Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200603-22 (php)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.56550
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200603-22 (php)
Summary:	The remote host is missing updates announced in;advisory GLSA 200603-22.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200603-22. Vulnerability Insight: Multiple vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers, perform cross site scripting or in some cases execute arbitrary code. Solution: All PHP 5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-5.1.2' All PHP 4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/php-4.4.2' CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0207 BugTraq ID: 16220 http://www.securityfocus.com/bid/16220 Bugtraq: 20060112 Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability (Google Search) Debian Security Information: DSA-1331 (Google Search) http://www.debian.org/security/2007/dsa-1331 http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:028 http://www.hardened-php.net/advisory_012006.112.html http://securitytracker.com/id?1015484 http://secunia.com/advisories/18431 http://secunia.com/advisories/18697 http://secunia.com/advisories/19012 http://secunia.com/advisories/19179 http://secunia.com/advisories/19355 http://secunia.com/advisories/25945 SuSE Security Announcement: SUSE-SR:2006:004 (Google Search) http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html https://usn.ubuntu.com/261-1/ http://www.vupen.com/english/advisories/2006/0177 http://www.vupen.com/english/advisories/2006/0369 XForce ISS Database: php-session-response-splitting(24094) https://exchange.xforce.ibmcloud.com/vulnerabilities/24094 Common Vulnerability Exposure (CVE) ID: CVE-2006-0208 BugTraq ID: 16803 http://www.securityfocus.com/bid/16803 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064 RedHat Security Advisories: RHSA-2006:0276 http://rhn.redhat.com/errata/RHSA-2006-0276.html http://www.redhat.com/support/errata/RHSA-2006-0501.html RedHat Security Advisories: RHSA-2006:0549 http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19832 http://secunia.com/advisories/20210 http://secunia.com/advisories/20222 http://secunia.com/advisories/20951 http://secunia.com/advisories/21252 http://secunia.com/advisories/21564 SGI Security Advisory: 20060501-01-U ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://www.vupen.com/english/advisories/2006/2685
Copyright	Copyright (C) 2008 E-Soft Inc.