HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.
a7638da01e18d2a3d9c6e84728556bb08fdb00082b9c904826eb85aa31a5870d
HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) gain unauthorized access, and perform cross site scripting (XSS).
c1954c41fb731ee70c50740ef529fcd3936287138bfd2ad9872394c9aa5a8553
Gentoo Linux Security Advisory 201001-3 - Multiple vulnerabilities were found in PHP, the worst of which leading to the remote execution of arbitrary code. Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes for details. Versions less than 5.2.12 are affected.
aff1f9bdb3800d54675a65671b47a6ba413ece16b6ab47e89279c16cfaa490a7
Mandriva Linux Security Advisory 2009-324 - Multiple vulnerabilities was discovered and corrected in php. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.
e3afdb1902dc3655ca41902b102924f73c6a2af7992eeefb617e4d6c17506ffa
Ubuntu Security Notice 862-1 - Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the tempnam function. An attacker could exploit this issue to bypass safe_mode restrictions. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the posix_mkfifo function. An attacker could exploit this issue to bypass open_basedir restrictions. Bogdan Calin discovered that PHP did not limit the number of temporary files created when handling multipart/form-data POST requests. A remote attacker could exploit this flaw and cause the PHP server to consume all available resources, resulting in a denial of service.
4f878a13f8d4ca2752e08bf4d244d21c1e5497b18bc52847b8aad57c52a0fa41
Debian Linux Security Advisory 1940-1 - Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor.
a5539a28cde8a1bb5d0403cbd15a3328e03796380d5dd7bb69921367844f4dac
Mandriva Linux Security Advisory 2009-302 - Some vulnerabilities were discovered and corrected in php-5.3.1.
a0ce7da0ac8e1b13fe4bfd3054d144216d266c1034944be910714f24fb8b1173
Mandriva Linux Security Advisory 2009-248 - The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. This update provides a solution to these vulnerabilities.
c6fd9002951b645b1a2512216eeebebe823b0b572c4cbaaa2768de70b69fab34
Mandriva Linux Security Advisory 2009-247 - The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. This update provides a solution to these vulnerabilities.
9f34eb3be32a16badbc273deeba8ee60a449660a14f9a4391e63e8989fd4396d
Mandriva Linux Security Advisory 2009-246 - The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. This update provides a solution to these vulnerabilities.
a7888af91f0c4d772efd71a91fd56e1c64e3be7dc6c2d0e953cc04cb1993cd51