| Description: | Summary:
The remote host is missing an update for the 'php' package(s) announced via the SSA:2007-053-01 advisory.
Vulnerability Insight:
New php packages are available for Slackware 10.2 and 11.0 to improve the
stability and security of PHP. Quite a few bugs were fixed -- please
see [link moved to references] for a detailed list. All sites that use PHP are
encouraged to upgrade. Please note that we haven't tested all PHP
applications for backwards compatibility with this new upgrade, so you
should have the old package on hand just in case.
Both PHP 4.4.5 and PHP 5.2.1 updates have been provided.
Some of these issues have been assigned CVE numbers and may be referenced
in the Common Vulnerabilities and Exposures (CVE) database:
[links moved to references]
Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/php-4.4.5-i486-1_slack11.0.tgz:
Upgraded to php-4.4.5 which improves stability and security.
For complete details, see [link moved to references].
For imformation about some of the security fixes, see:
[links moved to references]
(* Security fix *)
extra/php5/php-5.2.1-i486-1_slack11.0.tgz:
Upgraded to php-5.2.1 which improves stability and security.
For imformation about some of the security fixes, see:
[links moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'php' package(s) on Slackware 10.2, Slackware 11.0.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
