SB2011101004 - Gentoo update for PHP
Published: October 10, 2011 Updated: June 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 64 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2006-7243)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
PHP before 5.3.4 accepts the � character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php�.jpg at the end of the argument to the file_exists function.
2) Cross-site scripting (CVE-ID: CVE-2009-5016)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Cryptographic issues (CVE-ID: CVE-2010-1128)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
4) Input validation error (CVE-ID: CVE-2010-1129)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2010-1130)
The vulnerability allows a remote non-authenticated attacker to corrupt data.
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
6) Information disclosure (CVE-ID: CVE-2010-1860)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.
7) Resource management error (CVE-ID: CVE-2010-1861)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource.
8) Information disclosure (CVE-ID: CVE-2010-1862)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
9) Information disclosure (CVE-ID: CVE-2010-1864)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
10) Integer overflow (CVE-ID: CVE-2010-1866)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
11) Code Injection (CVE-ID: CVE-2010-1868)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.
12) Information disclosure (CVE-ID: CVE-2010-1914)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function.
13) Information disclosure (CVE-ID: CVE-2010-1915)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.
14) Resource management error (CVE-ID: CVE-2010-1917)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.
15) Use-after-free (CVE-ID: CVE-2010-2093)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a stream context structure that is freed before destruction occurs. A context-dependent attackers can cause a denial of service (crash).
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
16) Format string error (CVE-ID: CVE-2010-2094)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.
17) Information disclosure (CVE-ID: CVE-2010-2097)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
18) Information disclosure (CVE-ID: CVE-2010-2100)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
19) Information disclosure (CVE-ID: CVE-2010-2101)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
20) Information disclosure (CVE-ID: CVE-2010-2190)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
21) Buffer overflow (CVE-ID: CVE-2010-2191)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.
22) Use-after-free (CVE-ID: CVE-2010-2225)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing serialized data, related to the PHP unserialize function. A remote attackers can execute arbitrary code or obtain sensitive information.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
23) Information disclosure (CVE-ID: CVE-2010-2484)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.
24) Information disclosure (CVE-ID: CVE-2010-2531)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.
25) Format string error (CVE-ID: CVE-2010-2950)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
26) Heap-based buffer overflow (CVE-ID: CVE-2010-3062)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2. A remote attacker can use a modified length value to trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Heap-based buffer overflow (CVE-ID: CVE-2010-3063)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which. A remote attacker can use crafted inputs that cause a negative length value to be used. to trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Stack-based buffer overflow (CVE-ID: CVE-2010-3064)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the php_mysqlnd_auth_write function in the Mysqlnd extension when processing a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2010-3065)
The vulnerability allows a remote non-authenticated attacker to corrupt data.
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.
30) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2010-3436)
The vulnerability allows a remote non-authenticated attacker to corrupt data.
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
31) NULL pointer dereference (CVE-ID: CVE-2010-3709)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted ZIP archive.
32) Resource management error (CVE-ID: CVE-2010-3710)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.
33) Cross-site scripting (CVE-ID: CVE-2010-3870)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via a crafted string. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
34) Resource management error (CVE-ID: CVE-2010-4150)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
35) Input validation error (CVE-ID: CVE-2010-4409)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
36) Input validation error (CVE-ID: CVE-2010-4645)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
37) Resource management error (CVE-ID: CVE-2010-4697)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.
38) Stack-based buffer overflow (CVE-ID: CVE-2010-4698)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a large number of anti-aliasing steps in an argument to the imagepstext function. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Input validation error (CVE-ID: CVE-2010-4699)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.
40) SQL injection (CVE-ID: CVE-2010-4700)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
41) Input validation error (CVE-ID: CVE-2011-0420)
The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
42) Input validation error (CVE-ID: CVE-2011-0421)
The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
43) Out-of-bounds read (CVE-ID: CVE-2011-0708)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which. A remote attacker can perform a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.
44) Input validation error (CVE-ID: CVE-2011-0752)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.
45) Race condition (CVE-ID: CVE-2011-0753)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.
46) Input validation error (CVE-ID: CVE-2011-0755)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.
47) Input validation error (CVE-ID: CVE-2011-1092)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.
48) Resource management error (CVE-ID: CVE-2011-1148)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
49) Format string error (CVE-ID: CVE-2011-1153)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
50) Buffer overflow (CVE-ID: CVE-2011-1464)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.
51) Input validation error (CVE-ID: CVE-2011-1466)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.
52) Input validation error (CVE-ID: CVE-2011-1467)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
53) Resource management error (CVE-ID: CVE-2011-1468)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.
54) Input validation error (CVE-ID: CVE-2011-1469)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.
55) Input validation error (CVE-ID: CVE-2011-1470)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.
56) Input validation error (CVE-ID: CVE-2011-1471)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
57) Resource management error (CVE-ID: CVE-2011-1657)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.
58) Stack-based buffer overflow (CVE-ID: CVE-2011-1938)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long pathname for a UNIX socket. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
59) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-2202)
The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
60) Cryptographic issues (CVE-ID: CVE-2011-2483)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
61) Input validation error (CVE-ID: CVE-2011-3182)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
62) Cryptographic issues (CVE-ID: CVE-2011-3189)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.
63) Resource management error (CVE-ID: CVE-2011-3267)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.
64) Buffer overflow (CVE-ID: CVE-2011-3268)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.
Remediation
Install update from vendor's website.