Pardus alert 2011-51 (php php-cli php-common)
Weekly edition
Kernel
Security
Distributions
Search
Archives
Calendar
Subscribe
Write for LWN
LWN.net FAQ
Sponsors
Pardus alert 2011-51 (php php-cli php-common)
From:
Meltem Parmaksız <meltem@pardus.org.tr>
To:
pardus-security@pardus.org.tr
Subject:
[Pardus-security] [PLSA 2011-51] Php: Denial of Service
Date:
Mon, 28 Feb 2011 13:20:17 +0200
Message-ID:
<201102281320.17778.meltem@pardus.org.tr>
Archive-link:
Article, Thread
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-51 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2011-02-28
Severity: 2
Type: Local
------------------------------------------------------------------------
Summary
=======
A vulnerability have been fixed in php, which allows attackers to cause
a denial of service.
Description
===========
CVE-2011-0708:
PHP Exif extension allows developers to work with image metadata within
their PHP code. For instance, using exif functions it is possible to
read metadata from digital camera pictures.
PHP Exif extension for 64bit platforms is affected by a casting
vulnerability that occurs during the image header parsing.
Affected packages:
Pardus 2011:
php, all before 5.2.14-90-p11
php-cli, all before 5.2.14-90-p11
php-common, all before 5.2.14-90-p11
Resolution
==========
There are update(s) for php, php-cli, php-common. You can update them
via Package Manager or with a single command from console:
pisi up php php-cli php-common
References
==========
* http://http://www.zjjv.com//.tr/show_bug.cgi?id=16934
* http://http://www.zjjv.com///oss-sec/2011/q1/192
------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://http://www.zjjv.com//.tr/mailman/listinfo/pardus-security
(Log in to post comments)
