Test Kennung:	1.3.6.1.4.1.25623.1.0.68325
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2010:224 (php)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to php announced via advisory MDVSA-2010:224. A vulnerability was discovered and corrected in php: A flaw in ext/xml/xml.c could cause a cross-site scripting (XSS) vulnerability (CVE-2010-3870). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:224 http://bugs.php.net/bug.php?id=49687 Risk factor : High CVSS Score: 6.8
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3870 1024797 http://www.securitytracker.com/id?1024797 42410 http://secunia.com/advisories/42410 42812 http://secunia.com/advisories/42812 44605 http://www.securityfocus.com/bid/44605 ADV-2010-3081 http://www.vupen.com/english/advisories/2010/3081 ADV-2011-0020 http://www.vupen.com/english/advisories/2011/0020 ADV-2011-0021 http://www.vupen.com/english/advisories/2011/0021 ADV-2011-0077 http://www.vupen.com/english/advisories/2011/0077 APPLE-SA-2011-03-21-1 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html FEDORA-2010-18976 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html FEDORA-2010-19011 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 MDVSA-2010:224 http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224 RHSA-2010:0919 http://www.redhat.com/support/errata/RHSA-2010-0919.html RHSA-2011:0195 http://www.redhat.com/support/errata/RHSA-2011-0195.html SSRT100826 SUSE-SR:2010:023 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html USN-1042-1 http://www.ubuntu.com/usn/USN-1042-1 [oss-security] 20101102 Re: utf-8 security issue in php http://www.openwall.com/lists/oss-security/2010/11/02/11 http://www.openwall.com/lists/oss-security/2010/11/02/2 http://www.openwall.com/lists/oss-security/2010/11/02/4 http://www.openwall.com/lists/oss-security/2010/11/02/6 http://www.openwall.com/lists/oss-security/2010/11/02/8 [oss-security] 20101102 utf-8 security issue in php http://www.openwall.com/lists/oss-security/2010/11/02/1 [oss-security] 20101103 Re: utf-8 security issue in php http://www.openwall.com/lists/oss-security/2010/11/03/1 http://bugs.php.net/bug.php?id=48230 http://bugs.php.net/bug.php?id=49687 http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html http://support.apple.com/kb/HT4581 http://svn.php.net/viewvc?view=revision&revision=304959 http://us2.php.net/manual/en/function.utf8-decode.php#83935 http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/ http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf http://www.php.net/ChangeLog-5.php
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.