Oval Definition:	oval:org.mitre.oval:def:23906
Revision Date: 2014-05-26 Version: 50 Title: ELSA-2012:1046: php security update (Moderate) Description: Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2010-2950 CVE-2011-4153 CVE-2012-0057 CVE-2012-0781 CVE-2012-0789 CVE-2012-1172 CVE-2012-2143 CVE-2012-2336 CVE-2012-2386 ELSA-2012:1046-01 Platform(s): Oracle Linux 6 Product(s): php Definition Synopsis Oracle Linux 6.x AND rpm test php-pdo is earlier than 0:5.3.3-14.el6_3 OR php-common is earlier than 0:5.3.3-14.el6_3 OR php-enchant is earlier than 0:5.3.3-14.el6_3 OR php-embedded is earlier than 0:5.3.3-14.el6_3 OR php-snmp is earlier than 0:5.3.3-14.el6_3 OR php-pgsql is earlier than 0:5.3.3-14.el6_3 OR php-xmlrpc is earlier than 0:5.3.3-14.el6_3 OR php-devel is earlier than 0:5.3.3-14.el6_3 OR php-recode is earlier than 0:5.3.3-14.el6_3 OR php is earlier than 0:5.3.3-14.el6_3 OR php-imap is earlier than 0:5.3.3-14.el6_3 OR php-gd is earlier than 0:5.3.3-14.el6_3 OR php-odbc is earlier than 0:5.3.3-14.el6_3 OR php-tidy is earlier than 0:5.3.3-14.el6_3 OR php-soap is earlier than 0:5.3.3-14.el6_3 OR php-mysql is earlier than 0:5.3.3-14.el6_3 OR php-zts is earlier than 0:5.3.3-14.el6_3 OR php-process is earlier than 0:5.3.3-14.el6_3 OR php-bcmath is earlier than 0:5.3.3-14.el6_3 OR php-intl is earlier than 0:5.3.3-14.el6_3 OR php-ldap is earlier than 0:5.3.3-14.el6_3 OR php-mbstring is earlier than 0:5.3.3-14.el6_3 OR php-dba is earlier than 0:5.3.3-14.el6_3 OR php-cli is earlier than 0:5.3.3-14.el6_3 OR php-pspell is earlier than 0:5.3.3-14.el6_3 OR php-xml is earlier than 0:5.3.3-14.el6_3
BACK