English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.122295
Category:Oracle Linux Local Security Checks
Title:Oracle: Security Advisory (ELSA-2010-0919)
Summary:The remote host is missing an update for the 'php' package(s) announced via the ELSA-2010-0919 advisory.
Description:Summary:
The remote host is missing an update for the 'php' package(s) announced via the ELSA-2010-0919 advisory.

Vulnerability Insight:
[5.1.6-27.3]
- add security fix for CVE-2010-3870 (#626735)

[5.1.6-27.2]
- fix var_export test cases (#626735)

[5.1.6-27.1]
- add security fixes for CVE-2010-1917, CVE-2010-3065, CVE-2010-2531,
CVE-2010-1128, CVE-2010-0397 (#626735)

Affected Software/OS:
'php' package(s) on Oracle Linux 4, Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-5016
BugTraq ID: 44889
http://www.securityfocus.com/bid/44889
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf
http://www.redhat.com/support/errata/RHSA-2010-0919.html
http://www.redhat.com/support/errata/RHSA-2011-0195.html
http://secunia.com/advisories/42410
http://secunia.com/advisories/42812
http://www.ubuntu.com/usn/USN-1042-1
http://www.vupen.com/english/advisories/2010/3081
http://www.vupen.com/english/advisories/2011/0020
http://www.vupen.com/english/advisories/2011/0021
http://www.vupen.com/english/advisories/2011/0077
Common Vulnerability Exposure (CVE) ID: CVE-2010-0397
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
BugTraq ID: 38708
http://www.securityfocus.com/bid/38708
http://www.mandriva.com/security/advisories?name=MDVSA-2010:068
http://www.openwall.com/lists/oss-security/2010/03/12/5
SuSE Security Announcement: SUSE-SR:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.vupen.com/english/advisories/2010/0724
Common Vulnerability Exposure (CVE) ID: CVE-2010-1128
BugTraq ID: 38430
http://www.securityfocus.com/bid/38430
http://secunia.com/advisories/38708
http://www.vupen.com/english/advisories/2010/0479
Common Vulnerability Exposure (CVE) ID: CVE-2010-1917
Debian Security Information: DSA-2089 (Google Search)
http://www.debian.org/security/2010/dsa-2089
HPdes Security Advisory: HPSBMA02662
http://marc.info/?l=bugtraq&m=130331363227777&w=2
HPdes Security Advisory: SSRT100409
http://www.php-security.org/2010/05/11/mops-2010-021-php-fnmatch-stack-exhaustion-vulnerability/index.html
http://secunia.com/advisories/40860
SuSE Security Announcement: SUSE-SR:2010:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
XForce ISS Database: php-fnmatchfunction-dos(58585)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58585
Common Vulnerability Exposure (CVE) ID: CVE-2010-2531
42410
ADV-2010-3081
APPLE-SA-2010-08-24-1
APPLE-SA-2010-11-10-1
DSA-2266
http://www.debian.org/security/2011/dsa-2266
HPSBMA02662
HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
RHSA-2010:0919
SSRT100409
SSRT100826
SUSE-SR:2010:017
SUSE-SR:2010:018
[oss-security] 20100713 CVE request, php var_export
http://www.openwall.com/lists/oss-security/2010/07/13/1
[oss-security] 20100716 Re: Re: CVE request, php var_export
http://www.openwall.com/lists/oss-security/2010/07/16/3
http://support.apple.com/kb/HT4312
http://support.apple.com/kb/HT4435
http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143
http://www.php.net/archive/2010.php#id2010-07-22-1
http://www.php.net/archive/2010.php#id2010-07-22-2
https://bugzilla.redhat.com/show_bug.cgi?id=617673
Common Vulnerability Exposure (CVE) ID: CVE-2010-3065
http://php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-3870
1024797
http://www.securitytracker.com/id?1024797
42812
44605
http://www.securityfocus.com/bid/44605
ADV-2011-0020
ADV-2011-0021
ADV-2011-0077
APPLE-SA-2011-03-21-1
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
FEDORA-2010-18976
FEDORA-2010-19011
MDVSA-2010:224
http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224
RHSA-2011:0195
SUSE-SR:2010:023
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
USN-1042-1
[oss-security] 20101102 Re: utf-8 security issue in php
http://www.openwall.com/lists/oss-security/2010/11/02/11
http://www.openwall.com/lists/oss-security/2010/11/02/2
http://www.openwall.com/lists/oss-security/2010/11/02/4
http://www.openwall.com/lists/oss-security/2010/11/02/6
http://www.openwall.com/lists/oss-security/2010/11/02/8
[oss-security] 20101102 utf-8 security issue in php
http://www.openwall.com/lists/oss-security/2010/11/02/1
[oss-security] 20101103 Re: utf-8 security issue in php
http://www.openwall.com/lists/oss-security/2010/11/03/1
http://bugs.php.net/bug.php?id=48230
http://bugs.php.net/bug.php?id=49687
http://support.apple.com/kb/HT4581
http://svn.php.net/viewvc?view=revision&revision=304959
http://us2.php.net/manual/en/function.utf8-decode.php#83935
http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/
http://www.php.net/ChangeLog-5.php
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.