English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.68582
Kategorie:Mandrake Local Security Checks
Titel:Mandriva Security Advisory MDVSA-2010:254 (php)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to php
announced via advisory MDVSA-2010:254.

This is a maintenance and security update that upgrades php to 5.3.4
for 2010.0/2010.1.

Security Enhancements and Fixes in PHP 5.3.4:

* Paths with NULL in them (foo\0bar.txt) are now considered as invalid
(CVE-2006-7243).
* Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus values)
(CVE-2010-4409)

Please note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436,
CVE-2010-3709, CVE-2010-3710 were fixed in previous advisories.

Key Bug Fixes in PHP 5.3.4 include:

* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http
stream support.
* Added a 3rd parameter to get_html_translation_table. It now takes
a charset hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect
zend multibyte at runtime.
* Multiple improvements to the FPM SAPI.
* Over 100 other bug fixes.

Additional post 5.3.4 fixes:

* Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres
is down).
* Fixed bug #53541 (format string bug in ext/phar).

Additionally some of the PECL extensions has been upgraded and/or
rebuilt for the new php version.

Affected: 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:254
http://bugs.php.net/bug.php?id=53517
http://bugs.php.net/bug.php?id=53541
http://www.php.net/ChangeLog-5.php#5.3.4

Risk factor : High

CVSS Score:
6.8

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-7243
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
BugTraq ID: 44951
http://www.securityfocus.com/bid/44951
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
HPdes Security Advisory: HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
HPdes Security Advisory: HPSBUX02741
http://marc.info/?l=bugtraq&m=132871655717248&w=2
HPdes Security Advisory: SSRT100728
HPdes Security Advisory: SSRT100826
http://www.mandriva.com/security/advisories?name=MDVSA-2010:254
http://www.madirish.net/?article=436
http://openwall.com/lists/oss-security/2010/11/18/4
http://openwall.com/lists/oss-security/2010/11/18/5
http://openwall.com/lists/oss-security/2010/12/09/10
http://openwall.com/lists/oss-security/2010/12/09/11
http://openwall.com/lists/oss-security/2010/12/09/9
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12569
RedHat Security Advisories: RHSA-2013:1307
http://rhn.redhat.com/errata/RHSA-2013-1307.html
RedHat Security Advisories: RHSA-2013:1615
http://rhn.redhat.com/errata/RHSA-2013-1615.html
RedHat Security Advisories: RHSA-2014:0311
http://rhn.redhat.com/errata/RHSA-2014-0311.html
http://secunia.com/advisories/55078
Common Vulnerability Exposure (CVE) ID: CVE-2010-4409
BugTraq ID: 45119
http://www.securityfocus.com/bid/45119
Bugtraq: 20101210 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/515142/100/0/threaded
CERT/CC vulnerability note: VU#479900
http://www.kb.cert.org/vuls/id/479900
http://www.exploit-db.com/exploits/15722
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:255
http://secunia.com/advisories/42812
http://secunia.com/advisories/47674
SuSE Security Announcement: openSUSE-SU-2012:0100 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html
http://www.ubuntu.com/usn/USN-1042-1
http://www.vupen.com/english/advisories/2011/0020
http://www.vupen.com/english/advisories/2011/0021
http://www.vupen.com/english/advisories/2011/0077
Common Vulnerability Exposure (CVE) ID: CVE-2010-4150
BugTraq ID: 44980
http://www.securityfocus.com/bid/44980
http://www.mandriva.com/security/advisories?name=MDVSA-2010:239
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12489
http://www.securitytracker.com/id?1024761
http://secunia.com/advisories/42729
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619
http://www.vupen.com/english/advisories/2010/3027
http://www.vupen.com/english/advisories/2010/3313
XForce ISS Database: php-phpimapc-dos(63390)
https://exchange.xforce.ibmcloud.com/vulnerabilities/63390
Common Vulnerability Exposure (CVE) ID: CVE-2010-3870
1024797
http://www.securitytracker.com/id?1024797
42410
http://secunia.com/advisories/42410
42812
44605
http://www.securityfocus.com/bid/44605
ADV-2010-3081
http://www.vupen.com/english/advisories/2010/3081
ADV-2011-0020
ADV-2011-0021
ADV-2011-0077
APPLE-SA-2011-03-21-1
FEDORA-2010-18976
FEDORA-2010-19011
HPSBOV02763
MDVSA-2010:224
http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224
RHSA-2010:0919
http://www.redhat.com/support/errata/RHSA-2010-0919.html
RHSA-2011:0195
http://www.redhat.com/support/errata/RHSA-2011-0195.html
SSRT100826
SUSE-SR:2010:023
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
USN-1042-1
[oss-security] 20101102 Re: utf-8 security issue in php
http://www.openwall.com/lists/oss-security/2010/11/02/11
http://www.openwall.com/lists/oss-security/2010/11/02/2
http://www.openwall.com/lists/oss-security/2010/11/02/4
http://www.openwall.com/lists/oss-security/2010/11/02/6
http://www.openwall.com/lists/oss-security/2010/11/02/8
[oss-security] 20101102 utf-8 security issue in php
http://www.openwall.com/lists/oss-security/2010/11/02/1
[oss-security] 20101103 Re: utf-8 security issue in php
http://www.openwall.com/lists/oss-security/2010/11/03/1
http://bugs.php.net/bug.php?id=48230
http://bugs.php.net/bug.php?id=49687
http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
http://support.apple.com/kb/HT4581
http://svn.php.net/viewvc?view=revision&revision=304959
http://us2.php.net/manual/en/function.utf8-decode.php#83935
http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/
http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf
http://www.php.net/ChangeLog-5.php
Common Vulnerability Exposure (CVE) ID: CVE-2010-3436
42729
44723
http://www.securityfocus.com/bid/44723
ADV-2010-3313
APPLE-SA-2011-10-12-3
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
MDVSA-2010:218
http://www.mandriva.com/security/advisories?name=MDVSA-2010:218
SSA:2010-357-01
http://security-tracker.debian.org/tracker/CVE-2010-3436
http://support.apple.com/kb/HT5002
http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824
http://svn.php.net/viewvc?view=revision&revision=303824
http://www.php.net/archive/2010.php#id2010-12-10-1
http://www.php.net/releases/5_2_15.php
http://www.php.net/releases/5_3_4.php
Common Vulnerability Exposure (CVE) ID: CVE-2010-3709
1024690
http://www.securitytracker.com/id?1024690
15431
http://www.exploit-db.com/exploits/15431
20101105 PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
http://securityreason.com/achievement_securityalert/90
44718
http://www.securityfocus.com/bid/44718
HPSBMA02662
http://marc.info/?l=bugtraq&m=130331363227777&w=2
SSRT100409
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log
Common Vulnerability Exposure (CVE) ID: CVE-2010-3710
43189
http://secunia.com/advisories/43189
43926
http://www.securityfocus.com/bid/43926
RHSA-2011:0196
http://www.redhat.com/support/errata/RHSA-2011-0196.html
http://bugs.php.net/bug.php?id=52929
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.