Date: Fri, 28 Mar 2014 19:25:52 +0100 From: Jos Chrispijn <jos@webrz.net> To: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: mod_php5-5.4.26 has known vulnerabilities Message-ID: <5335BEB0.4080804@webrz.net>
next in thread | raw e-mail | index | archive | help
From UPDATING:
20140327:
AFFECTS: users of lang/php5 and lang/php55 with Apache module
AUTHOR: [1]ale@FreeBSD.org
The Apache PHP module has been splitted from main PHP port, so if you
are using it you should install one of www/mod_php5 or www/mod_php55.
* When I tried to install this additional update, I get an error
display, saying that this port has known vulnerabilities:
===> mod_php5-5.4.26 has known vulnerabilities:
mod_php5-5.4.26 is vulnerable:
php -- multiple vulnerabilities
CVE: CVE-2006-4486
CVE: CVE-2006-4485
CVE: CVE-2006-4484
CVE: CVE-2006-4483
CVE: CVE-2006-4482
CVE: CVE-2006-4481
WWW:
[2]http://portaudit.FreeBSD.org/ea09c5df-4362-11db-81e1-000e0c2e438a.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- vulnerability in RFC 1867 file upload processing
WWW:
[3]http://portaudit.FreeBSD.org/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- php_variables memory disclosure
WWW:
[4]http://portaudit.FreeBSD.org/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- strip_tags cross-site scripting vulnerability
CVE: CVE-2004-0595
WWW:
[5]http://portaudit.FreeBSD.org/edf61c61-0f07-11d9-8393-000103ccf9d6.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- memory_limit related vulnerability
CVE: CVE-2004-0594
WWW:
[6]http://portaudit.FreeBSD.org/dd7aa4f1-102f-11d9-8a8a-000c41e2cdad.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- _ecalloc Integer Overflow Vulnerability
CVE: CVE-2006-4812
WWW:
[7]http://portaudit.FreeBSD.org/e329550b-54f7-11db-a5ae-00508d6a62df.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- multiple vulnerabilities
CVE: CVE-2004-1065
CVE: CVE-2004-1019
WWW:
[8]http://portaudit.FreeBSD.org/d47e9d19-5016-11d9-9b5f-0050569f0001.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- open_basedir Race Condition Vulnerability
CVE: CVE-2006-5178
WWW:
[9]http://portaudit.FreeBSD.org/edabe438-542f-11db-a5ae-00508d6a62df.ht
ml
=> Please update your ports tree and try again.
*** [check-vulnerable] Error code 1
Stop in /usr/ports/www/mod_php5.
*** [install] Error code 1
Stop in /usr/ports/www/mod_php5.
--- end of report ---
References
1. mailto:ale@FreeBSD.org
2. http://portaudit.FreeBSD.org/ea09c5df-4362-11db-81e1-000e0c2e438a.html
3. http://portaudit.FreeBSD.org/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.html
4. http://portaudit.FreeBSD.org/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.html
5. http://portaudit.FreeBSD.org/edf61c61-0f07-11d9-8393-000103ccf9d6.html
6. http://portaudit.FreeBSD.org/dd7aa4f1-102f-11d9-8a8a-000c41e2cdad.html
7. http://portaudit.FreeBSD.org/e329550b-54f7-11db-a5ae-00508d6a62df.html
8. http://portaudit.FreeBSD.org/d47e9d19-5016-11d9-9b5f-0050569f0001.html
9. http://portaudit.FreeBSD.org/edabe438-542f-11db-a5ae-00508d6a62df.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5335BEB0.4080804>