Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2408-1 (php5)
Summary:The remote host is missing an update to php5;announced via advisory DSA 2408-1.
The remote host is missing an update to php5
announced via advisory DSA 2408-1.

Vulnerability Insight:
Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:


It was discoverd that insecure handling of temporary files in the PEAR
installer could lead to denial of service.


Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the zend_strndup() function could lead to denial of service.


Maksymilian Arciemowicz discovered that a NULL pointer dereference in
the tidy_diagnose() function could lead to denial of service.


It was discovered that missing checks in the handling of PDORow
objects could lead to denial of service.


It was discovered that the magic_quotes_gpc setting could be disabled

This update also addresses PHP bugs, which are not treated as security issues
in Debian (see, but which were fixed nonetheless:
CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467
CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182

For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze8.

For the unstable distribution (sid), this problem has been fixed in
version 5.3.10-1.

We recommend that you upgrade your php5 packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1072
BugTraq ID: 46605
XForce ISS Database: pear-pear-installer-symlink(65721)
Common Vulnerability Exposure (CVE) ID: CVE-2011-4153
Bugtraq: 20120114 PHP 5.3.8 Multiple vulnerabilities (Google Search)
HPdes Security Advisory: HPSBMU02786
HPdes Security Advisory: HPSBUX02791
HPdes Security Advisory: SSRT100856
HPdes Security Advisory: SSRT100877
SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search)
SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-0781
Common Vulnerability Exposure (CVE) ID: CVE-2012-0788
Common Vulnerability Exposure (CVE) ID: CVE-2012-0831
BugTraq ID: 51954
RedHat Security Advisories: RHSA-2013:1307
XForce ISS Database: php-magicquotesgpc-sec-bypass(73125)
Common Vulnerability Exposure (CVE) ID: CVE-2010-4697
BugTraq ID: 45952
HPdes Security Advisory: HPSBOV02763
HPdes Security Advisory: SSRT100826
XForce ISS Database: php-zendengine-code-execution(65310)
Common Vulnerability Exposure (CVE) ID: CVE-2011-1092
BugTraq ID: 46786
XForce ISS Database: php-shmopread-overflow(65988)
Common Vulnerability Exposure (CVE) ID: CVE-2011-1148
BugTraq ID: 46843
BugTraq ID: 49241
XForce ISS Database: php-substrreplace-code-exec(66080)
Common Vulnerability Exposure (CVE) ID: CVE-2011-1464
Common Vulnerability Exposure (CVE) ID: CVE-2011-1467
BugTraq ID: 46968
Common Vulnerability Exposure (CVE) ID: CVE-2011-1468
BugTraq ID: 46977
Common Vulnerability Exposure (CVE) ID: CVE-2011-1469
BugTraq ID: 46970
Common Vulnerability Exposure (CVE) ID: CVE-2011-1470
BugTraq ID: 46969
Common Vulnerability Exposure (CVE) ID: CVE-2011-1657
BugTraq ID: 49252
Bugtraq: 20110819 PHP 5.3.6 ZipArchive invalid use glob(3) (Google Search)
XForce ISS Database: php-ziparchiveaddglob-dos(69320)
Common Vulnerability Exposure (CVE) ID: CVE-2011-3182
BugTraq ID: 49249
XForce ISS Database: php-library-functions-dos(69430)
Common Vulnerability Exposure (CVE) ID: CVE-2011-3267
XForce ISS Database: php-errorlog-dos(69428)
CopyrightCopyright (c) 2012 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.