GLSA-201612-17 : PECL HTTP: Remote execution of arbitrary code
High Nessus Plugin ID 95603
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201612-17 (PECL HTTP: Remote execution of arbitrary code)
A buffer overflow can be triggered in the URL parsing functions of the PECL HTTP extension. This allows overflowing a buffer with data originating from an arbitrary HTTP request.
A remote attacker, through a specially crafted URI, could possibly execute arbitrary code with the privileges of the process.
There is no known workaround at this time.
SolutionAll PECL HTTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-php/pecl-http-2.5.6'