Scientific Linux Security Update : php53 on SL5.x i386/x86_64
High Nessus Plugin ID 61237
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
It was discovered that the fix for CVE-2011-4885 (released via in a previous update for php53) introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830)
All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
SolutionUpdate the affected packages.