rhsa-2009_0350
Vulnerability from csaf_redhat
Published
2009-04-14 17:14
Modified
2024-11-22 02:34
Summary
Red Hat Security Advisory: php security update
Notes
Topic
Updated php packages that fix several security issues are now available for
Red Hat Application Stack v2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
remote attacker able to pass arbitrary input to a PHP script using mbstring
conversion functions could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-5557)
A flaw was found in the handling of the "mbstring.func_overload"
configuration setting. A value set for one virtual host, or in a user's
.htaccess file, was incorrectly applied to other virtual hosts on the same
server, causing the handling of multibyte character strings to not work
correctly. (CVE-2009-0754)
A directory traversal flaw was found in PHP's ZipArchive::extractTo
function. If PHP is used to extract a malicious ZIP archive, it could allow
an attacker to write arbitrary files anywhere the PHP process has write
permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it
could cause the PHP interpreter to crash or, possibly, execute arbitrary
code. (CVE-2008-3658)
A flaw was found in the way PHP handled certain file extensions when
running in FastCGI mode. If the PHP interpreter was being executed via
FastCGI, a remote attacker could create a request which would cause the PHP
interpreter to crash. (CVE-2008-3660)
A memory disclosure flaw was found in the PHP gd extension's imagerotate
function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions
of the PHP interpreter's memory. (CVE-2008-5498)
A cross-site scripting flaw was found in a way PHP reported errors for
invalid cookies. If the PHP interpreter had "display_errors" enabled, a
remote attacker able to set a specially-crafted cookie on a victim's system
could possibly inject arbitrary HTML into an error message generated by
PHP. (CVE-2008-5814)
A flaw was found in PHP's json_decode function. A remote attacker could use
this flaw to create a specially-crafted string which could cause the PHP
interpreter to crash while being decoded in a PHP script. (CVE-2009-1271)
All php users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. The httpd web server
must be restarted for the changes to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated php packages that fix several security issues are now available for\nRed Hat Application Stack v2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP\u0027s mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user\u0027s\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP\u0027s ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP\u0027s imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension\u0027s imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter\u0027s memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim\u0027s system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP\u0027s json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:0350", "url": "https://access.redhat.com/errata/RHSA-2009:0350" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "459529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529" }, { "category": "external", "summary": "459572", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572" }, { "category": "external", "summary": "474824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824" }, { "category": "external", "summary": "478425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425" }, { "category": "external", "summary": "478848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848" }, { "category": "external", "summary": "479272", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272" }, { "category": "external", "summary": "480167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167" }, { "category": "external", "summary": "494530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0350.json" } ], "title": "Red Hat Security Advisory: php security update", "tracking": { "current_release_date": "2024-11-22T02:34:44+00:00", "generator": { "date": "2024-11-22T02:34:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:0350", "initial_release_date": "2009-04-14T17:14:00+00:00", "revision_history": [ { "date": "2009-04-14T17:14:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-04-14T13:14:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T02:34:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product": { "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_stack:2" } } } ], "category": "product_family", "name": "Red Hat Application Stack" }, { "branches": [ { "category": "product_version", "name": "php-pdo-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-pdo-0:5.2.6-4.el5s2.x86_64", "product_id": "php-pdo-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64", "product_id": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-bcmath-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-bcmath-0:5.2.6-4.el5s2.x86_64", "product_id": "php-bcmath-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-imap-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-imap-0:5.2.6-4.el5s2.x86_64", "product_id": "php-imap-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-snmp-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-snmp-0:5.2.6-4.el5s2.x86_64", "product_id": "php-snmp-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-ldap-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-ldap-0:5.2.6-4.el5s2.x86_64", "product_id": "php-ldap-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-gd-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-gd-0:5.2.6-4.el5s2.x86_64", "product_id": "php-gd-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-devel-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-devel-0:5.2.6-4.el5s2.x86_64", "product_id": "php-devel-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-mysql-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-mysql-0:5.2.6-4.el5s2.x86_64", "product_id": "php-mysql-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-0:5.2.6-4.el5s2.x86_64", "product_id": "php-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-dba-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-dba-0:5.2.6-4.el5s2.x86_64", "product_id": "php-dba-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-soap-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-soap-0:5.2.6-4.el5s2.x86_64", "product_id": "php-soap-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-common-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-common-0:5.2.6-4.el5s2.x86_64", "product_id": "php-common-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-odbc-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-odbc-0:5.2.6-4.el5s2.x86_64", "product_id": "php-odbc-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-ncurses-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-ncurses-0:5.2.6-4.el5s2.x86_64", "product_id": "php-ncurses-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-cli-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-cli-0:5.2.6-4.el5s2.x86_64", "product_id": "php-cli-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-xml-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-xml-0:5.2.6-4.el5s2.x86_64", "product_id": "php-xml-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64", "product_id": "php-debuginfo-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-pgsql-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-pgsql-0:5.2.6-4.el5s2.x86_64", "product_id": "php-pgsql-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "php-mbstring-0:5.2.6-4.el5s2.x86_64", "product": { "name": "php-mbstring-0:5.2.6-4.el5s2.x86_64", "product_id": "php-mbstring-0:5.2.6-4.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "php-pdo-0:5.2.6-4.el5s2.i386", "product": { "name": "php-pdo-0:5.2.6-4.el5s2.i386", "product_id": "php-pdo-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-xmlrpc-0:5.2.6-4.el5s2.i386", "product": { "name": "php-xmlrpc-0:5.2.6-4.el5s2.i386", "product_id": "php-xmlrpc-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-bcmath-0:5.2.6-4.el5s2.i386", "product": { "name": "php-bcmath-0:5.2.6-4.el5s2.i386", "product_id": "php-bcmath-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-imap-0:5.2.6-4.el5s2.i386", "product": { "name": "php-imap-0:5.2.6-4.el5s2.i386", "product_id": "php-imap-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-snmp-0:5.2.6-4.el5s2.i386", "product": { "name": "php-snmp-0:5.2.6-4.el5s2.i386", "product_id": "php-snmp-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-ldap-0:5.2.6-4.el5s2.i386", "product": { "name": "php-ldap-0:5.2.6-4.el5s2.i386", "product_id": "php-ldap-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-gd-0:5.2.6-4.el5s2.i386", "product": { "name": "php-gd-0:5.2.6-4.el5s2.i386", "product_id": "php-gd-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-devel-0:5.2.6-4.el5s2.i386", "product": { "name": "php-devel-0:5.2.6-4.el5s2.i386", "product_id": "php-devel-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-mysql-0:5.2.6-4.el5s2.i386", "product": { "name": "php-mysql-0:5.2.6-4.el5s2.i386", "product_id": "php-mysql-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-0:5.2.6-4.el5s2.i386", "product": { "name": "php-0:5.2.6-4.el5s2.i386", "product_id": "php-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-dba-0:5.2.6-4.el5s2.i386", "product": { "name": "php-dba-0:5.2.6-4.el5s2.i386", "product_id": "php-dba-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-soap-0:5.2.6-4.el5s2.i386", "product": { "name": "php-soap-0:5.2.6-4.el5s2.i386", "product_id": "php-soap-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-common-0:5.2.6-4.el5s2.i386", "product": { "name": "php-common-0:5.2.6-4.el5s2.i386", "product_id": "php-common-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-odbc-0:5.2.6-4.el5s2.i386", "product": { "name": "php-odbc-0:5.2.6-4.el5s2.i386", "product_id": "php-odbc-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-ncurses-0:5.2.6-4.el5s2.i386", "product": { "name": "php-ncurses-0:5.2.6-4.el5s2.i386", "product_id": "php-ncurses-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-cli-0:5.2.6-4.el5s2.i386", "product": { "name": "php-cli-0:5.2.6-4.el5s2.i386", "product_id": "php-cli-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-xml-0:5.2.6-4.el5s2.i386", "product": { "name": "php-xml-0:5.2.6-4.el5s2.i386", "product_id": "php-xml-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-debuginfo-0:5.2.6-4.el5s2.i386", "product": { "name": "php-debuginfo-0:5.2.6-4.el5s2.i386", "product_id": "php-debuginfo-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-pgsql-0:5.2.6-4.el5s2.i386", "product": { "name": "php-pgsql-0:5.2.6-4.el5s2.i386", "product_id": "php-pgsql-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=i386" } } }, { "category": "product_version", "name": "php-mbstring-0:5.2.6-4.el5s2.i386", "product": { "name": "php-mbstring-0:5.2.6-4.el5s2.i386", "product_id": "php-mbstring-0:5.2.6-4.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "php-0:5.2.6-4.el5s2.src", "product": { "name": "php-0:5.2.6-4.el5s2.src", "product_id": "php-0:5.2.6-4.el5s2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "php-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-0:5.2.6-4.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.src" }, "product_reference": "php-0:5.2.6-4.el5s2.src", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-bcmath-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-bcmath-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-bcmath-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-bcmath-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-cli-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-cli-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-cli-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-cli-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-common-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-common-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-common-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-common-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-dba-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-dba-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-dba-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-dba-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-debuginfo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-debuginfo-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-debuginfo-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-devel-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-devel-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-devel-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-devel-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-gd-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-gd-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-gd-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-gd-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-imap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-imap-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-imap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-imap-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-ldap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-ldap-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-ldap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-ldap-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-mbstring-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-mbstring-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-mbstring-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-mbstring-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-mysql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-mysql-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-mysql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-mysql-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-ncurses-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-ncurses-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-ncurses-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-ncurses-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-odbc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-odbc-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-odbc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-odbc-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-pdo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-pdo-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-pdo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-pdo-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-pgsql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-pgsql-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-pgsql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-pgsql-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-snmp-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-snmp-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-snmp-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-snmp-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-soap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-soap-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-soap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-soap-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-xml-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-xml-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-xml-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-xml-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-xmlrpc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386" }, "product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" }, "product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-3658", "discovery_date": "2008-08-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "459529" } ], "notes": [ { "category": "description", "text": "Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.", "title": "Vulnerability description" }, { "category": "summary", "text": "php: buffer overflow in the imageloadfont function in gd extension", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3658" }, { "category": "external", "summary": "RHBZ#459529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3658", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3658" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658" } ], "release_date": "2008-08-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-04-14T17:14:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0350" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "php: buffer overflow in the imageloadfont function in gd extension" }, { "cve": "CVE-2008-3660", "discovery_date": "2008-08-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "459572" } ], "notes": [ { "category": "description", "text": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.", "title": "Vulnerability description" }, { "category": "summary", "text": "php: FastCGI module DoS via multiple dots preceding the extension", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3660" }, { "category": "external", "summary": "RHBZ#459572", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3660", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660" } ], "release_date": "2008-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-04-14T17:14:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0350" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "php: FastCGI module DoS via multiple dots preceding the extension" }, { "cve": "CVE-2008-5498", "discovery_date": "2008-12-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "478425" } ], "notes": [ { "category": "description", "text": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.", "title": "Vulnerability description" }, { "category": "summary", "text": "php: libgd imagerotate() array index error memory disclosure", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5498" }, { "category": "external", "summary": "RHBZ#478425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5498", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498" } ], "release_date": "2008-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-04-14T17:14:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0350" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "php: libgd imagerotate() array index error memory disclosure" }, { "cve": "CVE-2008-5557", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2008-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "478848" } ], "notes": [ { "category": "description", "text": "Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.", "title": "Vulnerability description" }, { "category": "summary", "text": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5557" }, { "category": "external", "summary": "RHBZ#478848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5557", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557" } ], "release_date": "2008-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-04-14T17:14:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0350" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)" }, { "cve": "CVE-2008-5658", "discovery_date": "2008-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "474824" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.", "title": "Statement" } ], "product_status": { "fixed": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5658" }, { "category": "external", "summary": "RHBZ#474824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5658", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5658" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658" } ], "release_date": "2008-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-04-14T17:14:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0350" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability" }, { "cve": "CVE-2008-5814", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2009-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "480167" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.", "title": "Vulnerability description" }, { "category": "summary", "text": "php: XSS via PHP error messages", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5814" }, { "category": "external", "summary": "RHBZ#480167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5814", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5814" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814" } ], "release_date": "2008-12-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-04-14T17:14:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0350" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "php: XSS via PHP error messages" }, { "cve": "CVE-2009-0754", "discovery_date": "2009-01-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "479272" } ], "notes": [ { "category": "description", "text": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.", "title": "Vulnerability description" }, { "category": "summary", "text": "PHP mbstring.func_overload web server denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0754" }, { "category": "external", "summary": "RHBZ#479272", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0754", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0754" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754" } ], "release_date": "2004-02-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-04-14T17:14:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0350" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "PHP mbstring.func_overload web server denial of service" }, { "cve": "CVE-2009-1271", "discovery_date": "2009-02-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "494530" } ], "notes": [ { "category": "description", "text": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.", "title": "Vulnerability description" }, { "category": "summary", "text": "php: crash on malformed input in json_decode()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1271" }, { "category": "external", "summary": "RHBZ#494530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1271", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1271" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271" } ], "release_date": "2008-12-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-04-14T17:14:00+00:00", "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:0350" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-Stacks:php-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-0:5.2.6-4.el5s2.src", "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "php: crash on malformed input in json_decode()" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.