Test ID:	1.3.6.1.4.1.25623.1.0.72420
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201209-03 (php)
Summary:	The remote host is missing updates announced in;advisory GLSA 201209-03.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 201209-03. Vulnerability Insight: Multiple vulnerabilities were found in PHP, the worst of which lead to remote execution of arbitrary code. Solution: All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.3.15' All PHP users on ARM should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.4.5' CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1398 https://bugs.php.net/bug.php?id=60227 http://article.gmane.org/gmane.comp.php.devel/70584 http://openwall.com/lists/oss-security/2012/08/29/5 http://openwall.com/lists/oss-security/2012/09/05/15 RedHat Security Advisories: RHSA-2013:1307 http://rhn.redhat.com/errata/RHSA-2013-1307.html http://www.securitytracker.com/id?1027463 http://secunia.com/advisories/55078 SuSE Security Announcement: SUSE-SU-2013:1315 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html http://www.ubuntu.com/usn/USN-1569-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-3379 20110923 Security issue is_a function in PHP 5.3.7+ http://www.securityfocus.com/archive/1/519770/30/0/threaded 8525 http://securityreason.com/securityalert/8525 HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 SSRT100877 http://svn.php.net/viewvc/?view=revision&revision=317183 http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/ https://bugs.php.net/bug.php?id=55475 https://bugzilla.redhat.com/show_bug.cgi?id=741020 Common Vulnerability Exposure (CVE) ID: CVE-2011-4566 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html BugTraq ID: 50907 http://www.securityfocus.com/bid/50907 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 http://www.redhat.com/support/errata/RHSA-2012-0019.html RedHat Security Advisories: RHSA-2012:0071 http://rhn.redhat.com/errata/RHSA-2012-0071.html http://secunia.com/advisories/47253 http://secunia.com/advisories/48668 SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html https://www.ubuntu.com/usn/USN-1307-1/ XForce ISS Database: php-exifprocessifdtag-dos(71612) https://exchange.xforce.ibmcloud.com/vulnerabilities/71612 Common Vulnerability Exposure (CVE) ID: CVE-2011-4885 BugTraq ID: 51193 http://www.securityfocus.com/bid/51193 Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html CERT/CC vulnerability note: VU#903934 http://www.kb.cert.org/vuls/id/903934 http://www.exploit-db.com/exploits/18296 http://www.exploit-db.com/exploits/18305 HPdes Security Advisory: HPSBMU02786 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: HPSBUX02741 http://marc.info/?l=bugtraq&m=132871655717248&w=2 HPdes Security Advisory: SSRT100728 HPdes Security Advisory: SSRT100826 HPdes Security Advisory: SSRT100877 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py http://www.securitytracker.com/id?1026473 http://secunia.com/advisories/47404 SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html XForce ISS Database: php-hash-dos(72021) https://exchange.xforce.ibmcloud.com/vulnerabilities/72021 Common Vulnerability Exposure (CVE) ID: CVE-2012-0057 http://openwall.com/lists/oss-security/2012/01/13/4 http://openwall.com/lists/oss-security/2012/01/13/10 http://openwall.com/lists/oss-security/2012/01/13/5 http://openwall.com/lists/oss-security/2012/01/13/6 http://openwall.com/lists/oss-security/2012/01/13/7 http://openwall.com/lists/oss-security/2012/01/14/1 http://openwall.com/lists/oss-security/2012/01/14/2 http://openwall.com/lists/oss-security/2012/01/14/3 http://openwall.com/lists/oss-security/2012/01/15/2 http://openwall.com/lists/oss-security/2012/01/15/1 http://openwall.com/lists/oss-security/2012/01/15/10 http://openwall.com/lists/oss-security/2012/01/18/3 SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html XForce ISS Database: php-libxslt-security-bypass(72908) https://exchange.xforce.ibmcloud.com/vulnerabilities/72908 Common Vulnerability Exposure (CVE) ID: CVE-2012-0788 Common Vulnerability Exposure (CVE) ID: CVE-2012-0789 Common Vulnerability Exposure (CVE) ID: CVE-2012-0830 1026631 http://securitytracker.com/id?1026631 47801 http://secunia.com/advisories/47801 47806 http://secunia.com/advisories/47806 47813 http://secunia.com/advisories/47813 48668 51830 http://www.securityfocus.com/bid/51830 78819 http://www.osvdb.org/78819 APPLE-SA-2012-05-09-1 DSA-2403 http://www.debian.org/security/2012/dsa-2403 HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 RHSA-2012:0092 http://rhn.redhat.com/errata/RHSA-2012-0092.html SSRT100856 SUSE-SU-2012:0411 [oss-security] 20120202 PHP remote code execution introduced via HashDoS fix http://openwall.com/lists/oss-security/2012/02/02/12 [oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix http://openwall.com/lists/oss-security/2012/02/03/1 http://support.apple.com/kb/HT5281 http://svn.php.net/viewvc?view=revision&revision=323007 http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html http://www.php.net/ChangeLog-5.php#5.3.10 https://gist.github.com/1725489 openSUSE-SU-2012:0426 php-phpregistervariableex-code-exec(72911) https://exchange.xforce.ibmcloud.com/vulnerabilities/72911 Common Vulnerability Exposure (CVE) ID: CVE-2012-0831 51954 http://www.securityfocus.com/bid/51954 55078 APPLE-SA-2012-09-19-2 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html FEDORA-2012-6907 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html FEDORA-2012-6911 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html RHSA-2013:1307 SUSE-SU-2012:0472 USN-1358-1 http://www.ubuntu.com/usn/USN-1358-1 http://support.apple.com/kb/HT5501 http://svn.php.net/viewvc?view=revision&revision=323016 https://launchpadlibrarian.net/92454212/php5_5.3.2-1ubuntu4.13.diff.gz php-magicquotesgpc-sec-bypass(73125) https://exchange.xforce.ibmcloud.com/vulnerabilities/73125 Common Vulnerability Exposure (CVE) ID: CVE-2012-1172 Debian Security Information: DSA-2465 (Google Search) http://www.debian.org/security/2012/dsa-2465 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html HPdes Security Advisory: HPSBUX02791 HPdes Security Advisory: SSRT100856 http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/ https://bugs.php.net/bug.php?id=48597 https://bugs.php.net/bug.php?id=49683 https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/ https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf http://openwall.com/lists/oss-security/2012/03/13/4 SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1823 CERT/CC vulnerability note: VU#520827 http://www.kb.cert.org/vuls/id/520827 CERT/CC vulnerability note: VU#673343 http://www.kb.cert.org/vuls/id/673343 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ http://www.mandriva.com/security/advisories?name=MDVSA-2012:068 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ http://www.openwall.com/lists/oss-security/2024/06/07/1 RedHat Security Advisories: RHSA-2012:0546 http://rhn.redhat.com/errata/RHSA-2012-0546.html RedHat Security Advisories: RHSA-2012:0547 http://rhn.redhat.com/errata/RHSA-2012-0547.html RedHat Security Advisories: RHSA-2012:0568 http://rhn.redhat.com/errata/RHSA-2012-0568.html RedHat Security Advisories: RHSA-2012:0569 http://rhn.redhat.com/errata/RHSA-2012-0569.html RedHat Security Advisories: RHSA-2012:0570 http://rhn.redhat.com/errata/RHSA-2012-0570.html http://www.securitytracker.com/id?1027022 http://secunia.com/advisories/49014 http://secunia.com/advisories/49065 http://secunia.com/advisories/49085 http://secunia.com/advisories/49087 SuSE Security Announcement: openSUSE-SU-2012:0590 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2143 Debian Security Information: DSA-2491 (Google Search) http://www.debian.org/security/2012/dsa-2491 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html FreeBSD Security Advisory: FreeBSD-SA-12:02 http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc http://www.mandriva.com/security/advisories?name=MDVSA-2012:092 RedHat Security Advisories: RHSA-2012:1037 http://rhn.redhat.com/errata/RHSA-2012-1037.html http://www.securitytracker.com/id?1026995 http://secunia.com/advisories/49304 http://secunia.com/advisories/50718 SuSE Security Announcement: SUSE-SU-2012:0840 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2311 1027022 49014 49085 DSA-2465 HPSBMU02900 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 SSRT100992 SUSE-SU-2012:0598 SUSE-SU-2012:0604 VU#520827 http://www.php.net/ChangeLog-5.php#5.4.3 http://www.php.net/archive/2012.php#id2012-05-08-1 https://bugs.php.net/bug.php?id=61910 https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1 openSUSE-SU-2012:0590 Common Vulnerability Exposure (CVE) ID: CVE-2012-2335 SUSE-SU-2012:0721 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html SUSE-SU-2012:0840 http://git.php.net/?p=php-src.git%3Ba=blob%3Bf=sapi/cgi/cgi_main.c%3Bh=a7ac26f0#l1569 http://www.php.net/archive/2012.php#id2012-05-06-1 php-phpwrapperfcgi-code-exec(75652) https://exchange.xforce.ibmcloud.com/vulnerabilities/75652 Common Vulnerability Exposure (CVE) ID: CVE-2012-2336 https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1 Common Vulnerability Exposure (CVE) ID: CVE-2012-2386 [oss-security] 20120522 Re: CVE request: PHP Phar - arbitrary code execution http://openwall.com/lists/oss-security/2012/05/22/10 http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=158d8a6b088662ce9d31e0c777c6ebe90efdc854 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=61065 https://bugzilla.redhat.com/show_bug.cgi?id=823594 Common Vulnerability Exposure (CVE) ID: CVE-2012-2688 BugTraq ID: 54638 http://www.securityfocus.com/bid/54638 Debian Security Information: DSA-2527 (Google Search) http://www.debian.org/security/2012/dsa-2527 http://www.mandriva.com/security/advisories?name=MDVSA-2012:108 http://www.securitytracker.com/id?1027287 SuSE Security Announcement: SUSE-SU-2012:1033 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html SuSE Security Announcement: SUSE-SU-2012:1034 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00022.html SuSE Security Announcement: openSUSE-SU-2012:0976 (Google Search) https://hermes.opensuse.org/messages/15376003 XForce ISS Database: php-phpstreamscandir-unspecified(77155) https://exchange.xforce.ibmcloud.com/vulnerabilities/77155 Common Vulnerability Exposure (CVE) ID: CVE-2012-3365 1027286 http://www.securitytracker.com/id?1027286 49969 http://secunia.com/advisories/49969 51178 http://secunia.com/advisories/51178 54612 http://www.securityfocus.com/bid/54612 84100 http://osvdb.org/84100 MDVSA-2012:108 SUSE-SU-2012:1033 SUSE-SU-2012:1034 openSUSE-SU-2012:0976 Common Vulnerability Exposure (CVE) ID: CVE-2012-3450 20120610 [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation http://seclists.org/bugtraq/2012/Jun/60 DSA-2527 USN-1569-1 [oss-security] 20120802 CVE Request: php5 pdo array overread/crash http://www.openwall.com/lists/oss-security/2012/08/02/3 [oss-security] 20120802 Re: CVE Request: php5 pdo array overread/crash http://www.openwall.com/lists/oss-security/2012/08/02/7 https://bugs.php.net/bug.php?id=61755 https://bugzilla.novell.com/show_bug.cgi?id=769785
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.