cv-announce-l@list.iu.edu
Subject: cv alerts list
List archive
- From: Andrew K Adams <akadams@psc.edu>
- To: cv-announce@trustedci.org
- Subject: [cv-announce-l] Multiple Vulnerabilities in PHP (MS-ISAC 2018-046)
- Date: Mon, 30 Apr 2018 13:09:27 -0400
CI Operators and CI Developers
Multiple vulnerabilities have been discovered in PHP -- a programming language used for web-based applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected application. Failed exploitation of the vulnerabilities could result in a denial-of-service condition.
Affected Software:
* PHP 7.2 prior to 7.2.5
* PHP 7.1 prior to 7.1.17
* PHP 7.0 prior to 7.0.30
* PHP 5.0 prior to 5.6.36
Recommendation:
Upgrade PHP to the latest version. Additionally, ensure that PHP is running with the least privileges necessary.
References:
How Trusted CI can help:
The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI (formerly CTSC) can not provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (http://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.
- [cv-announce-l] Multiple Vulnerabilities in PHP (MS-ISAC 2018-046), Andrew K Adams, 04/30/2018
Archive powered by MHonArc 2.6.24.