Red Hat Local Security Checks : RedHat Security Advisory RHSA-2007:0153

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.58892
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0153
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0153. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary string using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0153.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0455 2007-0007 http://www.trustix.org/errata/2007/0007 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql http://www.securityfocus.com/archive/1/466166/100/0/threaded 22289 http://www.securityfocus.com/bid/22289 23916 http://secunia.com/advisories/23916 24022 http://secunia.com/advisories/24022 24052 http://secunia.com/advisories/24052 24053 http://secunia.com/advisories/24053 24107 http://secunia.com/advisories/24107 24143 http://secunia.com/advisories/24143 24151 http://secunia.com/advisories/24151 24924 http://secunia.com/advisories/24924 24945 http://secunia.com/advisories/24945 24965 http://secunia.com/advisories/24965 25575 http://secunia.com/advisories/25575 29157 http://secunia.com/advisories/29157 42813 http://secunia.com/advisories/42813 ADV-2007-0400 http://www.vupen.com/english/advisories/2007/0400 ADV-2011-0022 http://www.vupen.com/english/advisories/2011/0022 FEDORA-2007-150 http://fedoranews.org/cms/node/2631 FEDORA-2010-19022 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html FEDORA-2010-19033 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html MDKSA-2007:035 http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 MDKSA-2007:036 http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 MDKSA-2007:038 http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 MDKSA-2007:109 http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 RHSA-2007:0153 http://www.redhat.com/support/errata/RHSA-2007-0153.html RHSA-2007:0155 http://rhn.redhat.com/errata/RHSA-2007-0155.html RHSA-2007:0162 http://www.redhat.com/support/errata/RHSA-2007-0162.html RHSA-2008:0146 http://www.redhat.com/support/errata/RHSA-2008-0146.html USN-473-1 http://www.ubuntu.com/usn/usn-473-1 [security-announce] 20070208 rPSA-2007-0028-1 gd http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 https://issues.rpath.com/browse/RPL-1030 https://issues.rpath.com/browse/RPL-1268 oval:org.mitre.oval:def:11303 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 Common Vulnerability Exposure (CVE) ID: CVE-2007-1001 20070407 PHP <= 5.2.1 wbmp file handling integer overflow http://www.securityfocus.com/archive/1/464957/100/0/threaded 23357 http://www.securityfocus.com/bid/23357 24814 http://secunia.com/advisories/24814 24909 http://secunia.com/advisories/24909 25056 http://secunia.com/advisories/25056 25151 http://secunia.com/advisories/25151 25159 http://www.securityfocus.com/bid/25159 25445 http://secunia.com/advisories/25445 26235 http://secunia.com/advisories/26235 ADV-2007-1269 http://www.vupen.com/english/advisories/2007/1269 ADV-2007-2732 http://www.vupen.com/english/advisories/2007/2732 APPLE-SA-2007-07-31 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html GLSA-200705-19 http://security.gentoo.org/glsa/glsa-200705-19.xml MDKSA-2007:087 http://www.mandriva.com/security/advisories?name=MDKSA-2007:087 MDKSA-2007:088 http://www.mandriva.com/security/advisories?name=MDKSA-2007:088 MDKSA-2007:089 http://www.mandriva.com/security/advisories?name=MDKSA-2007:089 MDKSA-2007:090 http://www.mandriva.com/security/advisories?name=MDKSA-2007:090 SSA:2007-127 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053 SUSE-SA:2007:032 http://www.novell.com/linux/security/advisories/2007_32_php.html http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1 http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup http://docs.info.apple.com/article.html?artnum=306172 http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html http://us2.php.net/releases/4_4_7.php http://us2.php.net/releases/5_2_2.php oval:org.mitre.oval:def:10179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179 php-gd-overflow(33453) https://exchange.xforce.ibmcloud.com/vulnerabilities/33453 Common Vulnerability Exposure (CVE) ID: CVE-2007-1718 BugTraq ID: 23145 http://www.securityfocus.com/bid/23145 Debian Security Information: DSA-1282 (Google Search) http://www.debian.org/security/2007/dsa-1282 Debian Security Information: DSA-1283 (Google Search) http://www.debian.org/security/2007/dsa-1283 http://www.php-security.org/MOPB/MOPB-34-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10951 RedHat Security Advisories: RHSA-2007:0155 http://www.securitytracker.com/id?1017946 http://secunia.com/advisories/25025 http://secunia.com/advisories/25057 http://secunia.com/advisories/25062 SuSE Security Announcement: SUSE-SA:2007:032 (Google Search) http://www.ubuntu.com/usn/usn-455-1 XForce ISS Database: php-mailfunction-header-injection(33516) https://exchange.xforce.ibmcloud.com/vulnerabilities/33516 Common Vulnerability Exposure (CVE) ID: CVE-2007-1583 BugTraq ID: 23016 http://www.securityfocus.com/bid/23016 BugTraq ID: 25159 Bugtraq: 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (Google Search) http://www.php-security.org/MOPB/MOPB-26-2007.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10245
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com