Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0238)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2016.0238

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0238)

Resumen: The remote host is missing an update for the 'php' package(s) announced via the MGASA-2016-0238 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php' package(s) announced via the MGASA-2016-0238 advisory.

Vulnerability Insight:
php-mbstring _php_mb_regex_ereg_replace_exec() - double free
(CVE-2016-5768).

php-mcrypt heap Overflow due to integer overflows (CVE-2016-5769).

php-SPL int/size_t confusion in SplFileObject::fread (CVE-2016-5770).

php-SPL Use After Free Vulnerability in PHP's GC algorithm and unserialize
(CVE-2016-5771).

php-WDDX Double Free Courruption in wddx_deserialize (CVE-2016-5772).

php-zip ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize (CVE-2016-5773).

The php package has been updated to version 5.6.23, fixing these issues
and several other bugs. See the upstream ChangeLog for details.

Affected Software/OS:
'php' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5768
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
BugTraq ID: 91396
http://www.securityfocus.com/bid/91396
Debian Security Information: DSA-3618 (Google Search)
http://www.debian.org/security/2016/dsa-3618
http://www.openwall.com/lists/oss-security/2016/06/23/4
RedHat Security Advisories: RHSA-2016:2598
http://rhn.redhat.com/errata/RHSA-2016-2598.html
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
SuSE Security Announcement: openSUSE-SU-2016:1761 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5769
BugTraq ID: 91399
http://www.securityfocus.com/bid/91399
SuSE Security Announcement: SUSE-SU-2016:2013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5770
BugTraq ID: 91403
http://www.securityfocus.com/bid/91403
Common Vulnerability Exposure (CVE) ID: CVE-2016-5771
BugTraq ID: 91401
http://www.securityfocus.com/bid/91401
Common Vulnerability Exposure (CVE) ID: CVE-2016-5772
BugTraq ID: 91398
http://www.securityfocus.com/bid/91398
Common Vulnerability Exposure (CVE) ID: CVE-2016-5773
BugTraq ID: 91397
http://www.securityfocus.com/bid/91397

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0238
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0238)
Resumen:	The remote host is missing an update for the 'php' package(s) announced via the MGASA-2016-0238 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php' package(s) announced via the MGASA-2016-0238 advisory. Vulnerability Insight: php-mbstring _php_mb_regex_ereg_replace_exec() - double free (CVE-2016-5768). php-mcrypt heap Overflow due to integer overflows (CVE-2016-5769). php-SPL int/size_t confusion in SplFileObject::fread (CVE-2016-5770). php-SPL Use After Free Vulnerability in PHP's GC algorithm and unserialize (CVE-2016-5771). php-WDDX Double Free Courruption in wddx_deserialize (CVE-2016-5772). php-zip ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize (CVE-2016-5773). The php package has been updated to version 5.6.23, fixing these issues and several other bugs. See the upstream ChangeLog for details. Affected Software/OS: 'php' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5768 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html BugTraq ID: 91396 http://www.securityfocus.com/bid/91396 Debian Security Information: DSA-3618 (Google Search) http://www.debian.org/security/2016/dsa-3618 http://www.openwall.com/lists/oss-security/2016/06/23/4 RedHat Security Advisories: RHSA-2016:2598 http://rhn.redhat.com/errata/RHSA-2016-2598.html RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html SuSE Security Announcement: openSUSE-SU-2016:1761 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5769 BugTraq ID: 91399 http://www.securityfocus.com/bid/91399 SuSE Security Announcement: SUSE-SU-2016:2013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5770 BugTraq ID: 91403 http://www.securityfocus.com/bid/91403 Common Vulnerability Exposure (CVE) ID: CVE-2016-5771 BugTraq ID: 91401 http://www.securityfocus.com/bid/91401 Common Vulnerability Exposure (CVE) ID: CVE-2016-5772 BugTraq ID: 91398 http://www.securityfocus.com/bid/91398 Common Vulnerability Exposure (CVE) ID: CVE-2016-5773 BugTraq ID: 91397 http://www.securityfocus.com/bid/91397
Copyright	Copyright (C) 2022 Greenbone AG