mod_php5-5.4.26 has known vulnerabilities
Jos Chrispijn
jos at webrz.net
Fri Mar 28 18:26:01 UTC 2014
From UPDATING:
20140327:
AFFECTS: users of lang/php5 and lang/php55 with Apache module
AUTHOR: [1]ale at FreeBSD.org
The Apache PHP module has been splitted from main PHP port, so if you
are using it you should install one of www/mod_php5 or www/mod_php55.
* When I tried to install this additional update, I get an error
display, saying that this port has known vulnerabilities:
===> mod_php5-5.4.26 has known vulnerabilities:
mod_php5-5.4.26 is vulnerable:
php -- multiple vulnerabilities
CVE: CVE-2006-4486
CVE: CVE-2006-4485
CVE: CVE-2006-4484
CVE: CVE-2006-4483
CVE: CVE-2006-4482
CVE: CVE-2006-4481
WWW:
[2]http://portaudit.FreeBSD.org/ea09c5df-4362-11db-81e1-000e0c2e438a.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- vulnerability in RFC 1867 file upload processing
WWW:
[3]http://portaudit.FreeBSD.org/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- php_variables memory disclosure
WWW:
[4]http://portaudit.FreeBSD.org/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- strip_tags cross-site scripting vulnerability
CVE: CVE-2004-0595
WWW:
[5]http://portaudit.FreeBSD.org/edf61c61-0f07-11d9-8393-000103ccf9d6.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- memory_limit related vulnerability
CVE: CVE-2004-0594
WWW:
[6]http://portaudit.FreeBSD.org/dd7aa4f1-102f-11d9-8a8a-000c41e2cdad.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- _ecalloc Integer Overflow Vulnerability
CVE: CVE-2006-4812
WWW:
[7]http://portaudit.FreeBSD.org/e329550b-54f7-11db-a5ae-00508d6a62df.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- multiple vulnerabilities
CVE: CVE-2004-1065
CVE: CVE-2004-1019
WWW:
[8]http://portaudit.FreeBSD.org/d47e9d19-5016-11d9-9b5f-0050569f0001.ht
ml
mod_php5-5.4.26 is vulnerable:
php -- open_basedir Race Condition Vulnerability
CVE: CVE-2006-5178
WWW:
[9]http://portaudit.FreeBSD.org/edabe438-542f-11db-a5ae-00508d6a62df.ht
ml
=> Please update your ports tree and try again.
*** [check-vulnerable] Error code 1
Stop in /usr/ports/www/mod_php5.
*** [install] Error code 1
Stop in /usr/ports/www/mod_php5.
--- end of report ---
References
1. mailto:ale at FreeBSD.org
2. http://portaudit.FreeBSD.org/ea09c5df-4362-11db-81e1-000e0c2e438a.html
3. http://portaudit.FreeBSD.org/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.html
4. http://portaudit.FreeBSD.org/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.html
5. http://portaudit.FreeBSD.org/edf61c61-0f07-11d9-8393-000103ccf9d6.html
6. http://portaudit.FreeBSD.org/dd7aa4f1-102f-11d9-8a8a-000c41e2cdad.html
7. http://portaudit.FreeBSD.org/e329550b-54f7-11db-a5ae-00508d6a62df.html
8. http://portaudit.FreeBSD.org/d47e9d19-5016-11d9-9b5f-0050569f0001.html
9. http://portaudit.FreeBSD.org/edabe438-542f-11db-a5ae-00508d6a62df.html
More information about the freebsd-ports
mailing list