6-44.el5_10
php-imap
5.1.6-44.el5_10
php-ldap
5.1.6-44.el5_10
php-mbstring
5.1.6-44.el5_10
php-mysql
5.1.6-44.el5_10
php-ncurses
5.1.6-44.el5_10
php-odbc
5.1.6-44.el5_10
php-pdo
5.1.6-44.el5_10
php-pgsql
5.1.6-44.el5_10
php-snmp
5.1.6-44.el5_10
php-soap
5.1.6-44.el5_10
php-xml
5.1.6-44.el5_10
php-xmlrpc
5.1.6-44.el5_10
Связанные CVE
Связанные уязвимости
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
PHP before 5.3.4 accepts the \0 character in a pathname, which might a ...
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.