English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 94899 CVE descriptions
and 51984 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58612
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2007:187 (php)
Summary:Mandrake Security Advisory MDKSA-2007:187 (php)
Description:Description:

The remote host is missing an update to php
announced via advisory MDKSA-2007:187.

Numerous vulnerabilities were discovered in the PHP scripting language
that are corrected with this update. For details, please visit
the referenced security advisories.

Updated packages have been patched to prevent these issues.
In addition, PECL ZIP version 1.8.10 is being provided for Corporate
Server 4.0.

Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:187

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1375
http://www.milw0rm.com/exploits/3424
http://www.php-security.org/MOPB/MOPB-14-2007.html
Debian Security Information: DSA-1283 (Google Search)
http://www.debian.org/security/2007/dsa-1283
http://security.gentoo.org/glsa/glsa-200703-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
SuSE Security Announcement: SUSE-SA:2007:032 (Google Search)
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.ubuntu.com/usn/usn-455-1
BugTraq ID: 22851
http://www.securityfocus.com/bid/22851
http://www.osvdb.org/32780
http://secunia.com/advisories/24606
http://secunia.com/advisories/25062
http://secunia.com/advisories/25057
http://secunia.com/advisories/25056
http://secunia.com/advisories/26895
Common Vulnerability Exposure (CVE) ID: CVE-2007-1399
http://www.php-security.org/MOPB/MOPB-16-2007.html
Debian Security Information: DSA-1330 (Google Search)
http://www.debian.org/security/2007/dsa-1330
SuSE Security Announcement: SUSE-SA:2007:020 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
BugTraq ID: 22883
http://www.securityfocus.com/bid/22883
http://www.vupen.com/english/advisories/2007/0898
http://www.osvdb.org/32782
http://secunia.com/advisories/24471
http://secunia.com/advisories/24514
http://secunia.com/advisories/25938
XForce ISS Database: pecl-url-wrapper-bo(32889)
http://xforce.iss.net/xforce/xfdb/32889
Common Vulnerability Exposure (CVE) ID: CVE-2007-1900
http://www.php-security.org/MOPB/PMOPB-45-2007.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
http://www.trustix.org/errata/2007/0023/
BugTraq ID: 23359
http://www.securityfocus.com/bid/23359
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6067
http://www.vupen.com/english/advisories/2007/2016
http://www.vupen.com/english/advisories/2007/3386
http://www.osvdb.org/33962
http://secunia.com/advisories/24824
http://secunia.com/advisories/25445
http://secunia.com/advisories/25535
http://secunia.com/advisories/26231
http://secunia.com/advisories/27037
http://secunia.com/advisories/27110
http://secunia.com/advisories/27102
XForce ISS Database: php-filtervalidateemail-header-injection(33510)
http://xforce.iss.net/xforce/xfdb/33510
Common Vulnerability Exposure (CVE) ID: CVE-2007-2727
http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html
http://www.fortheloot.com/public/mcrypt.patch
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
http://www.novell.com/linux/security/advisories/2007_15_sr.html
BugTraq ID: 23984
http://www.securityfocus.com/bid/23984
http://osvdb.org/36087
Common Vulnerability Exposure (CVE) ID: CVE-2007-2728
http://www.ubuntu.com/usn/usn-485-1
http://osvdb.org/36086
http://www.vupen.com/english/advisories/2007/1839
http://secunia.com/advisories/25306
http://secunia.com/advisories/26102
Common Vulnerability Exposure (CVE) ID: CVE-2007-2748
http://www.attrition.org/pipermail/vim/2007-May/001621.html
BugTraq ID: 24012
http://www.securityfocus.com/bid/24012
http://osvdb.org/34730
Common Vulnerability Exposure (CVE) ID: CVE-2007-2756
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
http://security.gentoo.org/glsa/glsa-200708-05.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:123
http://www.mandriva.com/security/advisories?name=MDKSA-2007:124
http://www.mandriva.com/security/advisories?name=MDKSA-2007:122
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
http://www.redhat.com/support/errata/RHSA-2007-0890.html
RedHat Security Advisories: RHSA-2007:0889
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://www.redhat.com/support/errata/RHSA-2007-0891.html
http://www.redhat.com/support/errata/RHSA-2008-0146.html
SuSE Security Announcement: SUSE-SR:2007:013 (Google Search)
http://www.novell.com/linux/security/advisories/2007_13_sr.html
SuSE Security Announcement: SUSE-SA:2007:044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://www.trustix.org/errata/2007/0019/
http://www.ubuntu.com/usn/usn-473-1
BugTraq ID: 24089
http://www.securityfocus.com/bid/24089
http://osvdb.org/36643
http://osvdb.org/35788
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10779
http://www.vupen.com/english/advisories/2007/1905
http://www.vupen.com/english/advisories/2007/1904
http://www.vupen.com/english/advisories/2007/2336
http://www.securitytracker.com/id?1018187
http://secunia.com/advisories/25378
http://secunia.com/advisories/25362
http://secunia.com/advisories/25353
http://secunia.com/advisories/25590
http://secunia.com/advisories/25575
http://secunia.com/advisories/25646
http://secunia.com/advisories/25658
http://secunia.com/advisories/25657
http://secunia.com/advisories/25855
http://secunia.com/advisories/26048
http://secunia.com/advisories/26390
http://secunia.com/advisories/26930
http://secunia.com/advisories/26871
http://secunia.com/advisories/26967
http://secunia.com/advisories/25787
http://secunia.com/advisories/27545
http://secunia.com/advisories/29157
http://secunia.com/advisories/30168
XForce ISS Database: gd-gdpngreaddata-dos(34420)
http://xforce.iss.net/xforce/xfdb/34420
Common Vulnerability Exposure (CVE) ID: CVE-2007-2872
Bugtraq: 20070601 SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/470244/100/0/threaded
http://www.sec-consult.com/291.html
HPdes Security Advisory: HPSBUX02308
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
HPdes Security Advisory: SSRT080010
HPdes Security Advisory: HPSBUX02332
http://www.securityfocus.com/archive/1/archive/1/491693/100/0/threaded
HPdes Security Advisory: SSRT080056
http://www.redhat.com/support/errata/RHSA-2007-0888.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
SuSE Security Announcement: SUSE-SA:2008:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://www.ubuntulinux.org/support/documentation/usn/usn-549-1
http://www.ubuntu.com/usn/usn-549-2
BugTraq ID: 24261
http://www.securityfocus.com/bid/24261
http://osvdb.org/36083
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9424
http://www.vupen.com/english/advisories/2007/2061
http://www.vupen.com/english/advisories/2008/0398
http://www.securitytracker.com/id?1018186
http://secunia.com/advisories/25456
http://secunia.com/advisories/26838
http://secunia.com/advisories/27351
http://secunia.com/advisories/27377
http://secunia.com/advisories/27864
http://secunia.com/advisories/28318
http://secunia.com/advisories/28658
http://secunia.com/advisories/28750
http://secunia.com/advisories/28936
http://secunia.com/advisories/30040
http://www.vupen.com/english/advisories/2008/0059
XForce ISS Database: php-chunksplit-security-bypass(39398)
http://xforce.iss.net/xforce/xfdb/39398
Common Vulnerability Exposure (CVE) ID: CVE-2007-3799
http://www.php-security.org/MOPB/PMOPB-46-2007.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Debian Security Information: DSA-1444 (Google Search)
http://www.debian.org/security/2008/dsa-1444
Debian Security Information: DSA-1578 (Google Search)
http://www.debian.org/security/2008/dsa-1578
BugTraq ID: 24268
http://www.securityfocus.com/bid/24268
http://osvdb.org/36855
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9792
http://www.vupen.com/english/advisories/2008/0924/references
http://secunia.com/advisories/28249
http://secunia.com/advisories/29420
http://secunia.com/advisories/30288
Common Vulnerability Exposure (CVE) ID: CVE-2007-3996
http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/
http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/
Debian Security Information: DSA-1613 (Google Search)
http://www.debian.org/security/2008/dsa-1613
http://security.gentoo.org/glsa/glsa-200712-13.xml
http://www.trustix.org/errata/2007/0026/
http://www.ubuntu.com/usn/usn-557-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11147
http://www.vupen.com/english/advisories/2007/3023
http://secunia.com/advisories/26642
http://secunia.com/advisories/26822
http://secunia.com/advisories/28009
http://secunia.com/advisories/28147
http://secunia.com/advisories/31168
http://securityreason.com/securityalert/3103
XForce ISS Database: php-gdimagecopyresized-bo(36383)
http://xforce.iss.net/xforce/xfdb/36383
XForce ISS Database: php-gdimagecreate-bo(36382)
http://xforce.iss.net/xforce/xfdb/36382
Common Vulnerability Exposure (CVE) ID: CVE-2007-3998
http://secweb.se/en/advisories/php-wordwrap-vulnerability/
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10603
Common Vulnerability Exposure (CVE) ID: CVE-2007-4658
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10363
XForce ISS Database: php-moneyformat-unspecified(36377)
http://xforce.iss.net/xforce/xfdb/36377
Common Vulnerability Exposure (CVE) ID: CVE-2007-4670
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11028
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.