Debian Security Advisory
DSA-2527-1 php5 -- several vulnerabilities
- Date Reported:
- 13 Aug 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-2688, CVE-2012-3450.
- More information:
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues:
A buffer overflow in the scandir() function could lead to denial of service or the execution of arbitrary code.
It was discovered that inconsistent parsing of PDO prepared statements could lead to denial of service.
For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze14.
For the unstable distribution (sid), this problem has been fixed in version 5.4.4-4.
We recommend that you upgrade your php5 packages.