Main Vulnerability Database SB2009100401

SB2009100401 - Slackware Linux update for php

Published: October 4, 2009 Updated: June 28, 2025

Security Bulletin ID SB2009100401

Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2009-3291)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

2) Input validation error (CVE-ID: CVE-2009-3292)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."

3) Input validation error (CVE-ID: CVE-2009-3293)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

Remediation

Install update from vendor's website.

References

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.455164

SB2009100401 - Slackware Linux update for php

Breakdown by Severity

Description

Remediation

References

Please verify you're human