Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:224 (php)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68325

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:224 (php)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to php
announced via advisory MDVSA-2010:224.

A vulnerability was discovered and corrected in php:

A flaw in ext/xml/xml.c could cause a cross-site scripting (XSS)
vulnerability (CVE-2010-3870).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:224
http://bugs.php.net/bug.php?id=49687

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3870
1024797
http://www.securitytracker.com/id?1024797
42410
http://secunia.com/advisories/42410
42812
http://secunia.com/advisories/42812
44605
http://www.securityfocus.com/bid/44605
ADV-2010-3081
http://www.vupen.com/english/advisories/2010/3081
ADV-2011-0020
http://www.vupen.com/english/advisories/2011/0020
ADV-2011-0021
http://www.vupen.com/english/advisories/2011/0021
ADV-2011-0077
http://www.vupen.com/english/advisories/2011/0077
APPLE-SA-2011-03-21-1
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
FEDORA-2010-18976
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
FEDORA-2010-19011
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
MDVSA-2010:224
http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224
RHSA-2010:0919
http://www.redhat.com/support/errata/RHSA-2010-0919.html
RHSA-2011:0195
http://www.redhat.com/support/errata/RHSA-2011-0195.html
SSRT100826
SUSE-SR:2010:023
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
USN-1042-1
http://www.ubuntu.com/usn/USN-1042-1
[oss-security] 20101102 Re: utf-8 security issue in php
http://www.openwall.com/lists/oss-security/2010/11/02/11
http://www.openwall.com/lists/oss-security/2010/11/02/2
http://www.openwall.com/lists/oss-security/2010/11/02/4
http://www.openwall.com/lists/oss-security/2010/11/02/6
http://www.openwall.com/lists/oss-security/2010/11/02/8
[oss-security] 20101102 utf-8 security issue in php
http://www.openwall.com/lists/oss-security/2010/11/02/1
[oss-security] 20101103 Re: utf-8 security issue in php
http://www.openwall.com/lists/oss-security/2010/11/03/1
http://bugs.php.net/bug.php?id=48230
http://bugs.php.net/bug.php?id=49687
http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
http://support.apple.com/kb/HT4581
http://svn.php.net/viewvc?view=revision&revision=304959
http://us2.php.net/manual/en/function.utf8-decode.php#83935
http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/
http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf
http://www.php.net/ChangeLog-5.php

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68325
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:224 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDVSA-2010:224. A vulnerability was discovered and corrected in php: A flaw in ext/xml/xml.c could cause a cross-site scripting (XSS) vulnerability (CVE-2010-3870). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:224 http://bugs.php.net/bug.php?id=49687 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3870 1024797 http://www.securitytracker.com/id?1024797 42410 http://secunia.com/advisories/42410 42812 http://secunia.com/advisories/42812 44605 http://www.securityfocus.com/bid/44605 ADV-2010-3081 http://www.vupen.com/english/advisories/2010/3081 ADV-2011-0020 http://www.vupen.com/english/advisories/2011/0020 ADV-2011-0021 http://www.vupen.com/english/advisories/2011/0021 ADV-2011-0077 http://www.vupen.com/english/advisories/2011/0077 APPLE-SA-2011-03-21-1 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html FEDORA-2010-18976 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html FEDORA-2010-19011 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 MDVSA-2010:224 http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224 RHSA-2010:0919 http://www.redhat.com/support/errata/RHSA-2010-0919.html RHSA-2011:0195 http://www.redhat.com/support/errata/RHSA-2011-0195.html SSRT100826 SUSE-SR:2010:023 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html USN-1042-1 http://www.ubuntu.com/usn/USN-1042-1 [oss-security] 20101102 Re: utf-8 security issue in php http://www.openwall.com/lists/oss-security/2010/11/02/11 http://www.openwall.com/lists/oss-security/2010/11/02/2 http://www.openwall.com/lists/oss-security/2010/11/02/4 http://www.openwall.com/lists/oss-security/2010/11/02/6 http://www.openwall.com/lists/oss-security/2010/11/02/8 [oss-security] 20101102 utf-8 security issue in php http://www.openwall.com/lists/oss-security/2010/11/02/1 [oss-security] 20101103 Re: utf-8 security issue in php http://www.openwall.com/lists/oss-security/2010/11/03/1 http://bugs.php.net/bug.php?id=48230 http://bugs.php.net/bug.php?id=49687 http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html http://support.apple.com/kb/HT4581 http://svn.php.net/viewvc?view=revision&revision=304959 http://us2.php.net/manual/en/function.utf8-decode.php#83935 http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/ http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf http://www.php.net/ChangeLog-5.php
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com