PHP: Multiple vulnerabilities

PHP: Multiple vulnerabilities Multiple vulnerabilities were found in PHP, the worst of which lead to remote execution of arbitrary code. php September 24, 2012 September 24, 2012: 1 384301 396311 396533 399247 399567 399573 401997 410957 414553 421489 427354 429630 remote 5.3.15 5.4.5 5.3.15 5.4.5

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, create arbitrary files, conduct directory traversal attacks, bypass protection mechanisms, or perform further attacks with unspecified impact.

There is no known workaround at this time.

All PHP users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.15"

All PHP users on ARM should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.5"

CVE-2011-1398 CVE-2011-3379 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 CVE-2012-0788 CVE-2012-0789 CVE-2012-0830 CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2386 CVE-2012-2688 CVE-2012-3365 CVE-2012-3450 ago ackle