Slackware Local Security Checks : Slackware: Security Advisory (SSA:2007-314-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.59021

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2007-314-01)

Resumen: The remote host is missing an update for the 'php' package(s) announced via the SSA:2007-314-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php' package(s) announced via the SSA:2007-314-01 advisory.

Vulnerability Insight:
New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, 12.0,
and -current to fix security and other bugs.

Note that PHP5 was not officially supported in Slackware 10.1 or 10.2
(being in the /testing directory), and was not the default version of
PHP for Slackware 11.0 (being in the /extra directory), but updates are
being provided anyway.

Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/php-5.2.5-i486-1_slack12.0.tgz:
Upgraded to php-5.2.5.
This fixes bugs and security issues.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'php' package(s) on Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-4887
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 26403
http://www.securityfocus.com/bid/26403
Bugtraq: 20070910 /* PHP <=5.2.4 open_basedir bypass & code exec & denial of service errata ... working on windows too .. */ (Google Search)
http://www.securityfocus.com/archive/1/478988/100/0/threaded
Bugtraq: 20070910 PHP <=5.2.4 open_basedir bypass & code exec & denial of service (Google Search)
http://www.securityfocus.com/archive/1/478985/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
HPdes Security Advisory: HPSBUX02308
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
HPdes Security Advisory: HPSBUX02332
http://www.securityfocus.com/archive/1/491693/100/0/threaded
HPdes Security Advisory: SSRT080010
HPdes Security Advisory: SSRT080056
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767
http://secunia.com/advisories/27102
http://secunia.com/advisories/27659
http://secunia.com/advisories/28750
http://secunia.com/advisories/29420
http://secunia.com/advisories/30040
http://securityreason.com/securityalert/3133
http://www.vupen.com/english/advisories/2007/3825
http://www.vupen.com/english/advisories/2008/0398
http://www.vupen.com/english/advisories/2008/0924/references

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.59021
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2007-314-01)
Resumen:	The remote host is missing an update for the 'php' package(s) announced via the SSA:2007-314-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php' package(s) announced via the SSA:2007-314-01 advisory. Vulnerability Insight: New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, 12.0, and -current to fix security and other bugs. Note that PHP5 was not officially supported in Slackware 10.1 or 10.2 (being in the /testing directory), and was not the default version of PHP for Slackware 11.0 (being in the /extra directory), but updates are being provided anyway. Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ patches/packages/php-5.2.5-i486-1_slack12.0.tgz: Upgraded to php-5.2.5. This fixes bugs and security issues. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'php' package(s) on Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4887 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 26403 http://www.securityfocus.com/bid/26403 Bugtraq: 20070910 /* PHP <=5.2.4 open_basedir bypass & code exec & denial of service errata ... working on windows too .. */ (Google Search) http://www.securityfocus.com/archive/1/478988/100/0/threaded Bugtraq: 20070910 PHP <=5.2.4 open_basedir bypass & code exec & denial of service (Google Search) http://www.securityfocus.com/archive/1/478985/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml HPdes Security Advisory: HPSBUX02308 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 HPdes Security Advisory: HPSBUX02332 http://www.securityfocus.com/archive/1/491693/100/0/threaded HPdes Security Advisory: SSRT080010 HPdes Security Advisory: SSRT080056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767 http://secunia.com/advisories/27102 http://secunia.com/advisories/27659 http://secunia.com/advisories/28750 http://secunia.com/advisories/29420 http://secunia.com/advisories/30040 http://securityreason.com/securityalert/3133 http://www.vupen.com/english/advisories/2007/3825 http://www.vupen.com/english/advisories/2008/0398 http://www.vupen.com/english/advisories/2008/0924/references
Copyright	Copyright (C) 2012 Greenbone AG