Oval Definition:	oval:com.ubuntu.precise:def:20122386000
Revision Date: 2012-07-07 Version: 1 Title: CVE-2012-2386 on Ubuntu 12.04 LTS (precise) - medium. Description: Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. Family: unix Class: vulnerability Status: Reference(s): CVE-2012-2386 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND The 'php5' package in precise was vulnerable but has been fixed (note: '5.3.10-1ubuntu3.2').
BACK