Gentoo Security Advisory GLSA 200504-15 (PHP) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200504-15.

Solution

All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-php/php-4.3.11' All mod_php users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-php/mod_php-4.3.11' All php-cgi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-php/php-cgi-4.3.11' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200504-15 http://bugs.gentoo.org/show_bug.cgi?id=87517 http://www.php.net/release_4_3_11.php

Insight

Several vulnerabilities were found and fixed in PHP image handling functions, potentially resulting in Denial of Service conditions or the remote execution of arbitrary code.

Severity

Classification

CVE CVE-2005-0524, CVE-2005-0525, CVE-2005-1042, CVE-2005-1043
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200406-14 (aspell)
Gentoo Security Advisory GLSA 200409-03 (Python)
Gentoo Security Advisory GLSA 200404-12 (scorched3d)
Gentoo Security Advisory GLSA 200311-01 (kdebase)
Gentoo Security Advisory GLSA 200408-22 (mozilla)

Take action and discover your vulnerabilities