ID: IRCNE2012061531
Date: 2012-06-19
According to "internetnews", PHP language issued security updates LAS week addressing multiple vulnerabilities.
The two security flaws fixed in PHP 5.4.4 and PHP 5.3.14 are related to each other and could potentially enable an attacker to execute arbitrary code. The primary flaw, identified as CVE-2012-2143 is a security issue with the DES (Data Encryption Standard)implementation found within the PHP "crypt()" function.
The second flaw identified as CVE-2012-2386, is a vulnerability within the PHP phar extension. Phar enables entire PHP applications to be placed into a PHP Archive (phar) file.
- 2