English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72022 CVE descriptions
and 38680 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57176
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-320-1 (php5)
Summary:Ubuntu USN-320-1 (php5)
Description:
The remote host is missing an update to php5
announced via advisory USN-320-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

For details on the security issues fixed, please visit the referenced
security advisories.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
libapache2-mod-php4 4:4.3.10-10ubuntu4.5
php4-cgi 4:4.3.10-10ubuntu4.5
php4-cli 4:4.3.10-10ubuntu4.5

Ubuntu 5.10:
libapache2-mod-php5 5.0.5-2ubuntu1.3
php5-cgi 5.0.5-2ubuntu1.3
php5-cli 5.0.5-2ubuntu1.3
php5-curl 5.0.5-2ubuntu1.3

Ubuntu 6.06 LTS:
libapache2-mod-php5 5.1.2-1ubuntu3.1
php5-cgi 5.1.2-1ubuntu3.1
php5-cli 5.1.2-1ubuntu3.1
php5-curl 5.1.2-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-320-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-0996
http://securityreason.com/achievement_securityalert/34
http://marc.theaimsgroup.com/?l=php-cvs&m=114374620416389&w=2
http://security.gentoo.org/glsa/glsa-200605-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
RedHat Security Advisories: RHSA-2006:0276
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://www.redhat.com/support/errata/RHSA-2006-0501.html
RedHat Security Advisories: RHSA-2006:0549
http://rhn.redhat.com/errata/RHSA-2006-0549.html
SGI Security Advisory: 20060501-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
SuSE Security Announcement: SUSE-SA:2006:024 (Google Search)
http://www.novell.com/linux/security/advisories/05-05-2006.html
http://www.ubuntu.com/usn/usn-320-1
BugTraq ID: 17362
http://www.securityfocus.com/bid/17362
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10997
http://www.vupen.com/english/advisories/2006/1290
http://www.vupen.com/english/advisories/2006/2685
http://www.osvdb.org/24484
http://securitytracker.com/id?1015879
http://secunia.com/advisories/19599
http://secunia.com/advisories/19832
http://secunia.com/advisories/20222
http://secunia.com/advisories/20951
http://secunia.com/advisories/21252
http://secunia.com/advisories/21564
http://secunia.com/advisories/19775
http://secunia.com/advisories/19979
http://secunia.com/advisories/20052
http://secunia.com/advisories/20210
http://secunia.com/advisories/21125
http://securityreason.com/securityalert/675
XForce ISS Database: php-phpinfo-long-array-xss(25702)
http://xforce.iss.net/xforce/xfdb/25702
Common Vulnerability Exposure (CVE) ID: CVE-2006-1490
Bugtraq: 20060328 Critical PHP bug - act ASAP if you are running web with sensitive data (Google Search)
http://www.securityfocus.com/archive/1/archive/1/429164/100/0/threaded
Bugtraq: 20060328 Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data (Google Search)
http://www.securityfocus.com/archive/1/archive/1/429162/100/0/threaded
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:063
http://www.trustix.org/errata/2006/0020
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
BugTraq ID: 17296
http://www.securityfocus.com/bid/17296
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11084
http://www.vupen.com/english/advisories/2006/1149
http://www.vupen.com/english/advisories/2006/4750
http://secunia.com/advisories/19383
http://secunia.com/advisories/19499
http://secunia.com/advisories/19570
http://secunia.com/advisories/23155
XForce ISS Database: php-htmlentitydecode-information-disclosure(25508)
http://xforce.iss.net/xforce/xfdb/25508
Common Vulnerability Exposure (CVE) ID: CVE-2006-1494
Bugtraq: 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/archive/1/447866/100/0/threaded
http://securityreason.com/achievement_securityalert/36
http://www.redhat.com/support/errata/RHSA-2006-0568.html
http://www.redhat.com/support/errata/RHSA-2006-0567.html
SGI Security Advisory: 20060701-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
BugTraq ID: 17439
http://www.securityfocus.com/bid/17439
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10196
http://securitytracker.com/id?1015881
http://secunia.com/advisories/21031
http://secunia.com/advisories/21135
http://secunia.com/advisories/21202
http://secunia.com/advisories/21723
http://secunia.com/advisories/22225
http://securityreason.com/securityalert/677
XForce ISS Database: php-tempnam-directory-traversal(25705)
http://xforce.iss.net/xforce/xfdb/25705
Common Vulnerability Exposure (CVE) ID: CVE-2006-1608
Bugtraq: 20060409 copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/430461/100/0/threaded
Bugtraq: 20060718 new shell bypass safe mode (Google Search)
http://www.securityfocus.com/archive/1/archive/1/440869/100/0/threaded
Bugtraq: 20060723 Re: new shell bypass safe mode (Google Search)
http://www.securityfocus.com/archive/1/archive/1/441210/100/0/threaded
http://securityreason.com/achievement_securityalert/37
http://www.osvdb.org/24487
http://securitytracker.com/id?1015882
http://securityreason.com/securityalert/678
XForce ISS Database: php-copy-safemode-bypass(25706)
http://xforce.iss.net/xforce/xfdb/25706
Common Vulnerability Exposure (CVE) ID: CVE-2006-1990
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02
http://www.mandriva.com/security/advisories?name=MDKSA-2006:091
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
SuSE Security Announcement: SUSE-SA:2006:031 (Google Search)
http://www.novell.com/linux/security/advisories/2006_31_php.html
TurboLinux Advisory: TLSA-2006-38
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9696
http://www.vupen.com/english/advisories/2006/1500
http://securitytracker.com/id?1015979
http://secunia.com/advisories/19803
http://secunia.com/advisories/20269
http://secunia.com/advisories/21050
http://secunia.com/advisories/20676
XForce ISS Database: php-wordwrap-string-bo(26001)
http://xforce.iss.net/xforce/xfdb/26001
Common Vulnerability Exposure (CVE) ID: CVE-2006-1991
XForce ISS Database: php-substrcompare-length-dos(26003)
http://xforce.iss.net/xforce/xfdb/26003
Common Vulnerability Exposure (CVE) ID: CVE-2006-2563
http://securityreason.com/achievement_securityalert/39
SuSE Security Announcement: SUSE-SR:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_22_sr.html
SuSE Security Announcement: SUSE-SA:2006:052 (Google Search)
http://www.novell.com/linux/security/advisories/2006_52_php.html
BugTraq ID: 18116
http://www.securityfocus.com/bid/18116
http://www.vupen.com/english/advisories/2006/2055
http://securitytracker.com/id?1016175
http://secunia.com/advisories/20337
http://secunia.com/advisories/21847
http://secunia.com/advisories/22039
http://securityreason.com/securityalert/959
XForce ISS Database: php-curl-safemode-bypass(26764)
http://xforce.iss.net/xforce/xfdb/26764
Common Vulnerability Exposure (CVE) ID: CVE-2006-2660
Bugtraq: 20060611 tempnam() Bypass unique file name PHP 5.1.4 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/436785/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0209.html
http://securitytracker.com/id?1016271
http://securityreason.com/securityalert/1069
XForce ISS Database: php-tempnam-bypass(27049)
http://xforce.iss.net/xforce/xfdb/27049
Common Vulnerability Exposure (CVE) ID: CVE-2006-3011
http://securityreason.com/achievement_securityalert/41
BugTraq ID: 18645
http://www.securityfocus.com/bid/18645
http://www.vupen.com/english/advisories/2006/2523
http://www.osvdb.org/26827
http://securitytracker.com/id?1016377
http://secunia.com/advisories/20818
http://secunia.com/advisories/21546
http://securityreason.com/securityalert/1129
XForce ISS Database: php-errorlog-safe-mode-bypass(27414)
http://xforce.iss.net/xforce/xfdb/27414
Common Vulnerability Exposure (CVE) ID: CVE-2006-3016
http://www.redhat.com/support/errata/RHSA-2006-0669.html
http://www.redhat.com/support/errata/RHSA-2006-0682.html
RedHat Security Advisories: RHSA-2006:0736
http://rhn.redhat.com/errata/RHSA-2006-0736.html
SGI Security Advisory: 20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
BugTraq ID: 17843
http://www.securityfocus.com/bid/17843
http://www.osvdb.org/25253
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10597
http://securitytracker.com/id?1016306
http://secunia.com/advisories/19927
http://secunia.com/advisories/22004
http://secunia.com/advisories/22069
http://secunia.com/advisories/22440
http://secunia.com/advisories/22487
http://secunia.com/advisories/23247
Common Vulnerability Exposure (CVE) ID: CVE-2006-3018
http://www.osvdb.org/25254
Common Vulnerability Exposure (CVE) ID: CVE-2006-3017
Bugtraq: 20060806 PHP: Zend_Hash_Del_Key_Or_Index Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/442437/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
Debian Security Information: DSA-1206 (Google Search)
http://www.debian.org/security/2006/dsa-1206
SuSE Security Announcement: SUSE-SA:2006:034 (Google Search)
http://www.novell.com/linux/security/advisories/2006_34_php4.html
http://www.ubuntulinux.org/support/documentation/usn/usn-320-1
http://www.osvdb.org/25255
http://www.osvdb.org/26466
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10118
http://securitytracker.com/id?1016649
http://secunia.com/advisories/22713
XForce ISS Database: php-zendhashdel-unspecified(27396)
http://xforce.iss.net/xforce/xfdb/27396
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 38680 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.