PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code.
Package | dev-lang/php on all architectures |
---|---|
Affected versions | < 5.2.6-r6 |
Unaffected versions | >= 5.2.6-r6 |
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.
Several vulnerabilitites were found in PHP:
These vulnerabilities might allow a remote attacker to execute arbitrary code, to cause a Denial of Service, to circumvent security restrictions, to disclose information, and to manipulate files.
There is no known workaround at this time.
All PHP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.6-r6"