| Description: | Summary:
The remote host is missing an update for the Debian 'php4' package(s) announced via the DSA-1206-1 advisory.
Vulnerability Insight:
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2005-3353
Tim Starling discovered that missing input sanitising in the EXIF module could lead to denial of service.
CVE-2006-3017
Stefan Esser discovered a security-critical programming error in the hashtable implementation of the internal Zend engine.
CVE-2006-4482
It was discovered that str_repeat() and wordwrap() functions perform insufficient checks for buffer boundaries on 64 bit systems, which might lead to the execution of arbitrary code.
CVE-2006-5465
Stefan Esser discovered a buffer overflow in the htmlspecialchars() and htmlentities(), which might lead to the execution of arbitrary code.
For the stable distribution (sarge) these problems have been fixed in version 4:4.3.10-18. Builds for hppa and m68k will be provided later once they are available.
For the unstable distribution (sid) these problems have been fixed in version 4:4.4.4-4 of php4 and version 5.1.6-6 of php5.
We recommend that you upgrade your php4 packages.
Affected Software/OS:
'php4' package(s) on Debian 3.1.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
