Launchpad.net

CVE 2012-0057

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

Related bugs and status

CVE-2012-0057 (Candidate) is related to these bugs:

Bug #910296: Please backport the upstream patch to prevent attacks based on hash collisions

		In	Importance	Status
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Lucid)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Oneiric)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Maverick)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Hardy)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Natty)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Precise)	Medium	Fix Released

Bug #925772: UPDATE REQUEST: php53u 5.3.10 is available upstream

Summary				In	Importance	Status
	925772	UPDATE REQUEST: php53u 5.3.10 is available upstream		IUS Community Project	Undecided	Fix Released
	925772	UPDATE REQUEST: php53u 5.3.10 is available upstream		php5 (Ubuntu)	Undecided	Fix Released

Bug #931342: USN-1358-1 missing NEWS entry about XSLT write operations disabled by default

Summary				In	Importance	Status
	931342	USN-1358-1 missing NEWS entry about XSLT write operations disabled by default		php5 (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-0057

Related bugs and status

Related bugs

References