Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-1271 (GCVE-0-2009-1271)
Vulnerability from cvelistv5
Published
2009-04-08 18:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090401 CVE request: PHP 5.2.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/9"
},
{
"name": "DSA-1775",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1775"
},
{
"name": "FEDORA-2009-3768",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15"
},
{
"name": "34770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34770"
},
{
"name": "APPLE-SA-2009-09-10-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_2_9.php"
},
{
"name": "35007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35007"
},
{
"name": "34933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34933"
},
{
"name": "34830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34830"
},
{
"name": "USN-761-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-761-2"
},
{
"name": "RHSA-2009:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"name": "FEDORA-2009-3848",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"name": "35003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35003"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3865"
},
{
"name": "36701",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36701"
},
{
"name": "MDVSA-2009:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:090"
},
{
"name": "35306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35306"
},
{
"name": "USN-761-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/761-1/"
},
{
"name": "DSA-1789",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090401 CVE request: PHP 5.2.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/9"
},
{
"name": "DSA-1775",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1775"
},
{
"name": "FEDORA-2009-3768",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15"
},
{
"name": "34770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34770"
},
{
"name": "APPLE-SA-2009-09-10-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_2_9.php"
},
{
"name": "35007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35007"
},
{
"name": "34933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34933"
},
{
"name": "34830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34830"
},
{
"name": "USN-761-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-761-2"
},
{
"name": "RHSA-2009:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"name": "FEDORA-2009-3848",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"name": "35003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35003"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3865"
},
{
"name": "36701",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36701"
},
{
"name": "MDVSA-2009:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:090"
},
{
"name": "35306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35306"
},
{
"name": "USN-761-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/761-1/"
},
{
"name": "DSA-1789",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090401 CVE request: PHP 5.2.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/9"
},
{
"name": "DSA-1775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1775"
},
{
"name": "FEDORA-2009-3768",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15",
"refsource": "MISC",
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15"
},
{
"name": "34770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34770"
},
{
"name": "APPLE-SA-2009-09-10-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name": "http://www.php.net/releases/5_2_9.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_2_9.php"
},
{
"name": "35007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35007"
},
{
"name": "34933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34933"
},
{
"name": "34830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34830"
},
{
"name": "USN-761-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-761-2"
},
{
"name": "RHSA-2009:0350",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"name": "FEDORA-2009-3848",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"name": "35003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35003"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT3865",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3865"
},
{
"name": "36701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36701"
},
{
"name": "MDVSA-2009:090",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:090"
},
{
"name": "35306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35306"
},
{
"name": "USN-761-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/761-1/"
},
{
"name": "DSA-1789",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1271",
"datePublished": "2009-04-08T18:00:00",
"dateReserved": "2009-04-08T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2009-1271\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-04-08T18:30:00.187\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n JSON_parser (ext/json/JSON_parser.c) en PHP v5.2.x anteriores a v5.2.9 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (falta de segmentaci\u00f3n) a trav\u00e9s de una cadena formada de forma incorrecta a la funci\u00f3n API json_decode.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD02D837-FD28-4E0F-93F8-25E8D1C84A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88358D1E-BE6F-4CE3-A522-83D1FA4739E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86767200-6C9C-4C3E-B111-0E5BE61E197B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B00B416D-FF23-4C76-8751-26D305F0FA0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.4:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"F526115E-A68E-4B10-AA6A-9CD26CB81AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCB6CDDD-70D3-4004-BCE0-8C4723076103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A782CA26-9C38-40A8-92AE-D47B14D2FCE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0892C89E-9389-4452-B7E0-981A763CD426\"}]}]}],\"references\":[{\"url\":\"http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34770\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34830\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34933\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35003\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35007\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35306\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35685\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36701\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3865\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1775\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1789\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:090\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/04/01/9\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.php.net/releases/5_2_9.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0350.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-761-2\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/761-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34830\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35685\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36701\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:090\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/04/01/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.php.net/releases/5_2_9.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0350.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-761-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/761-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html\",\"lastModified\":\"2009-04-15T00:00:00\"}]}}"
}
}
rhsa-2009_0350
Vulnerability from csaf_redhat
Published
2009-04-14 17:14
Modified
2024-12-15 18:13
Summary
Red Hat Security Advisory: php security update
Notes
Topic
Updated php packages that fix several security issues are now available for
Red Hat Application Stack v2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
remote attacker able to pass arbitrary input to a PHP script using mbstring
conversion functions could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-5557)
A flaw was found in the handling of the "mbstring.func_overload"
configuration setting. A value set for one virtual host, or in a user's
.htaccess file, was incorrectly applied to other virtual hosts on the same
server, causing the handling of multibyte character strings to not work
correctly. (CVE-2009-0754)
A directory traversal flaw was found in PHP's ZipArchive::extractTo
function. If PHP is used to extract a malicious ZIP archive, it could allow
an attacker to write arbitrary files anywhere the PHP process has write
permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it
could cause the PHP interpreter to crash or, possibly, execute arbitrary
code. (CVE-2008-3658)
A flaw was found in the way PHP handled certain file extensions when
running in FastCGI mode. If the PHP interpreter was being executed via
FastCGI, a remote attacker could create a request which would cause the PHP
interpreter to crash. (CVE-2008-3660)
A memory disclosure flaw was found in the PHP gd extension's imagerotate
function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions
of the PHP interpreter's memory. (CVE-2008-5498)
A cross-site scripting flaw was found in a way PHP reported errors for
invalid cookies. If the PHP interpreter had "display_errors" enabled, a
remote attacker able to set a specially-crafted cookie on a victim's system
could possibly inject arbitrary HTML into an error message generated by
PHP. (CVE-2008-5814)
A flaw was found in PHP's json_decode function. A remote attacker could use
this flaw to create a specially-crafted string which could cause the PHP
interpreter to crash while being decoded in a PHP script. (CVE-2009-1271)
All php users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. The httpd web server
must be restarted for the changes to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated php packages that fix several security issues are now available for\nRed Hat Application Stack v2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP\u0027s mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user\u0027s\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP\u0027s ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP\u0027s imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension\u0027s imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter\u0027s memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim\u0027s system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP\u0027s json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0350",
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "474824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
},
{
"category": "external",
"summary": "478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "494530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0350.json"
}
],
"title": "Red Hat Security Advisory: php security update",
"tracking": {
"current_release_date": "2024-12-15T18:13:03+00:00",
"generator": {
"date": "2024-12-15T18:13:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2009:0350",
"initial_release_date": "2009-04-14T17:14:00+00:00",
"revision_history": [
{
"date": "2009-04-14T17:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-04-14T13:14:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-15T18:13:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product": {
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_stack:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Application Stack"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_id": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product_id": "php-imap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_id": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_id": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product_id": "php-gd-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product_id": "php-devel-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_id": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-0:5.2.6-4.el5s2.i386",
"product_id": "php-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product_id": "php-dba-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product_id": "php-soap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product_id": "php-common-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_id": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product_id": "php-cli-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product_id": "php-xml-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.src",
"product": {
"name": "php-0:5.2.6-4.el5s2.src",
"product_id": "php-0:5.2.6-4.el5s2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.src"
},
"product_reference": "php-0:5.2.6-4.el5s2.src",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-3658",
"discovery_date": "2008-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459529"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: buffer overflow in the imageloadfont function in gd extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3658"
},
{
"category": "external",
"summary": "RHBZ#459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658"
}
],
"release_date": "2008-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: buffer overflow in the imageloadfont function in gd extension"
},
{
"cve": "CVE-2008-3660",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459572"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: FastCGI module DoS via multiple dots preceding the extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3660"
},
{
"category": "external",
"summary": "RHBZ#459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660"
}
],
"release_date": "2008-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: FastCGI module DoS via multiple dots preceding the extension"
},
{
"cve": "CVE-2008-5498",
"discovery_date": "2008-12-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478425"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: libgd imagerotate() array index error memory disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5498"
},
{
"category": "external",
"summary": "RHBZ#478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5498",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498"
}
],
"release_date": "2008-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: libgd imagerotate() array index error memory disclosure"
},
{
"cve": "CVE-2008-5557",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2008-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478848"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5557"
},
{
"category": "external",
"summary": "RHBZ#478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5557",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)"
},
{
"cve": "CVE-2008-5658",
"discovery_date": "2008-12-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "474824"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5658"
},
{
"category": "external",
"summary": "RHBZ#474824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658"
}
],
"release_date": "2008-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability"
},
{
"cve": "CVE-2008-5814",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2009-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "480167"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: XSS via PHP error messages",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5814"
},
{
"category": "external",
"summary": "RHBZ#480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: XSS via PHP error messages"
},
{
"cve": "CVE-2009-0754",
"discovery_date": "2009-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "479272"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "PHP mbstring.func_overload web server denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0754"
},
{
"category": "external",
"summary": "RHBZ#479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0754",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754"
}
],
"release_date": "2004-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "PHP mbstring.func_overload web server denial of service"
},
{
"cve": "CVE-2009-1271",
"discovery_date": "2009-02-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "494530"
}
],
"notes": [
{
"category": "description",
"text": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: crash on malformed input in json_decode()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1271"
},
{
"category": "external",
"summary": "RHBZ#494530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: crash on malformed input in json_decode()"
}
]
}
RHSA-2009:0350
Vulnerability from csaf_redhat
Published
2009-04-14 17:14
Modified
2025-10-09 13:08
Summary
Red Hat Security Advisory: php security update
Notes
Topic
Updated php packages that fix several security issues are now available for
Red Hat Application Stack v2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
remote attacker able to pass arbitrary input to a PHP script using mbstring
conversion functions could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-5557)
A flaw was found in the handling of the "mbstring.func_overload"
configuration setting. A value set for one virtual host, or in a user's
.htaccess file, was incorrectly applied to other virtual hosts on the same
server, causing the handling of multibyte character strings to not work
correctly. (CVE-2009-0754)
A directory traversal flaw was found in PHP's ZipArchive::extractTo
function. If PHP is used to extract a malicious ZIP archive, it could allow
an attacker to write arbitrary files anywhere the PHP process has write
permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it
could cause the PHP interpreter to crash or, possibly, execute arbitrary
code. (CVE-2008-3658)
A flaw was found in the way PHP handled certain file extensions when
running in FastCGI mode. If the PHP interpreter was being executed via
FastCGI, a remote attacker could create a request which would cause the PHP
interpreter to crash. (CVE-2008-3660)
A memory disclosure flaw was found in the PHP gd extension's imagerotate
function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions
of the PHP interpreter's memory. (CVE-2008-5498)
A cross-site scripting flaw was found in a way PHP reported errors for
invalid cookies. If the PHP interpreter had "display_errors" enabled, a
remote attacker able to set a specially-crafted cookie on a victim's system
could possibly inject arbitrary HTML into an error message generated by
PHP. (CVE-2008-5814)
A flaw was found in PHP's json_decode function. A remote attacker could use
this flaw to create a specially-crafted string which could cause the PHP
interpreter to crash while being decoded in a PHP script. (CVE-2009-1271)
All php users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. The httpd web server
must be restarted for the changes to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated php packages that fix several security issues are now available for\nRed Hat Application Stack v2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP\u0027s mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user\u0027s\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP\u0027s ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP\u0027s imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension\u0027s imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter\u0027s memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim\u0027s system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP\u0027s json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0350",
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "474824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
},
{
"category": "external",
"summary": "478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "494530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0350.json"
}
],
"title": "Red Hat Security Advisory: php security update",
"tracking": {
"current_release_date": "2025-10-09T13:08:45+00:00",
"generator": {
"date": "2025-10-09T13:08:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2009:0350",
"initial_release_date": "2009-04-14T17:14:00+00:00",
"revision_history": [
{
"date": "2009-04-14T17:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-04-14T13:14:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T13:08:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product": {
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_stack:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Application Stack"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_id": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product_id": "php-imap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_id": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_id": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product_id": "php-gd-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product_id": "php-devel-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_id": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-0:5.2.6-4.el5s2.i386",
"product_id": "php-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product_id": "php-dba-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product_id": "php-soap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product_id": "php-common-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_id": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product_id": "php-cli-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product_id": "php-xml-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.src",
"product": {
"name": "php-0:5.2.6-4.el5s2.src",
"product_id": "php-0:5.2.6-4.el5s2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.src"
},
"product_reference": "php-0:5.2.6-4.el5s2.src",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-3658",
"discovery_date": "2008-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459529"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: buffer overflow in the imageloadfont function in gd extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3658"
},
{
"category": "external",
"summary": "RHBZ#459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658"
}
],
"release_date": "2008-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: buffer overflow in the imageloadfont function in gd extension"
},
{
"cve": "CVE-2008-3660",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459572"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: FastCGI module DoS via multiple dots preceding the extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3660"
},
{
"category": "external",
"summary": "RHBZ#459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660"
}
],
"release_date": "2008-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: FastCGI module DoS via multiple dots preceding the extension"
},
{
"cve": "CVE-2008-5498",
"discovery_date": "2008-12-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478425"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: libgd imagerotate() array index error memory disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5498"
},
{
"category": "external",
"summary": "RHBZ#478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5498",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498"
}
],
"release_date": "2008-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: libgd imagerotate() array index error memory disclosure"
},
{
"cve": "CVE-2008-5557",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2008-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478848"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5557"
},
{
"category": "external",
"summary": "RHBZ#478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5557",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)"
},
{
"cve": "CVE-2008-5658",
"discovery_date": "2008-12-04T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658"
}
],
"release_date": "2008-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability"
},
{
"cve": "CVE-2008-5814",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2009-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "480167"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: XSS via PHP error messages",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5814"
},
{
"category": "external",
"summary": "RHBZ#480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: XSS via PHP error messages"
},
{
"cve": "CVE-2009-0754",
"discovery_date": "2009-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "479272"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "PHP mbstring.func_overload web server denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0754"
},
{
"category": "external",
"summary": "RHBZ#479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0754",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754"
}
],
"release_date": "2004-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "PHP mbstring.func_overload web server denial of service"
},
{
"cve": "CVE-2009-1271",
"discovery_date": "2009-02-27T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: crash on malformed input in json_decode()"
}
]
}
rhsa-2009:0350
Vulnerability from csaf_redhat
Published
2009-04-14 17:14
Modified
2025-10-09 13:08
Summary
Red Hat Security Advisory: php security update
Notes
Topic
Updated php packages that fix several security issues are now available for
Red Hat Application Stack v2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
remote attacker able to pass arbitrary input to a PHP script using mbstring
conversion functions could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-5557)
A flaw was found in the handling of the "mbstring.func_overload"
configuration setting. A value set for one virtual host, or in a user's
.htaccess file, was incorrectly applied to other virtual hosts on the same
server, causing the handling of multibyte character strings to not work
correctly. (CVE-2009-0754)
A directory traversal flaw was found in PHP's ZipArchive::extractTo
function. If PHP is used to extract a malicious ZIP archive, it could allow
an attacker to write arbitrary files anywhere the PHP process has write
permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it
could cause the PHP interpreter to crash or, possibly, execute arbitrary
code. (CVE-2008-3658)
A flaw was found in the way PHP handled certain file extensions when
running in FastCGI mode. If the PHP interpreter was being executed via
FastCGI, a remote attacker could create a request which would cause the PHP
interpreter to crash. (CVE-2008-3660)
A memory disclosure flaw was found in the PHP gd extension's imagerotate
function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions
of the PHP interpreter's memory. (CVE-2008-5498)
A cross-site scripting flaw was found in a way PHP reported errors for
invalid cookies. If the PHP interpreter had "display_errors" enabled, a
remote attacker able to set a specially-crafted cookie on a victim's system
could possibly inject arbitrary HTML into an error message generated by
PHP. (CVE-2008-5814)
A flaw was found in PHP's json_decode function. A remote attacker could use
this flaw to create a specially-crafted string which could cause the PHP
interpreter to crash while being decoded in a PHP script. (CVE-2009-1271)
All php users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. The httpd web server
must be restarted for the changes to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated php packages that fix several security issues are now available for\nRed Hat Application Stack v2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP\u0027s mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user\u0027s\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP\u0027s ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP\u0027s imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension\u0027s imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter\u0027s memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim\u0027s system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP\u0027s json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0350",
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "474824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
},
{
"category": "external",
"summary": "478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "494530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0350.json"
}
],
"title": "Red Hat Security Advisory: php security update",
"tracking": {
"current_release_date": "2025-10-09T13:08:45+00:00",
"generator": {
"date": "2025-10-09T13:08:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2009:0350",
"initial_release_date": "2009-04-14T17:14:00+00:00",
"revision_history": [
{
"date": "2009-04-14T17:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-04-14T13:14:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T13:08:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product": {
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_stack:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Application Stack"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_id": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product_id": "php-imap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_id": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_id": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product_id": "php-gd-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product_id": "php-devel-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_id": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-0:5.2.6-4.el5s2.i386",
"product_id": "php-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product_id": "php-dba-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product_id": "php-soap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product_id": "php-common-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_id": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product_id": "php-cli-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product_id": "php-xml-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.src",
"product": {
"name": "php-0:5.2.6-4.el5s2.src",
"product_id": "php-0:5.2.6-4.el5s2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.src"
},
"product_reference": "php-0:5.2.6-4.el5s2.src",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-3658",
"discovery_date": "2008-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459529"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: buffer overflow in the imageloadfont function in gd extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3658"
},
{
"category": "external",
"summary": "RHBZ#459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658"
}
],
"release_date": "2008-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: buffer overflow in the imageloadfont function in gd extension"
},
{
"cve": "CVE-2008-3660",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459572"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: FastCGI module DoS via multiple dots preceding the extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3660"
},
{
"category": "external",
"summary": "RHBZ#459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660"
}
],
"release_date": "2008-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: FastCGI module DoS via multiple dots preceding the extension"
},
{
"cve": "CVE-2008-5498",
"discovery_date": "2008-12-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478425"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: libgd imagerotate() array index error memory disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5498"
},
{
"category": "external",
"summary": "RHBZ#478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5498",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498"
}
],
"release_date": "2008-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: libgd imagerotate() array index error memory disclosure"
},
{
"cve": "CVE-2008-5557",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2008-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478848"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5557"
},
{
"category": "external",
"summary": "RHBZ#478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5557",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)"
},
{
"cve": "CVE-2008-5658",
"discovery_date": "2008-12-04T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658"
}
],
"release_date": "2008-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability"
},
{
"cve": "CVE-2008-5814",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2009-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "480167"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: XSS via PHP error messages",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5814"
},
{
"category": "external",
"summary": "RHBZ#480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: XSS via PHP error messages"
},
{
"cve": "CVE-2009-0754",
"discovery_date": "2009-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "479272"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "PHP mbstring.func_overload web server denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0754"
},
{
"category": "external",
"summary": "RHBZ#479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0754",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754"
}
],
"release_date": "2004-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "PHP mbstring.func_overload web server denial of service"
},
{
"cve": "CVE-2009-1271",
"discovery_date": "2009-02-27T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: crash on malformed input in json_decode()"
}
]
}
ghsa-2c9q-p5rf-5vp8
Vulnerability from github
Published
2022-05-02 03:23
Modified
2025-04-09 04:07
VLAI Severity ?
Details
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
{
"affected": [],
"aliases": [
"CVE-2009-1271"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-04-08T18:30:00Z",
"severity": "MODERATE"
},
"details": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
"id": "GHSA-2c9q-p5rf-5vp8",
"modified": "2025-04-09T04:07:54Z",
"published": "2022-05-02T03:23:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/761-1"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"type": "WEB",
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34770"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34830"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34933"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35003"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35007"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35306"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35685"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36701"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3865"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1775"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1789"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:090"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/9"
},
{
"type": "WEB",
"url": "http://www.php.net/releases/5_2_9.php"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-761-2"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2009-1271
Vulnerability from fkie_nvd
Published
2009-04-08 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| cve@mitre.org | http://secunia.com/advisories/34770 | ||
| cve@mitre.org | http://secunia.com/advisories/34830 | ||
| cve@mitre.org | http://secunia.com/advisories/34933 | ||
| cve@mitre.org | http://secunia.com/advisories/35003 | ||
| cve@mitre.org | http://secunia.com/advisories/35007 | ||
| cve@mitre.org | http://secunia.com/advisories/35306 | ||
| cve@mitre.org | http://secunia.com/advisories/35685 | ||
| cve@mitre.org | http://secunia.com/advisories/36701 | ||
| cve@mitre.org | http://support.apple.com/kb/HT3865 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1775 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1789 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:090 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2009/04/01/9 | ||
| cve@mitre.org | http://www.php.net/releases/5_2_9.php | Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0350.html | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-761-2 | ||
| cve@mitre.org | https://usn.ubuntu.com/761-1/ | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34770 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34830 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34933 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35003 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35007 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35306 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36701 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3865 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1775 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1789 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:090 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/04/01/9 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.php.net/releases/5_2_9.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0350.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-761-2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/761-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.4:*:windows:*:*:*:*:*",
"matchCriteriaId": "F526115E-A68E-4B10-AA6A-9CD26CB81AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function."
},
{
"lang": "es",
"value": "La funci\u00f3n JSON_parser (ext/json/JSON_parser.c) en PHP v5.2.x anteriores a v5.2.9 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (falta de segmentaci\u00f3n) a trav\u00e9s de una cadena formada de forma incorrecta a la funci\u00f3n API json_decode.\r\n"
}
],
"id": "CVE-2009-1271",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-08T18:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34770"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34830"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34933"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35003"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35007"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35306"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36701"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3865"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1775"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1789"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:090"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.php.net/releases/5_2_9.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-761-2"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/761-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.php.net/releases/5_2_9.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-761-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/761-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html",
"lastModified": "2009-04-15T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2009-1271
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-1271",
"description": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
"id": "GSD-2009-1271",
"references": [
"https://www.suse.com/security/cve/CVE-2009-1271.html",
"https://www.debian.org/security/2009/dsa-1789",
"https://www.debian.org/security/2009/dsa-1775",
"https://access.redhat.com/errata/RHSA-2009:0350"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-1271"
],
"details": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
"id": "GSD-2009-1271",
"modified": "2023-12-13T01:19:47.622624Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090401 CVE request: PHP 5.2.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/9"
},
{
"name": "DSA-1775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1775"
},
{
"name": "FEDORA-2009-3768",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15",
"refsource": "MISC",
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15"
},
{
"name": "34770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34770"
},
{
"name": "APPLE-SA-2009-09-10-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name": "http://www.php.net/releases/5_2_9.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_2_9.php"
},
{
"name": "35007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35007"
},
{
"name": "34933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34933"
},
{
"name": "34830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34830"
},
{
"name": "USN-761-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-761-2"
},
{
"name": "RHSA-2009:0350",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"name": "FEDORA-2009-3848",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"name": "35003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35003"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT3865",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3865"
},
{
"name": "36701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36701"
},
{
"name": "MDVSA-2009:090",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:090"
},
{
"name": "35306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35306"
},
{
"name": "USN-761-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/761-1/"
},
{
"name": "DSA-1789",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1789"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1271"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15",
"refsource": "MISC",
"tags": [],
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15"
},
{
"name": "http://www.php.net/releases/5_2_9.php",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.php.net/releases/5_2_9.php"
},
{
"name": "[oss-security] 20090401 CVE request: PHP 5.2.9",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/9"
},
{
"name": "MDVSA-2009:090",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:090"
},
{
"name": "RHSA-2009:0350",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"name": "34830",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/34830"
},
{
"name": "34770",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/34770"
},
{
"name": "DSA-1775",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2009/dsa-1775"
},
{
"name": "34933",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/34933"
},
{
"name": "USN-761-2",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-761-2"
},
{
"name": "DSA-1789",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2009/dsa-1789"
},
{
"name": "35003",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35003"
},
{
"name": "35007",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35007"
},
{
"name": "FEDORA-2009-3768",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"name": "35306",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35306"
},
{
"name": "FEDORA-2009-3848",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "http://support.apple.com/kb/HT3865",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT3865"
},
{
"name": "APPLE-SA-2009-09-10-2",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name": "36701",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/36701"
},
{
"name": "USN-761-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/761-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-03T21:59Z",
"publishedDate": "2009-04-08T18:30Z"
}
}
}
CERTA-2009-AVI-382
Vulnerability from certfr_avis
De multiples vulnérabilités permettant entre autres l'exécution de code arbitraire à distance ont été corrigées dans MacOS X.
Description
Plusieurs vulnérabilités d'applications contenues dans MacOS X ont été corrigées. MacOS X 10.6 n'est concerné que par les failles affectant le plugin Flash Player. Les vulnérabilités permettent notamment l'exécution de code arbitraire à distance, l'élévation de privilèges et l'injection de code indirecte.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MacOS X Server 10.4.x (Universal) ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "MacOS X 10.5.8 ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "MacOS X 10.4.11 ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "MacOS X 10.6.",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "MacOS X Server 10.5 ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "MacOS X Server 10.4.x (PowerPC) ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s d\u0027applications contenues dans MacOS X ont \u00e9t\u00e9\ncorrig\u00e9es. MacOS X 10.6 n\u0027est concern\u00e9 que par les failles affectant le\nplugin Flash Player. Les vuln\u00e9rabilit\u00e9s permettent notamment l\u0027ex\u00e9cution\nde code arbitraire \u00e0 distance, l\u0027\u00e9l\u00e9vation de privil\u00e8ges et l\u0027injection\nde code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-1864",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1864"
},
{
"name": "CVE-2009-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2804"
},
{
"name": "CVE-2009-1867",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1867"
},
{
"name": "CVE-2009-2813",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2813"
},
{
"name": "CVE-2009-0789",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
},
{
"name": "CVE-2009-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2805"
},
{
"name": "CVE-2009-0949",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0949"
},
{
"name": "CVE-2009-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2800"
},
{
"name": "CVE-2009-1866",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1866"
},
{
"name": "CVE-2009-2468",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2468"
},
{
"name": "CVE-2008-2079",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2079"
},
{
"name": "CVE-2009-1865",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1865"
},
{
"name": "CVE-2009-1868",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1868"
},
{
"name": "CVE-2009-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
},
{
"name": "CVE-2008-5498",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
},
{
"name": "CVE-2009-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1372"
},
{
"name": "CVE-2009-2811",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2811"
},
{
"name": "CVE-2009-2809",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2809"
},
{
"name": "CVE-2009-1870",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1870"
},
{
"name": "CVE-2009-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1862"
},
{
"name": "CVE-2009-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2812"
},
{
"name": "CVE-2009-1272",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1272"
},
{
"name": "CVE-2009-1241",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1241"
},
{
"name": "CVE-2009-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
},
{
"name": "CVE-2009-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1371"
},
{
"name": "CVE-2008-6680",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6680"
},
{
"name": "CVE-2009-1270",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1270"
},
{
"name": "CVE-2009-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
},
{
"name": "CVE-2009-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2807"
},
{
"name": "CVE-2009-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2814"
},
{
"name": "CVE-2009-1863",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1863"
},
{
"name": "CVE-2009-1869",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1869"
},
{
"name": "CVE-2009-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2803"
}
],
"initial_release_date": "2009-09-11T00:00:00",
"last_revision_date": "2009-09-11T00:00:00",
"links": [],
"reference": "CERTA-2009-AVI-382",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eMacOS\nX\u003c/span\u003e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MacOS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT3865 du 10 septembre 2009",
"url": "http://support.apple.com/kb/HT3865"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT3864 du 11 septembre 2009",
"url": "http://support.apple.com/kb/HT3864"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…