remote code execution

Please Install the Updated Packages.

Numerous numerous vulnerabilities have been fixed in PHP. Most of them were made public during the &quot Month of PHP Bugs&quot project by Stefan Esser and we thank Stefan for his reports. The vulnerabilities potentially lead to crashes, information leaks or even execution of malicious code. A lot of them are fixed in the last PHP security releases, 5.2.2 and 4.4.7. CVE-2007-0988 / MOPB-05-2007: A unserialize problem in the zend_hash_init function could be used for a denial of service attack. CVE-2007-1001: Multiple integer overflows in the GD library embedded in PHP could potentially be used to execute code via crafted Wireless Bitmap images. CVE-2007-1375 / MOPB-14-2007: An integer overflow in the substr_compare function allows context-dependend attackers to read out memory of the PHP interpreter. CVE-2007-1376 / MOPB-15-2007: The shmop function does not validate its arguments, allowing context-dependend attackers to read and write arbitrary memory locations. CVE-2007-1380 / MOPB-10-2007: The php_binary serialization handler in the session extension allows context-dependend attackers to obtain sensitive information via a buffer over-read. CVE-2007-1383 / MOPB-01-2007: An integer overflow in the 16 Bit reference counter in PHP4 allows context-dependend attackers to execute arbitrary code by causing a value to be destroyed twice. CVE-2007-1453 / MOPB-19-2007: A buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the ext/filter extension allows context-dependend attackers to potentially execute arbitrary code. CVE-2007-1454 / MOPB-18-2007: The ext/filter extension in PHP when used with the FILTER_FLAG_STRIP_LOW flag does not properly strip HTML tags, allowing cross site scripting. CVE-2007-1460 / MOPB-20-2007: The zip:// URL wrapper provided by the PECL zip extension did not implement safemode or open_basedir checks, allowing attackers to read ZIP files outside of the intended directories. CVE-2007-1461 / MOPB-21-2007: The bzip2:// URL wrapper did not implement safemode or open_basedir checks, allowing attackers to read BZIP2 archives outside of the intended directories. CVE-2007-1484 / MOPB-24-2007: The array_user_key_compare function makes erroneous calls to zval_dt ... Description truncated, for more information please check the Reference URL

php4,php5 on SUSE LINUX 10.1, openSUSE 10.2, SuSE Linux Enterprise Server 8, SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLES 10

• http://www.novell.com/linux/security/advisories/2007_32_php.html

---

Updated on 2015-03-25