Slackware Local Security Checks : Slackware: Security Advisory (SSA:2008-339-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.62847

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2008-339-01)

Resumen: The remote host is missing an update for the 'php' package(s) announced via the SSA:2008-339-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php' package(s) announced via the SSA:2008-339-01 advisory.

Vulnerability Insight:
New php packages are available for Slackware 12.0, 12.1, and -current to
fix security issues, as well as make improvements and fix bugs.

Here are the details from the Slackware 12.1 ChangeLog:
+--------------------------+
patches/packages/php-5.2.7-i486-1_slack12.1.tgz: Upgraded to php-5.2.7.
In addition to improvements and bug fixes, this new version of PHP also
addresses several security issues, including:
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Crash with URI/file..php (filename contains 2 dots). (Fixes CVE-2008-3660).
rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829).
Fixed extraction of zip files or directories when the entry name is a
relative path: [link moved to references]
These are the URLs to get more information:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'php' package(s) on Slackware 12.0, Slackware 12.1, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2665
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
BugTraq ID: 29797
http://www.securityfocus.com/bid/29797
Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/501376/100/0/threaded
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://security.gentoo.org/glsa/glsa-200811-05.xml
HPdes Security Advisory: HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT090085
HPdes Security Advisory: SSRT090192
http://www.securitytracker.com/id?1020327
http://secunia.com/advisories/32746
http://secunia.com/advisories/35074
http://secunia.com/advisories/35650
http://securityreason.com/securityalert/3941
http://securityreason.com/achievement_securityalert/54
http://www.vupen.com/english/advisories/2009/1297
XForce ISS Database: php-posixaccess-security-bypass(43196)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43196
Common Vulnerability Exposure (CVE) ID: CVE-2008-2666
BugTraq ID: 29796
http://www.securityfocus.com/bid/29796
http://www.securitytracker.com/id?1020328
http://securityreason.com/securityalert/3942
http://securityreason.com/achievement_securityalert/55
XForce ISS Database: php-chdir-ftoc-security-bypass(43198)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43198
Common Vulnerability Exposure (CVE) ID: CVE-2008-2829
BugTraq ID: 29829
http://www.securityfocus.com/bid/29829
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
http://bugs.php.net/bug.php?id=42862
http://www.openwall.com/lists/oss-security/2008/06/19/6
http://www.openwall.com/lists/oss-security/2008/06/24/2
http://osvdb.org/46641
http://secunia.com/advisories/31200
http://secunia.com/advisories/35306
SuSE Security Announcement: SUSE-SR:2008:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
http://www.ubuntu.com/usn/usn-628-1
XForce ISS Database: php-phpimap-dos(43357)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43357
Common Vulnerability Exposure (CVE) ID: CVE-2008-3658
BugTraq ID: 30649
http://www.securityfocus.com/bid/30649
Debian Security Information: DSA-1647 (Google Search)
http://www.debian.org/security/2008/dsa-1647
HPdes Security Advisory: HPSBTU02382
http://www.securityfocus.com/archive/1/498647/100/0/threaded
HPdes Security Advisory: HPSBUX02401
http://marc.info/?l=bugtraq&m=123376588623823&w=2
HPdes Security Advisory: SSRT080132
HPdes Security Advisory: SSRT090005
http://www.mandriva.com/security/advisories?name=MDVSA-2009:021
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.mandriva.com/security/advisories?name=MDVSA-2009:024
http://news.php.net/php.cvs/51219
http://www.openwall.com/lists/oss-security/2008/08/08/2
http://www.openwall.com/lists/oss-security/2008/08/13/8
http://osvdb.org/47484
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9724
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://secunia.com/advisories/31982
http://secunia.com/advisories/32148
http://secunia.com/advisories/32316
http://secunia.com/advisories/32884
http://secunia.com/advisories/33797
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
SuSE Security Announcement: SUSE-SR:2008:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
http://www.vupen.com/english/advisories/2008/2336
http://www.vupen.com/english/advisories/2008/3275
http://www.vupen.com/english/advisories/2009/0320
XForce ISS Database: php-imageloadfont-dos(44401)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44401
Common Vulnerability Exposure (CVE) ID: CVE-2008-3659
http://www.openwall.com/lists/oss-security/2008/08/08/3
http://www.openwall.com/lists/oss-security/2008/08/08/4
http://osvdb.org/47483
http://www.securitytracker.com/id?1020995
XForce ISS Database: php-memnstr-bo(44405)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44405
Common Vulnerability Exposure (CVE) ID: CVE-2008-3660
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597
http://www.securitytracker.com/id?1020994
XForce ISS Database: php-curl-unspecified(44402)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44402

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.62847
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2008-339-01)
Resumen:	The remote host is missing an update for the 'php' package(s) announced via the SSA:2008-339-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php' package(s) announced via the SSA:2008-339-01 advisory. Vulnerability Insight: New php packages are available for Slackware 12.0, 12.1, and -current to fix security issues, as well as make improvements and fix bugs. Here are the details from the Slackware 12.1 ChangeLog: +--------------------------+ patches/packages/php-5.2.7-i486-1_slack12.1.tgz: Upgraded to php-5.2.7. In addition to improvements and bug fixes, this new version of PHP also addresses several security issues, including: Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. Crash with URI/file..php (filename contains 2 dots). (Fixes CVE-2008-3660). rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829). Fixed extraction of zip files or directories when the entry name is a relative path: [link moved to references] These are the URLs to get more information: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'php' package(s) on Slackware 12.0, Slackware 12.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2665 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 29797 http://www.securityfocus.com/bid/29797 Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/501376/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://security.gentoo.org/glsa/glsa-200811-05.xml HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: SSRT090085 HPdes Security Advisory: SSRT090192 http://www.securitytracker.com/id?1020327 http://secunia.com/advisories/32746 http://secunia.com/advisories/35074 http://secunia.com/advisories/35650 http://securityreason.com/securityalert/3941 http://securityreason.com/achievement_securityalert/54 http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: php-posixaccess-security-bypass(43196) https://exchange.xforce.ibmcloud.com/vulnerabilities/43196 Common Vulnerability Exposure (CVE) ID: CVE-2008-2666 BugTraq ID: 29796 http://www.securityfocus.com/bid/29796 http://www.securitytracker.com/id?1020328 http://securityreason.com/securityalert/3942 http://securityreason.com/achievement_securityalert/55 XForce ISS Database: php-chdir-ftoc-security-bypass(43198) https://exchange.xforce.ibmcloud.com/vulnerabilities/43198 Common Vulnerability Exposure (CVE) ID: CVE-2008-2829 BugTraq ID: 29829 http://www.securityfocus.com/bid/29829 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 http://www.mandriva.com/security/advisories?name=MDVSA-2008:128 http://bugs.php.net/bug.php?id=42862 http://www.openwall.com/lists/oss-security/2008/06/19/6 http://www.openwall.com/lists/oss-security/2008/06/24/2 http://osvdb.org/46641 http://secunia.com/advisories/31200 http://secunia.com/advisories/35306 SuSE Security Announcement: SUSE-SR:2008:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://www.ubuntu.com/usn/usn-628-1 XForce ISS Database: php-phpimap-dos(43357) https://exchange.xforce.ibmcloud.com/vulnerabilities/43357 Common Vulnerability Exposure (CVE) ID: CVE-2008-3658 BugTraq ID: 30649 http://www.securityfocus.com/bid/30649 Debian Security Information: DSA-1647 (Google Search) http://www.debian.org/security/2008/dsa-1647 HPdes Security Advisory: HPSBTU02382 http://www.securityfocus.com/archive/1/498647/100/0/threaded HPdes Security Advisory: HPSBUX02401 http://marc.info/?l=bugtraq&m=123376588623823&w=2 HPdes Security Advisory: SSRT080132 HPdes Security Advisory: SSRT090005 http://www.mandriva.com/security/advisories?name=MDVSA-2009:021 http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 http://www.mandriva.com/security/advisories?name=MDVSA-2009:024 http://news.php.net/php.cvs/51219 http://www.openwall.com/lists/oss-security/2008/08/08/2 http://www.openwall.com/lists/oss-security/2008/08/13/8 http://osvdb.org/47484 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9724 http://www.redhat.com/support/errata/RHSA-2009-0350.html http://secunia.com/advisories/31982 http://secunia.com/advisories/32148 http://secunia.com/advisories/32316 http://secunia.com/advisories/32884 http://secunia.com/advisories/33797 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html SuSE Security Announcement: SUSE-SR:2008:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://www.vupen.com/english/advisories/2008/2336 http://www.vupen.com/english/advisories/2008/3275 http://www.vupen.com/english/advisories/2009/0320 XForce ISS Database: php-imageloadfont-dos(44401) https://exchange.xforce.ibmcloud.com/vulnerabilities/44401 Common Vulnerability Exposure (CVE) ID: CVE-2008-3659 http://www.openwall.com/lists/oss-security/2008/08/08/3 http://www.openwall.com/lists/oss-security/2008/08/08/4 http://osvdb.org/47483 http://www.securitytracker.com/id?1020995 XForce ISS Database: php-memnstr-bo(44405) https://exchange.xforce.ibmcloud.com/vulnerabilities/44405 Common Vulnerability Exposure (CVE) ID: CVE-2008-3660 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597 http://www.securitytracker.com/id?1020994 XForce ISS Database: php-curl-unspecified(44402) https://exchange.xforce.ibmcloud.com/vulnerabilities/44402
Copyright	Copyright (C) 2012 Greenbone AG