English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 73247 CVE descriptions
and 39212 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61503
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-628-1 (php5)
Summary:Ubuntu USN-628-1 (php5)
Description:
The remote host is missing an update to php5
announced via advisory USN-628-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

For details, please visit the referenced security advisories.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libapache2-mod-php5 5.1.2-1ubuntu3.12
php5-cgi 5.1.2-1ubuntu3.12
php5-cli 5.1.2-1ubuntu3.12
php5-curl 5.1.2-1ubuntu3.12

Ubuntu 7.04:
libapache2-mod-php5 5.2.1-0ubuntu1.6
php5-cgi 5.2.1-0ubuntu1.6
php5-cli 5.2.1-0ubuntu1.6
php5-curl 5.2.1-0ubuntu1.6

Ubuntu 7.10:
libapache2-mod-php5 5.2.3-1ubuntu6.4
php5-cgi 5.2.3-1ubuntu6.4
php5-cli 5.2.3-1ubuntu6.4
php5-curl 5.2.3-1ubuntu6.4

Ubuntu 8.04 LTS:
libapache2-mod-php5 5.2.4-2ubuntu5.3
php5-cgi 5.2.4-2ubuntu5.3
php5-cli 5.2.4-2ubuntu5.3
php5-curl 5.2.4-2ubuntu5.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-628-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4782
Bugtraq: 20070904 PHP < 5.2.3 fnmatch() denial of service (Google Search)
http://www.securityfocus.com/archive/1/archive/1/478630/100/0/threaded
Bugtraq: 20070905 PHP < 5.2.3 glob() denial of service (Google Search)
http://www.securityfocus.com/archive/1/archive/1/478626/100/0/threaded
http://www.securityfocus.com/archive/1/478726/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.redhat.com/support/errata/RHSA-2008-0505.html
http://www.redhat.com/support/errata/RHSA-2008-0544.html
http://www.redhat.com/support/errata/RHSA-2008-0545.html
http://www.redhat.com/support/errata/RHSA-2008-0582.html
SuSE Security Announcement: SUSE-SA:2008:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://www.ubuntu.com/usn/usn-628-1
http://osvdb.org/38686
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10897
http://secunia.com/advisories/27102
http://secunia.com/advisories/28658
http://secunia.com/advisories/30828
http://secunia.com/advisories/31119
http://secunia.com/advisories/31200
http://securityreason.com/securityalert/3109
XForce ISS Database: php-fnmatch-dos(36457)
http://xforce.iss.net/xforce/xfdb/36457
XForce ISS Database: php-globfunction-dos(36461)
http://xforce.iss.net/xforce/xfdb/36461
Common Vulnerability Exposure (CVE) ID: CVE-2007-4850
http://securityreason.com/achievement_securityalert/51
Bugtraq: 20080122 PHP 5.2.5 cURL safe_mode bypass (Google Search)
http://www.securityfocus.com/archive/1/archive/1/486856/100/0/threaded
Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/archive/1/492671/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
BugTraq ID: 27413
http://www.securityfocus.com/bid/27413
BugTraq ID: 29009
http://www.securityfocus.com/bid/29009
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
http://www.vupen.com/english/advisories/2008/1412
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2780
http://secunia.com/advisories/30048
http://secunia.com/advisories/30411
http://secunia.com/advisories/31326
http://secunia.com/advisories/32222
http://securityreason.com/securityalert/3562
XForce ISS Database: php-curlinit-security-bypass(39852)
http://xforce.iss.net/xforce/xfdb/39852
XForce ISS Database: php-safemode-directive-security-bypass(42134)
http://xforce.iss.net/xforce/xfdb/42134
Common Vulnerability Exposure (CVE) ID: CVE-2007-5898
Debian Security Information: DSA-1444 (Google Search)
http://www.debian.org/security/2008/dsa-1444
HPdes Security Advisory: HPSBUX02332
http://www.securityfocus.com/archive/1/archive/1/491693/100/0/threaded
HPdes Security Advisory: SSRT080056
http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
http://www.redhat.com/support/errata/RHSA-2008-0546.html
http://www.ubuntulinux.org/support/documentation/usn/usn-549-1
http://www.ubuntu.com/usn/usn-549-2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10080
http://securitytracker.com/id?1018934
http://secunia.com/advisories/27648
http://secunia.com/advisories/27659
http://secunia.com/advisories/27864
http://secunia.com/advisories/28249
http://secunia.com/advisories/30040
http://secunia.com/advisories/31124
Common Vulnerability Exposure (CVE) ID: CVE-2007-5899
http://osvdb.org/38918
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11211
Common Vulnerability Exposure (CVE) ID: CVE-2008-0599
Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/492535/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
http://security.gentoo.org/glsa/glsa-200811-05.xml
HPdes Security Advisory: HPSBUX02342
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437
HPdes Security Advisory: SSRT080063
HPdes Security Advisory: HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPdes Security Advisory: SSRT090085
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT090192
http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
http://marc.info/?l=slackware-security&m=121022465827871&w=2
CERT/CC vulnerability note: VU#147027
http://www.kb.cert.org/vuls/id/147027
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5510
http://secunia.com/advisories/35650
http://secunia.com/advisories/32746
http://www.vupen.com/english/advisories/2008/1810/references
http://www.securitytracker.com/id?1019958
http://secunia.com/advisories/30345
http://secunia.com/advisories/30757
http://secunia.com/advisories/30083
http://secunia.com/advisories/30616
XForce ISS Database: php-vector-unspecified(42137)
http://xforce.iss.net/xforce/xfdb/42137
Common Vulnerability Exposure (CVE) ID: CVE-2008-1384
http://securityreason.com/achievement_securityalert/52
Bugtraq: 20080321 {securityreason.com}PHP 5 *printf() - Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/489962/100/0/threaded
Debian Security Information: DSA-1572 (Google Search)
http://www.debian.org/security/2008/dsa-1572
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
BugTraq ID: 28392
http://www.securityfocus.com/bid/28392
http://secunia.com/advisories/30967
http://secunia.com/advisories/30158
XForce ISS Database: php-phpsprintfappendstring-overflow(41386)
http://xforce.iss.net/xforce/xfdb/41386
Common Vulnerability Exposure (CVE) ID: CVE-2008-2050
XForce ISS Database: php-fastcgisapi-bo(42133)
http://xforce.iss.net/xforce/xfdb/42133
Common Vulnerability Exposure (CVE) ID: CVE-2008-2051
Debian Security Information: DSA-1578 (Google Search)
http://www.debian.org/security/2008/dsa-1578
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10256
http://secunia.com/advisories/30288
Common Vulnerability Exposure (CVE) ID: CVE-2008-2107
Bugtraq: 20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/491683/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
http://www.sektioneins.de/advisories/SE-2008-02.txt
Debian Security Information: DSA-1789 (Google Search)
http://www.debian.org/security/2009/dsa-1789
http://www.mandriva.com/security/advisories?name=MDVSA-2008:129
http://www.mandriva.com/security/advisories?name=MDVSA-2008:130
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10644
http://secunia.com/advisories/35003
http://securityreason.com/securityalert/3859
XForce ISS Database: php-generateseed-weak-security(42226)
http://xforce.iss.net/xforce/xfdb/42226
XForce ISS Database: php-generateseed-security-bypass(42284)
http://xforce.iss.net/xforce/xfdb/42284
Common Vulnerability Exposure (CVE) ID: CVE-2008-2108
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10844
Common Vulnerability Exposure (CVE) ID: CVE-2008-2371
Bugtraq: 20081027 rPSA-2008-0305-1 pcre (Google Search)
http://www.securityfocus.com/archive/1/archive/1/497828/100/0/threaded
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Debian Security Information: DSA-1602 (Google Search)
http://www.debian.org/security/2008/dsa-1602
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html
http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:147
http://www.ubuntu.com/usn/usn-624-1
http://ubuntu.com/usn/usn-624-2
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 30087
http://www.securityfocus.com/bid/30087
http://secunia.com/advisories/35074
http://secunia.com/advisories/39300
http://www.vupen.com/english/advisories/2008/2005
http://www.vupen.com/english/advisories/2008/2006
http://secunia.com/advisories/30916
http://secunia.com/advisories/30944
http://secunia.com/advisories/30958
http://secunia.com/advisories/30961
http://secunia.com/advisories/30945
http://secunia.com/advisories/30972
http://secunia.com/advisories/30990
http://secunia.com/advisories/32454
http://www.vupen.com/english/advisories/2008/2336
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2010/0833
Common Vulnerability Exposure (CVE) ID: CVE-2008-2829
Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded
http://bugs.php.net/bug.php?id=42862
http://www.openwall.com/lists/oss-security/2008/06/19/6
http://www.openwall.com/lists/oss-security/2008/06/24/2
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
SuSE Security Announcement: SUSE-SR:2008:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
BugTraq ID: 29829
http://www.securityfocus.com/bid/29829
http://osvdb.org/46641
http://secunia.com/advisories/35306
XForce ISS Database: php-phpimap-dos(43357)
http://xforce.iss.net/xforce/xfdb/43357
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.