Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:255 (php-intl)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68583

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:255 (php-intl)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to php-intl
announced via advisory MDVSA-2010:255.

A vulnerability was discovered and corrected in php-intl:

Integer overflow in the NumberFormatter::getSymbol (aka
numfmt_get_symbol) function in PHP 5.3.3 and earlier allows
context-dependent attackers to cause a denial of service (application
crash) via an invalid argument (CVE-2010-4409).

The updated packages have been upgraded to php-intl-1.1.2 and patched
to correct this issue.

Affected: Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:255

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4409
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
BugTraq ID: 45119
http://www.securityfocus.com/bid/45119
Bugtraq: 20101210 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/515142/100/0/threaded
CERT/CC vulnerability note: VU#479900
http://www.kb.cert.org/vuls/id/479900
http://www.exploit-db.com/exploits/15722
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:254
http://www.mandriva.com/security/advisories?name=MDVSA-2010:255
http://secunia.com/advisories/42812
http://secunia.com/advisories/47674
SuSE Security Announcement: openSUSE-SU-2012:0100 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html
http://www.ubuntu.com/usn/USN-1042-1
http://www.vupen.com/english/advisories/2011/0020
http://www.vupen.com/english/advisories/2011/0021
http://www.vupen.com/english/advisories/2011/0077

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68583
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:255 (php-intl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php-intl announced via advisory MDVSA-2010:255. A vulnerability was discovered and corrected in php-intl: Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument (CVE-2010-4409). The updated packages have been upgraded to php-intl-1.1.2 and patched to correct this issue. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:255 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4409 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 45119 http://www.securityfocus.com/bid/45119 Bugtraq: 20101210 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/515142/100/0/threaded CERT/CC vulnerability note: VU#479900 http://www.kb.cert.org/vuls/id/479900 http://www.exploit-db.com/exploits/15722 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:254 http://www.mandriva.com/security/advisories?name=MDVSA-2010:255 http://secunia.com/advisories/42812 http://secunia.com/advisories/47674 SuSE Security Announcement: openSUSE-SU-2012:0100 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html http://www.ubuntu.com/usn/USN-1042-1 http://www.vupen.com/english/advisories/2011/0020 http://www.vupen.com/english/advisories/2011/0021 http://www.vupen.com/english/advisories/2011/0077
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com