MDVSA-2012:093 -- Mandriva phpID: oval:org.secpod.oval:def:1300080 | Date: (C)2013-01-01 (M)2024-03-20 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been identified and fixed in php: There is a programming error in the DES implementation used in crypt in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set , that character and all characters after it will be ignored . An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service , or, potentially arbitary code execution with the privileges of the user running the application . The updated php packages have been upgraded to the 5.3.14 version which is not vulnerable to these issues.
Platform: |
Mandriva Enterprise Server 5.2 |