ELSA-2012-0093 -- Oracle phpID: oval:org.secpod.oval:def:1503853 | Date: (C)2021-01-08 (M)2023-12-07 |
Class: PATCH | Family: unix |
Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. Description PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.