Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.68258 |
Kategorie: | Mandrake Local Security Checks |
Titel: | Mandriva Security Advisory MDVSA-2010:140 (php) |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing an update to php announced via advisory MDVSA-2010:140. This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.3: * Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). * Fixed a possible resource destruction issues in shm_put_var(). * Fixed a possible information leak because of interruption of XOR operator. * Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks. * Fixed a possible memory corruption in ArrayObject::uasort(). * Fixed a possible memory corruption in parse_str(). * Fixed a possible memory corruption in pack(). * Fixed a possible memory corruption in substr_replace(). * Fixed a possible memory corruption in addcslashes(). * Fixed a possible stack exhaustion inside fnmatch(). * Fixed a possible dechunking filter buffer overflow. * Fixed a possible arbitrary memory access inside sqlite extension. * Fixed string format validation inside phar extension. * Fixed handling of session variable serialization on certain prefix characters. * Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). * Fixed SplObjectStorage unserialization problems (CVE-2010-2225). * Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. * Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version. Affected: 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:140 http://www.php.net/ChangeLog-5.php#5.3.3 Risk factor : High CVSS Score: 7.5 |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2531 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html Debian Security Information: DSA-2266 (Google Search) http://www.debian.org/security/2011/dsa-2266 HPdes Security Advisory: HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100409 HPdes Security Advisory: SSRT100826 http://www.openwall.com/lists/oss-security/2010/07/13/1 http://www.openwall.com/lists/oss-security/2010/07/16/3 http://www.redhat.com/support/errata/RHSA-2010-0919.html http://secunia.com/advisories/42410 SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html SuSE Security Announcement: SUSE-SR:2010:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://www.vupen.com/english/advisories/2010/3081 Common Vulnerability Exposure (CVE) ID: CVE-2010-0397 BugTraq ID: 38708 http://www.securityfocus.com/bid/38708 http://www.mandriva.com/security/advisories?name=MDVSA-2010:068 http://www.openwall.com/lists/oss-security/2010/03/12/5 SuSE Security Announcement: SUSE-SR:2010:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.vupen.com/english/advisories/2010/0724 Common Vulnerability Exposure (CVE) ID: CVE-2010-2225 BugTraq ID: 40948 http://www.securityfocus.com/bid/40948 Debian Security Information: DSA-2089 (Google Search) http://www.debian.org/security/2010/dsa-2089 http://pastebin.com/mXGidCsd http://twitter.com/i0n1c/statuses/16373156076 http://twitter.com/i0n1c/statuses/16447867829 https://bugzilla.redhat.com/show_bug.cgi?id=605641 http://secunia.com/advisories/40860 XForce ISS Database: php-splobjectstorage-code-execution(59610) https://exchange.xforce.ibmcloud.com/vulnerabilities/59610 |
Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |