Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-2335

Published: 11 May 2012

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.

Notes

AuthorNote
sbeattie
we gave a bit of advice in CVE-2012-2311 about this issue
mdeslaur
this is a further mitigation

Priority

Negligible

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
upstream
Released (5.4.3, 5.3.13)
hardy
Released (5.2.4-2ubuntu5.25)
lucid
Released (5.3.2-1ubuntu4.17)
natty
Released (5.3.5-1ubuntu7.10)
oneiric
Released (5.3.6-13ubuntu3.8)
precise
Released (5.3.10-1ubuntu3.2)
Patches:
upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=000e84aa88ce16deabbf61e7086fc8db63ca88aa