Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69973
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2266-1 (php5)
Summary:The remote host is missing an update to php5;announced via advisory DSA 2266-1.
Description:Summary:
The remote host is missing an update to php5
announced via advisory DSA 2266-1.

Vulnerability Insight:
Several vulnerabilities were discovered in PHP, which could lead to
denial of service or potentially the execution of arbitrary code.

CVE-2010-2531

An information leak was found in the var_export() function.

CVE-2011-0421

The Zip module could crash.

CVE-2011-0708

An integer overflow was discovered in the Exif module.

CVE-2011-1466

An integer overflow was discovered in the Calendar module.

CVE-2011-1471

The Zip module was prone to denial of service through malformed
archives.

CVE-2011-2202

Path names in form based file uploads (RFC 1867) were incorrectly
validated.

This update also fixes two bugs, which are not treated as security
issues, but fixed nonetheless, see README.Debian.security for details
on the scope of security support for PHP (CVE-2011-0420, CVE-2011-1153).

For the oldstable distribution (lenny), this problem has been fixed in
version 5.2.6.dfsg.1-1+lenny12.

For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze3.

For the unstable distribution (sid), this problem has been fixed in
version 5.3.6-12.

Solution:
We recommend that you upgrade your php5 packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2531
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Debian Security Information: DSA-2266 (Google Search)
http://www.debian.org/security/2011/dsa-2266
HPdes Security Advisory: HPSBMA02662
http://marc.info/?l=bugtraq&m=130331363227777&w=2
HPdes Security Advisory: HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
HPdes Security Advisory: SSRT100409
HPdes Security Advisory: SSRT100826
http://www.openwall.com/lists/oss-security/2010/07/13/1
http://www.openwall.com/lists/oss-security/2010/07/16/3
http://www.redhat.com/support/errata/RHSA-2010-0919.html
http://secunia.com/advisories/42410
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
SuSE Security Announcement: SUSE-SR:2010:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
http://www.vupen.com/english/advisories/2010/3081
Common Vulnerability Exposure (CVE) ID: CVE-2011-0420
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 46429
http://www.securityfocus.com/bid/46429
Bugtraq: 20110216 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference (Google Search)
http://www.securityfocus.com/archive/1/516504/100/0/threaded
Bugtraq: 20110217 Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference (Google Search)
http://www.securityfocus.com/archive/1/516518/100/0/threaded
CERT/CC vulnerability note: VU#210829
http://www.kb.cert.org/vuls/id/210829
http://www.exploit-db.com/exploits/16182
http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449
http://securityreason.com/securityalert/8087
http://securityreason.com/achievement_securityalert/94
XForce ISS Database: php-graphemeextract-dos(65437)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65437
Common Vulnerability Exposure (CVE) ID: CVE-2011-0421
BugTraq ID: 46354
http://www.securityfocus.com/bid/46354
Bugtraq: 20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) (Google Search)
http://www.securityfocus.com/archive/1/517065/100/0/threaded
http://www.exploit-db.com/exploits/17004
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
http://www.mandriva.com/security/advisories?name=MDVSA-2011:099
http://secunia.com/advisories/43621
http://securityreason.com/securityalert/8146
http://securityreason.com/achievement_securityalert/96
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/0744
http://www.vupen.com/english/advisories/2011/0764
http://www.vupen.com/english/advisories/2011/0890
XForce ISS Database: libzip-zipnamelocate-dos(66173)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66173
Common Vulnerability Exposure (CVE) ID: CVE-2011-0708
BugTraq ID: 46365
http://www.securityfocus.com/bid/46365
http://www.exploit-db.com/exploits/16261/
http://openwall.com/lists/oss-security/2011/02/14/1
http://openwall.com/lists/oss-security/2011/02/16/7
http://www.redhat.com/support/errata/RHSA-2011-1423.html
RedHat Security Advisories: RHSA-2012:0071
http://rhn.redhat.com/errata/RHSA-2012-0071.html
http://securityreason.com/securityalert/8114
Common Vulnerability Exposure (CVE) ID: CVE-2011-1153
BugTraq ID: 46854
http://www.securityfocus.com/bid/46854
http://openwall.com/lists/oss-security/2011/03/14/13
http://openwall.com/lists/oss-security/2011/03/14/14
http://openwall.com/lists/oss-security/2011/03/14/24
http://secunia.com/advisories/43744
XForce ISS Database: php-pharobject-format-string(66079)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66079
Common Vulnerability Exposure (CVE) ID: CVE-2011-1466
BugTraq ID: 46967
http://www.securityfocus.com/bid/46967
http://secunia.com/advisories/48668
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1471
BugTraq ID: 46975
http://www.securityfocus.com/bid/46975
Common Vulnerability Exposure (CVE) ID: CVE-2011-2202
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 48259
http://www.securityfocus.com/bid/48259
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://pastebin.com/1edSuSVN
http://openwall.com/lists/oss-security/2011/06/12/5
http://openwall.com/lists/oss-security/2011/06/13/15
http://securitytracker.com/id?1025659
http://secunia.com/advisories/44874
XForce ISS Database: php-sapiposthandlerfunc-sec-bypass(67999)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67999
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.