FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- multiple vulnerabilities

Affected packages
	php5	<	5.3.9
	php5-exif	<	5.3.9
	php52	<	5.2.17_5
	php52-exif	<	5.2.17_6

Details

VuXML ID	d3921810-3c80-11e1-97e8-00215c6a37bb
Discovery	2011-12-29
Entry	2012-01-11
Modified	2012-01-19

php development team reports:

Security Enhancements and Fixes in PHP 5.3.9:

Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)

Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)

[source]

References

CVE Name	CVE-2011-4566
CVE Name	CVE-2011-4885
URL	http://www.nruns.com/_downloads/advisory28122011.pdf