what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 2403-1

Debian Security Advisory 2403-1
Posted Feb 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2403-1 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.

tags | advisory, remote, php
systems | linux, debian
advisories | CVE-2012-0830
SHA-256 | bbcaf9bacde93e6ba6e9cb4dfce9298a5d4f4801092f02f18b73ed6239c2c48d

Debian Security Advisory 2403-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2403-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
February 02, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : php5
Vulnerability : code injection
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0830

Stefan Esser discovered that the implementation of the max_input_vars
configuration variable in a recent PHP security update was flawed such
that it allows remote attackers to crash PHP or potentially execute
code.

For the oldstable distribution (lenny), no fix is available at this time.

For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze7.

The testing distribution (wheezy) and unstable distribution (sid)
will be fixed soon.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJPKv//AAoJEOxfUAG2iX57gpEIANgTI7dZgT2Pdf7ajBy3fFVX
uGSwFoGe9lFVpF2i3tlvB/riN1wlvn6Q13lLjR257DQk0lwi0vwJWFmfITG6CGMS
ARNVdHVBMAZpoyiAsQDdYid7FPJQONxGaubEO9MMGgnBYkMtea7jXtJqrkTCcvvg
4qccjxnd5VhQ6d2prPqbqjvouC7E3oxLPtw0quc6tzXjVvP0cAD0dICtJHZpgzNb
IjyEWpds5GV+hvPoqa57lqC0BjeUrFQCKJvbwWOAPJvSfE4jn0KE3+LwwS+znSs4
VvHjsASRw7h0e8vhlrph8dWFeD9Qc8sNInMaf8PvS7CkGrJ7xenEnWnbkUNzXc8=
=2Af1
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close