Test ID:	1.3.6.1.4.1.25623.1.1.10.2015.0231
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2015-0231)
Summary:	The remote host is missing an update for the 'php, php-apc, php-timezonedb' package(s) announced via the MGASA-2015-0231 advisory.
Description:	Summary: The remote host is missing an update for the 'php, php-apc, php-timezonedb' package(s) announced via the MGASA-2015-0231 advisory. Vulnerability Insight: Updated php packages fix security vulnerabilities: Memory Corruption in phar_parse_tarfile when entry filename starts with null (CVE-2015-4021). Integer overflow in ftp_genlist() resulting in heap overflow, potentially exploitable by a hostile FTP server (CVE-2015-4022). PHP Multipart/form-data parsing remote DoS Vulnerability (CVE-2015-4024). Various functions allow \0 in paths where they shouldn't. In theory, that could lead to security failure for path-based access controls if the user injects a string with \0 in it. These functions include set_include_path(), tempnam(), rmdir(), and readlink() (CVE-2015-4025), as well as pcntl_exec() (CVE-2015-4026). Affected Software/OS: 'php, php-apc, php-timezonedb' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4021 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 74700 http://www.securityfocus.com/bid/74700 Debian Security Information: DSA-3280 (Google Search) http://www.debian.org/security/2015/dsa-3280 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html https://security.gentoo.org/glsa/201606-10 RedHat Security Advisories: RHSA-2015:1135 http://rhn.redhat.com/errata/RHSA-2015-1135.html RedHat Security Advisories: RHSA-2015:1186 http://rhn.redhat.com/errata/RHSA-2015-1186.html RedHat Security Advisories: RHSA-2015:1187 http://rhn.redhat.com/errata/RHSA-2015-1187.html RedHat Security Advisories: RHSA-2015:1218 http://rhn.redhat.com/errata/RHSA-2015-1218.html RedHat Security Advisories: RHSA-2015:1219 http://rhn.redhat.com/errata/RHSA-2015-1219.html http://www.securitytracker.com/id/1032433 SuSE Security Announcement: openSUSE-SU-2015:0993 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4022 BugTraq ID: 74902 http://www.securityfocus.com/bid/74902 Common Vulnerability Exposure (CVE) ID: CVE-2015-4024 BugTraq ID: 74903 http://www.securityfocus.com/bid/74903 http://www.securitytracker.com/id/1032432 Common Vulnerability Exposure (CVE) ID: CVE-2015-4025 BugTraq ID: 74904 http://www.securityfocus.com/bid/74904 http://www.securitytracker.com/id/1032431 Common Vulnerability Exposure (CVE) ID: CVE-2015-4026 BugTraq ID: 75056 http://www.securityfocus.com/bid/75056
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.