ID de Prueba:	1.3.6.1.4.1.25623.1.0.880510
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for php53 CESA-2011:0196 centos5 i386
Resumen:	The remote host is missing an update for the 'php53'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'php53' package(s) announced via the referenced advisory. Vulnerability Insight: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker's input in a numeric context, the PHP interpreter could cause high CPU usage until the script execution time limit is reached. This issue only affected i386 systems. (CVE-2010-4645) A stack memory exhaustion flaw was found in the way the PHP filter_var() function validated email addresses. An attacker could use this flaw to crash the PHP interpreter by providing excessively long input to be validated as an email address. (CVE-2010-3710) A memory disclosure flaw was found in the PHP multi-byte string extension. If the mb_strcut() function was called with a length argument exceeding the input string size, the function could disclose a portion of the PHP interpreter's memory. (CVE-2010-4156) All php53 users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. Affected Software/OS: php53 on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3710 42812 http://secunia.com/advisories/42812 43189 http://secunia.com/advisories/43189 43926 http://www.securityfocus.com/bid/43926 ADV-2011-0020 http://www.vupen.com/english/advisories/2011/0020 ADV-2011-0021 http://www.vupen.com/english/advisories/2011/0021 ADV-2011-0077 http://www.vupen.com/english/advisories/2011/0077 APPLE-SA-2011-03-21-1 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html FEDORA-2010-18976 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html FEDORA-2010-19011 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 MDVSA-2010:218 http://www.mandriva.com/security/advisories?name=MDVSA-2010:218 RHSA-2011:0196 http://www.redhat.com/support/errata/RHSA-2011-0196.html SSRT100826 SUSE-SR:2010:023 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html USN-1042-1 http://www.ubuntu.com/usn/USN-1042-1 http://bugs.php.net/bug.php?id=52929 http://support.apple.com/kb/HT4581 http://www.php.net/ChangeLog-5.php http://www.php.net/archive/2010.php#id2010-12-10-1 http://www.php.net/releases/5_2_15.php http://www.php.net/releases/5_3_4.php Common Vulnerability Exposure (CVE) ID: CVE-2010-4156 42135 http://secunia.com/advisories/42135 44727 http://www.securityfocus.com/bid/44727 HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 MDVSA-2010:225 http://www.mandriva.com/security/advisories?name=MDVSA-2010:225 SSRT100409 [oss-security] 20101107 CVE Request: PHP 5.3.3, libmbfl, mb_strcut http://www.openwall.com/lists/oss-security/2010/11/07/2 [oss-security] 20101108 Re: CVE Request: PHP 5.3.3, libmbfl, mb_strcut http://www.openwall.com/lists/oss-security/2010/11/08/13 http://pastie.org/1279428 http://pastie.org/1279682 Common Vulnerability Exposure (CVE) ID: CVE-2010-4645 42843 http://secunia.com/advisories/42843 43051 http://secunia.com/advisories/43051 45668 http://www.securityfocus.com/bid/45668 ADV-2011-0060 http://www.vupen.com/english/advisories/2011/0060 ADV-2011-0066 http://www.vupen.com/english/advisories/2011/0066 ADV-2011-0198 http://www.vupen.com/english/advisories/2011/0198 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html FEDORA-2011-0321 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html FEDORA-2011-0329 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html HPSBMU02752 http://marc.info/?l=bugtraq&m=133226187115472&w=2 RHSA-2011:0195 http://www.redhat.com/support/errata/RHSA-2011-0195.html SSA:2011-010-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.484686 SSRT100802 [oss-security] 20110105 Re: possible flaw in widely used strtod.c implementation http://www.openwall.com/lists/oss-security/2011/01/05/8 [oss-security] 20110105 possible flaw in widely used strtod.c implementation http://www.openwall.com/lists/oss-security/2011/01/05/2 [oss-security] 20110106 Re: possible flaw in widely used strtod.c implementation http://www.openwall.com/lists/oss-security/2011/01/06/5 http://bugs.php.net/53632 http://hal.archives-ouvertes.fr/docs/00/28/14/29/PDF/floating-point-article.pdf http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=266327&r2=307095&pathrev=307095 http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/ php-zendstrtod-dos(64470) https://exchange.xforce.ibmcloud.com/vulnerabilities/64470 http://www.openwall.com/lists/oss-security/2023/05/14/3
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.