mod_php5-5.4.26 has known vulnerabilities

Jos Chrispijn jos at webrz.net
Fri Mar 28 18:26:01 UTC 2014 

   From UPDATING:
   20140327:
     AFFECTS: users of lang/php5 and lang/php55 with Apache module
     AUTHOR: [1]ale at FreeBSD.org
     The Apache PHP module has been splitted from main PHP port, so if you
     are using it you should install one of www/mod_php5 or www/mod_php55.
   * When I tried to install this additional update, I get an error
   display, saying that this port has known vulnerabilities:
   ===>  mod_php5-5.4.26 has known vulnerabilities:
   mod_php5-5.4.26 is vulnerable:
   php -- multiple vulnerabilities
   CVE: CVE-2006-4486
   CVE: CVE-2006-4485
   CVE: CVE-2006-4484
   CVE: CVE-2006-4483
   CVE: CVE-2006-4482
   CVE: CVE-2006-4481
   WWW:
   [2]http://portaudit.FreeBSD.org/ea09c5df-4362-11db-81e1-000e0c2e438a.ht
   ml
   mod_php5-5.4.26 is vulnerable:
   php -- vulnerability in RFC 1867 file upload processing
   WWW:
   [3]http://portaudit.FreeBSD.org/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.ht
   ml
   mod_php5-5.4.26 is vulnerable:
   php -- php_variables memory disclosure
   WWW:
   [4]http://portaudit.FreeBSD.org/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.ht
   ml
   mod_php5-5.4.26 is vulnerable:
   php -- strip_tags cross-site scripting vulnerability
   CVE: CVE-2004-0595
   WWW:
   [5]http://portaudit.FreeBSD.org/edf61c61-0f07-11d9-8393-000103ccf9d6.ht
   ml
   mod_php5-5.4.26 is vulnerable:
   php -- memory_limit related vulnerability
   CVE: CVE-2004-0594
   WWW:
   [6]http://portaudit.FreeBSD.org/dd7aa4f1-102f-11d9-8a8a-000c41e2cdad.ht
   ml
   mod_php5-5.4.26 is vulnerable:
   php -- _ecalloc Integer Overflow Vulnerability
   CVE: CVE-2006-4812
   WWW:
   [7]http://portaudit.FreeBSD.org/e329550b-54f7-11db-a5ae-00508d6a62df.ht
   ml
   mod_php5-5.4.26 is vulnerable:
   php -- multiple vulnerabilities
   CVE: CVE-2004-1065
   CVE: CVE-2004-1019
   WWW:
   [8]http://portaudit.FreeBSD.org/d47e9d19-5016-11d9-9b5f-0050569f0001.ht
   ml
   mod_php5-5.4.26 is vulnerable:
   php -- open_basedir Race Condition Vulnerability
   CVE: CVE-2006-5178
   WWW:
   [9]http://portaudit.FreeBSD.org/edabe438-542f-11db-a5ae-00508d6a62df.ht
   ml
   => Please update your ports tree and try again.
   *** [check-vulnerable] Error code 1
   Stop in /usr/ports/www/mod_php5.
   *** [install] Error code 1
   Stop in /usr/ports/www/mod_php5.
   --- end of report ---

References

   1. mailto:ale at FreeBSD.org
   2. http://portaudit.FreeBSD.org/ea09c5df-4362-11db-81e1-000e0c2e438a.html
   3. http://portaudit.FreeBSD.org/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.html
   4. http://portaudit.FreeBSD.org/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.html
   5. http://portaudit.FreeBSD.org/edf61c61-0f07-11d9-8393-000103ccf9d6.html
   6. http://portaudit.FreeBSD.org/dd7aa4f1-102f-11d9-8a8a-000c41e2cdad.html
   7. http://portaudit.FreeBSD.org/e329550b-54f7-11db-a5ae-00508d6a62df.html
   8. http://portaudit.FreeBSD.org/d47e9d19-5016-11d9-9b5f-0050569f0001.html
   9. http://portaudit.FreeBSD.org/edabe438-542f-11db-a5ae-00508d6a62df.html

More information about the freebsd-ports mailing list