Subject: | |
From: | |
Reply To: | |
Date: | Mon, 7 Feb 2011 12:43:44 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: php53 security update
Issue date: 2011-02-03
CVE Names: CVE-2010-3710 CVE-2010-4156 CVE-2010-4645
A flaw was found in the way PHP converted certain floating point values
from string representation to a number. If a PHP script evaluated an
attacker's input in a numeric context, the PHP interpreter could cause
high CPU usage until the script execution time limit is reached. This
issue only affected i386 systems. (CVE-2010-4645)
A stack memory exhaustion flaw was found in the way the PHP filter_var()
function validated email addresses. An attacker could use this flaw to
crash the PHP interpreter by providing excessively long input to be
validated as an email address. (CVE-2010-3710)
A memory disclosure flaw was found in the PHP multi-byte string
extension. If the mb_strcut() function was called with a length argument
exceeding the input string size, the function could disclose a portion
of the PHP interpreter's memory. (CVE-2010-4156)
After installing the updated packages, the httpd daemon must be
restarted for the update to take effect.
SL 5.x
SRPMS:
php53-5.3.3-1.el5_6.1.src.rpm
i386:
php53-5.3.3-1.el5_6.1.i386.rpm
php53-bcmath-5.3.3-1.el5_6.1.i386.rpm
php53-cli-5.3.3-1.el5_6.1.i386.rpm
php53-common-5.3.3-1.el5_6.1.i386.rpm
php53-dba-5.3.3-1.el5_6.1.i386.rpm
php53-devel-5.3.3-1.el5_6.1.i386.rpm
php53-gd-5.3.3-1.el5_6.1.i386.rpm
php53-imap-5.3.3-1.el5_6.1.i386.rpm
php53-intl-5.3.3-1.el5_6.1.i386.rpm
php53-ldap-5.3.3-1.el5_6.1.i386.rpm
php53-mbstring-5.3.3-1.el5_6.1.i386.rpm
php53-mysql-5.3.3-1.el5_6.1.i386.rpm
php53-odbc-5.3.3-1.el5_6.1.i386.rpm
php53-pdo-5.3.3-1.el5_6.1.i386.rpm
php53-pgsql-5.3.3-1.el5_6.1.i386.rpm
php53-process-5.3.3-1.el5_6.1.i386.rpm
php53-pspell-5.3.3-1.el5_6.1.i386.rpm
php53-snmp-5.3.3-1.el5_6.1.i386.rpm
php53-soap-5.3.3-1.el5_6.1.i386.rpm
php53-xml-5.3.3-1.el5_6.1.i386.rpm
php53-xmlrpc-5.3.3-1.el5_6.1.i386.rpm
x86_64:
php53-5.3.3-1.el5_6.1.x86_64.rpm
php53-bcmath-5.3.3-1.el5_6.1.x86_64.rpm
php53-cli-5.3.3-1.el5_6.1.x86_64.rpm
php53-common-5.3.3-1.el5_6.1.x86_64.rpm
php53-dba-5.3.3-1.el5_6.1.x86_64.rpm
php53-devel-5.3.3-1.el5_6.1.x86_64.rpm
php53-gd-5.3.3-1.el5_6.1.x86_64.rpm
php53-imap-5.3.3-1.el5_6.1.x86_64.rpm
php53-intl-5.3.3-1.el5_6.1.x86_64.rpm
php53-ldap-5.3.3-1.el5_6.1.x86_64.rpm
php53-mbstring-5.3.3-1.el5_6.1.x86_64.rpm
php53-mysql-5.3.3-1.el5_6.1.x86_64.rpm
php53-odbc-5.3.3-1.el5_6.1.x86_64.rpm
php53-pdo-5.3.3-1.el5_6.1.x86_64.rpm
php53-pgsql-5.3.3-1.el5_6.1.x86_64.rpm
php53-process-5.3.3-1.el5_6.1.x86_64.rpm
php53-pspell-5.3.3-1.el5_6.1.x86_64.rpm
php53-snmp-5.3.3-1.el5_6.1.x86_64.rpm
php53-soap-5.3.3-1.el5_6.1.x86_64.rpm
php53-xml-5.3.3-1.el5_6.1.x86_64.rpm
php53-xmlrpc-5.3.3-1.el5_6.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|