Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70204
Category:Fedora Local Security Checks
Title:Fedora Core 16 FEDORA-2011-11464 (php-eaccelerator)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to php-eaccelerator
announced via advisory FEDORA-2011-11464.

Update Information:

Security Enhancements and Fixes:

* Updated crypt_blowfish to 1.2. (CVE-2011-2483)
* Fixed crash in error_log(). Reported by Mateusz Kocielski
* Fixed buffer overflow on overlog salt in crypt().
* Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
* Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
* Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)

Upstream announce for 5.3.8: http://www.php.net/archive/2011.php#id2011-08-23-1

Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1

Full Changelog: http://www.php.net/ChangeLog-5.php#5.3.8

php package now provides both apache modules (for prefork and worker MPM).

References:

[ 1 ] Bug #715025 - CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
https://bugzilla.redhat.com/show_bug.cgi?id=715025
[ 2 ] Bug #713194 - CVE-2011-2202 php: file path injection vulnerability in RFC1867 file upload filename
https://bugzilla.redhat.com/show_bug.cgi?id=713194
[ 3 ] Bug #709067 - CVE-2011-1938 php: stack-based buffer overflow in socket_connect()
https://bugzilla.redhat.com/show_bug.cgi?id=709067
[ 4 ] Bug #688958 - CVE-2011-1148 php: use-after-free vulnerability in substr_replace()
https://bugzilla.redhat.com/show_bug.cgi?id=688958
[ 5 ] Bug #732516 - CVE-2011-3182 PHP multiple NULL pointer dereferences
https://bugzilla.redhat.com/show_bug.cgi?id=732516

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update php-eaccelerator' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2011-11464

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-2483
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
Debian Security Information: DSA-2340 (Google Search)
http://www.debian.org/security/2011/dsa-2340
Debian Security Information: DSA-2399 (Google Search)
http://www.debian.org/security/2012/dsa-2399
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
http://www.mandriva.com/security/advisories?name=MDVSA-2011:180
http://freshmeat.net/projects/crypt_blowfish
http://www.redhat.com/support/errata/RHSA-2011-1377.html
http://www.redhat.com/support/errata/RHSA-2011-1378.html
http://www.redhat.com/support/errata/RHSA-2011-1423.html
SuSE Security Announcement: SUSE-SA:2011:035 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html
http://www.ubuntu.com/usn/USN-1229-1
XForce ISS Database: php-cryptblowfish-info-disclosure(69319)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69319
Common Vulnerability Exposure (CVE) ID: CVE-2011-2202
BugTraq ID: 48259
http://www.securityfocus.com/bid/48259
Debian Security Information: DSA-2266 (Google Search)
http://www.debian.org/security/2011/dsa-2266
HPdes Security Advisory: HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
HPdes Security Advisory: SSRT100826
http://pastebin.com/1edSuSVN
http://openwall.com/lists/oss-security/2011/06/12/5
http://openwall.com/lists/oss-security/2011/06/13/15
RedHat Security Advisories: RHSA-2012:0071
http://rhn.redhat.com/errata/RHSA-2012-0071.html
http://securitytracker.com/id?1025659
http://secunia.com/advisories/44874
XForce ISS Database: php-sapiposthandlerfunc-sec-bypass(67999)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67999
Common Vulnerability Exposure (CVE) ID: CVE-2011-1938
http://www.exploit-db.com/exploits/17318/
http://openwall.com/lists/oss-security/2011/05/24/1
http://openwall.com/lists/oss-security/2011/05/24/9
http://osvdb.org/72644
http://securityreason.com/securityalert/8262
http://securityreason.com/securityalert/8294
XForce ISS Database: php-socketconnect-bo(67606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67606
Common Vulnerability Exposure (CVE) ID: CVE-2011-1148
BugTraq ID: 46843
http://www.securityfocus.com/bid/46843
http://openwall.com/lists/oss-security/2011/03/13/2
http://openwall.com/lists/oss-security/2011/03/13/3
http://openwall.com/lists/oss-security/2011/03/13/9
XForce ISS Database: php-substrreplace-code-exec(66080)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66080
Common Vulnerability Exposure (CVE) ID: CVE-2011-3182
BugTraq ID: 49249
http://www.securityfocus.com/bid/49249
http://marc.info/?l=full-disclosure&m=131373057621672&w=2
http://www.openwall.com/lists/oss-security/2011/08/22/9
http://securityreason.com/achievement_securityalert/101
XForce ISS Database: php-library-functions-dos(69430)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69430
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.