Test ID:	1.3.6.1.4.1.25623.1.0.53994
Category:	Fedora Local Security Checks
Title:	Fedora Core 4 FEDORA-2005-518 (php)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to php announced via advisory FEDORA-2005-518. This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. The bundled version of shtool is also updated, to fix some temporary file handling races. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Bug fixes for the dom, ldap, and gd extensions are also included in this update. * Mon Jul 4 2005 Joe Orton 5.0.4-10.3 - pear: update to XML_RPC 1.3.1 (CVE-2005-1921, #162045) - update bundled shtool to 2.0.2 (CVE-2005-1751, #158998) * Tue Jun 21 2005 Joe Orton 5.0.4-10.2 - fix imports from dom module (Rob Richards, #161447) - fix detection and support for ldap_start_tls (#160527) - fix imagettftext et al (upstream, #161001) - mark php.ini and php.conf as noreplace again for updates Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2005-518 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1921 1015336 http://securitytracker.com/id?1015336 14088 http://www.securityfocus.com/bid/14088 15810 http://secunia.com/advisories/15810 15852 http://secunia.com/advisories/15852 15855 http://secunia.com/advisories/15855 15861 http://secunia.com/advisories/15861 15872 http://secunia.com/advisories/15872 15883 http://secunia.com/advisories/15883 15884 http://secunia.com/advisories/15884 15895 http://secunia.com/advisories/15895 15903 http://secunia.com/advisories/15903 15904 http://secunia.com/advisories/15904 15916 http://secunia.com/advisories/15916 15917 http://secunia.com/advisories/15917 15922 http://secunia.com/advisories/15922 15944 http://secunia.com/advisories/15944 15947 http://secunia.com/advisories/15947 15957 http://secunia.com/advisories/15957 16001 http://secunia.com/advisories/16001 16339 http://secunia.com/advisories/16339 16693 http://secunia.com/advisories/16693 17440 http://secunia.com/advisories/17440 17674 http://secunia.com/advisories/17674 18003 http://secunia.com/advisories/18003 20050629 Advisory 02/2005: Remote code execution in Serendipity http://marc.info/?l=bugtraq&m=112008638320145&w=2 20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue http://marc.info/?l=bugtraq&m=112015336720867&w=2 ADV-2005-2827 http://www.vupen.com/english/advisories/2005/2827 DSA-745 http://www.debian.org/security/2005/dsa-745 DSA-746 http://www.debian.org/security/2005/dsa-746 DSA-747 http://www.debian.org/security/2005/dsa-747 DSA-789 http://www.debian.org/security/2005/dsa-789 GLSA-200507-01 http://security.gentoo.org/glsa/glsa-200507-01.xml GLSA-200507-06 http://security.gentoo.org/glsa/glsa-200507-06.xml GLSA-200507-07 http://security.gentoo.org/glsa/glsa-200507-07.xml HPSBTU02083 http://www.securityfocus.com/archive/1/419064/100/0/threaded MDKSA-2005:109 http://www.mandriva.com/security/advisories?name=MDKSA-2005:109 RHSA-2005:564 http://www.redhat.com/support/errata/RHSA-2005-564.html SSRT051069 SUSE-SA:2005:041 http://www.novell.com/linux/security/advisories/2005_41_php_pear.html SUSE-SA:2005:049 http://www.novell.com/linux/security/advisories/2005_49_php.html SUSE-SA:2005:051 http://marc.info/?l=bugtraq&m=112605112027335&w=2 SUSE-SR:2005:018 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://pear.php.net/package/XML_RPC/download/1.3.1 http://sourceforge.net/project/showfiles.php?group_id=87163 http://sourceforge.net/project/shownotes.php?release_id=338803 http://www.ampache.org/announce/3_3_1_2.php http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt http://www.gulftech.org/?node=research&article_id=00087-07012005 http://www.hardened-php.net/advisory-022005.php oval:org.mitre.oval:def:11294 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294 oval:org.mitre.oval:def:350 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350 Common Vulnerability Exposure (CVE) ID: CVE-2005-1751 BugTraq ID: 13767 http://www.securityfocus.com/bid/13767 Debian Security Information: DSA-789 (Google Search) http://www.gentoo.org/security/en/glsa/glsa-200506-08.xml http://bugs.gentoo.org/show_bug.cgi?id=93782 http://www.zataz.net/adviso/shtool-05252005.txt http://marc.info/?l=bugtraq&m=111955937622637&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A345 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9639 http://securitytracker.com/id?1014059 http://secunia.com/advisories/15496 http://secunia.com/advisories/15668
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.