Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:254 (php)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.68582
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2010:254 (php)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to php announced via advisory MDVSA-2010:254. This is a maintenance and security update that upgrades php to 5.3.4 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.4: * Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). * Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus values) (CVE-2010-4409) Please note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710 were fixed in previous advisories. Key Bug Fixes in PHP 5.3.4 include: * Added stat support for zip stream. * Added follow_location (enabled by default) option for the http stream support. * Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. * Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. * Multiple improvements to the FPM SAPI. * Over 100 other bug fixes. Additional post 5.3.4 fixes: * Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). * Fixed bug #53541 (format string bug in ext/phar). Additionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version. Affected: 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:254 http://bugs.php.net/bug.php?id=53517 http://bugs.php.net/bug.php?id=53541 http://www.php.net/ChangeLog-5.php#5.3.4 Risk factor : High CVSS Score: 6.8
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-7243 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 44951 http://www.securityfocus.com/bid/44951 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: HPSBUX02741 http://marc.info/?l=bugtraq&m=132871655717248&w=2 HPdes Security Advisory: SSRT100728 HPdes Security Advisory: SSRT100826 http://www.mandriva.com/security/advisories?name=MDVSA-2010:254 http://www.madirish.net/?article=436 http://openwall.com/lists/oss-security/2010/11/18/4 http://openwall.com/lists/oss-security/2010/11/18/5 http://openwall.com/lists/oss-security/2010/12/09/10 http://openwall.com/lists/oss-security/2010/12/09/11 http://openwall.com/lists/oss-security/2010/12/09/9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12569 RedHat Security Advisories: RHSA-2013:1307 http://rhn.redhat.com/errata/RHSA-2013-1307.html RedHat Security Advisories: RHSA-2013:1615 http://rhn.redhat.com/errata/RHSA-2013-1615.html RedHat Security Advisories: RHSA-2014:0311 http://rhn.redhat.com/errata/RHSA-2014-0311.html http://secunia.com/advisories/55078 Common Vulnerability Exposure (CVE) ID: CVE-2010-4409 BugTraq ID: 45119 http://www.securityfocus.com/bid/45119 Bugtraq: 20101210 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/515142/100/0/threaded CERT/CC vulnerability note: VU#479900 http://www.kb.cert.org/vuls/id/479900 http://www.exploit-db.com/exploits/15722 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:255 http://secunia.com/advisories/42812 http://secunia.com/advisories/47674 SuSE Security Announcement: openSUSE-SU-2012:0100 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html http://www.ubuntu.com/usn/USN-1042-1 http://www.vupen.com/english/advisories/2011/0020 http://www.vupen.com/english/advisories/2011/0021 http://www.vupen.com/english/advisories/2011/0077 Common Vulnerability Exposure (CVE) ID: CVE-2010-4150 BugTraq ID: 44980 http://www.securityfocus.com/bid/44980 http://www.mandriva.com/security/advisories?name=MDVSA-2010:239 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12489 http://www.securitytracker.com/id?1024761 http://secunia.com/advisories/42729 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 http://www.vupen.com/english/advisories/2010/3027 http://www.vupen.com/english/advisories/2010/3313 XForce ISS Database: php-phpimapc-dos(63390) https://exchange.xforce.ibmcloud.com/vulnerabilities/63390 Common Vulnerability Exposure (CVE) ID: CVE-2010-3870 BugTraq ID: 44605 http://www.securityfocus.com/bid/44605 http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224 http://bugs.php.net/bug.php?id=48230 http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html http://us2.php.net/manual/en/function.utf8-decode.php#83935 http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/ http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf http://www.openwall.com/lists/oss-security/2010/11/02/11 http://www.openwall.com/lists/oss-security/2010/11/02/2 http://www.openwall.com/lists/oss-security/2010/11/02/4 http://www.openwall.com/lists/oss-security/2010/11/02/6 http://www.openwall.com/lists/oss-security/2010/11/02/8 http://www.openwall.com/lists/oss-security/2010/11/02/1 http://www.openwall.com/lists/oss-security/2010/11/03/1 http://www.redhat.com/support/errata/RHSA-2010-0919.html http://www.redhat.com/support/errata/RHSA-2011-0195.html http://www.securitytracker.com/id?1024797 http://secunia.com/advisories/42410 SuSE Security Announcement: SUSE-SR:2010:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://www.vupen.com/english/advisories/2010/3081 Common Vulnerability Exposure (CVE) ID: CVE-2010-3436 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 44723 http://www.securityfocus.com/bid/44723 http://www.mandriva.com/security/advisories?name=MDVSA-2010:218 Common Vulnerability Exposure (CVE) ID: CVE-2010-3709 BugTraq ID: 44718 http://www.securityfocus.com/bid/44718 http://www.exploit-db.com/exploits/15431 HPdes Security Advisory: HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 HPdes Security Advisory: SSRT100409 http://www.securitytracker.com/id?1024690 http://securityreason.com/achievement_securityalert/90 Common Vulnerability Exposure (CVE) ID: CVE-2010-3710 BugTraq ID: 43926 http://www.securityfocus.com/bid/43926 http://www.redhat.com/support/errata/RHSA-2011-0196.html http://secunia.com/advisories/43189
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com