Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200610-14 (php)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57912

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200610-14 (php)

Resumen: The remote host is missing updates announced in;advisory GLSA 200610-14.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200610-14.

Vulnerability Insight:
PHP is vulnerable to an integer overflow potentially allowing the remote
execution of arbitrary code.

Solution:
All PHP 5.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/php-5.1.6-r6'

All PHP 4.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/php-4.4.4-r6'

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-4812
1016984
http://securitytracker.com/id?1016984
1691
http://securityreason.com/securityalert/1691
2006-0055
http://www.trustix.org/errata/2006/0055
20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow
http://www.securityfocus.com/archive/1/448014/100/0/threaded
20349
http://www.securityfocus.com/bid/20349
22280
http://secunia.com/advisories/22280
22281
http://secunia.com/advisories/22281
22300
http://secunia.com/advisories/22300
22331
http://secunia.com/advisories/22331
22338
http://secunia.com/advisories/22338
22533
http://secunia.com/advisories/22533
22538
http://secunia.com/advisories/22538
22650
http://secunia.com/advisories/22650
ADV-2006-3922
http://www.vupen.com/english/advisories/2006/3922
GLSA-200610-14
http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml
OpenPKG-SA-2006.023
http://www.securityfocus.com/archive/1/448953/100/0/threaded
RHSA-2006:0688
http://rhn.redhat.com/errata/RHSA-2006-0688.html
RHSA-2006:0708
http://rhn.redhat.com/errata/RHSA-2006-0708.html
SUSE-SA:2006:059
http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html
USN-362-1
http://www.ubuntu.com/usn/usn-362-1
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162
http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm
http://www.hardened-php.net/advisory_092006.133.html
http://www.hardened-php.net/files/CVE-2006-4812.patch
php-ecalloc-integer-overflow(29362)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29362

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57912
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200610-14 (php)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200610-14.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200610-14. Vulnerability Insight: PHP is vulnerable to an integer overflow potentially allowing the remote execution of arbitrary code. Solution: All PHP 5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.1.6-r6' All PHP 4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-4.4.4-r6' CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4812 1016984 http://securitytracker.com/id?1016984 1691 http://securityreason.com/securityalert/1691 2006-0055 http://www.trustix.org/errata/2006/0055 20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow http://www.securityfocus.com/archive/1/448014/100/0/threaded 20349 http://www.securityfocus.com/bid/20349 22280 http://secunia.com/advisories/22280 22281 http://secunia.com/advisories/22281 22300 http://secunia.com/advisories/22300 22331 http://secunia.com/advisories/22331 22338 http://secunia.com/advisories/22338 22533 http://secunia.com/advisories/22533 22538 http://secunia.com/advisories/22538 22650 http://secunia.com/advisories/22650 ADV-2006-3922 http://www.vupen.com/english/advisories/2006/3922 GLSA-200610-14 http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml OpenPKG-SA-2006.023 http://www.securityfocus.com/archive/1/448953/100/0/threaded RHSA-2006:0688 http://rhn.redhat.com/errata/RHSA-2006-0688.html RHSA-2006:0708 http://rhn.redhat.com/errata/RHSA-2006-0708.html SUSE-SA:2006:059 http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html USN-362-1 http://www.ubuntu.com/usn/usn-362-1 http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162 http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm http://www.hardened-php.net/advisory_092006.133.html http://www.hardened-php.net/files/CVE-2006-4812.patch php-ecalloc-integer-overflow(29362) https://exchange.xforce.ibmcloud.com/vulnerabilities/29362
Copyright	Copyright (C) 2008 E-Soft Inc.