Test ID:	1.3.6.1.4.1.25623.1.0.67955
Category:	Fedora Local Security Checks
Title:	Fedora Core 13 FEDORA-2010-11481 (php-eaccelerator)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to php-eaccelerator announced via advisory FEDORA-2010-11481. References: [ 1 ] Bug #601897 - CVE-2010-2190 php: sensitive information disclosure (MOPS-2010-047, MOPS-2010-048) https://bugzilla.redhat.com/show_bug.cgi?id=601897 [ 2 ] Bug #605641 - CVE-2010-2225 PHP unsafe unserialize() use flaw https://bugzilla.redhat.com/show_bug.cgi?id=605641 [ 3 ] Bug #617180 - CVE-2010-1914 php Zend Engine: Information leaks, memory corruption by interrupting certain opcode handlers (MOPS-2010-014, MOPS-2010-015, MOPS-2010-016) https://bugzilla.redhat.com/show_bug.cgi?id=617180 [ 4 ] Bug #617211 - CVE-2010-1915 php: Memory leaks, use-after-free by quoting regular expression characters (MOPS-2010-017) https://bugzilla.redhat.com/show_bug.cgi?id=617211 [ 5 ] Bug #617232 - CVE-2010-1917 php: Local stack exhaustion by matching certain filenames against a pattern (MOPS-2010-021) https://bugzilla.redhat.com/show_bug.cgi?id=617232 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update php-eaccelerator' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-11481 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2531 42410 http://secunia.com/advisories/42410 ADV-2010-3081 http://www.vupen.com/english/advisories/2010/3081 APPLE-SA-2010-08-24-1 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html DSA-2266 http://www.debian.org/security/2011/dsa-2266 HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 RHSA-2010:0919 http://www.redhat.com/support/errata/RHSA-2010-0919.html SSRT100409 SSRT100826 SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html SUSE-SR:2010:018 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html [oss-security] 20100713 CVE request, php var_export http://www.openwall.com/lists/oss-security/2010/07/13/1 [oss-security] 20100716 Re: Re: CVE request, php var_export http://www.openwall.com/lists/oss-security/2010/07/16/3 http://support.apple.com/kb/HT4312 http://support.apple.com/kb/HT4435 http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143 http://www.php.net/archive/2010.php#id2010-07-22-1 http://www.php.net/archive/2010.php#id2010-07-22-2 https://bugzilla.redhat.com/show_bug.cgi?id=617673 Common Vulnerability Exposure (CVE) ID: CVE-2010-0397 BugTraq ID: 38708 http://www.securityfocus.com/bid/38708 http://www.mandriva.com/security/advisories?name=MDVSA-2010:068 http://www.openwall.com/lists/oss-security/2010/03/12/5 SuSE Security Announcement: SUSE-SR:2010:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://www.vupen.com/english/advisories/2010/0724 Common Vulnerability Exposure (CVE) ID: CVE-2010-2225 40860 http://secunia.com/advisories/40860 40948 http://www.securityfocus.com/bid/40948 DSA-2089 http://www.debian.org/security/2010/dsa-2089 http://pastebin.com/mXGidCsd http://twitter.com/i0n1c/statuses/16373156076 http://twitter.com/i0n1c/statuses/16447867829 https://bugzilla.redhat.com/show_bug.cgi?id=605641 php-splobjectstorage-code-execution(59610) https://exchange.xforce.ibmcloud.com/vulnerabilities/59610 Common Vulnerability Exposure (CVE) ID: CVE-2010-2190 HPdes Security Advisory: HPSBOV02763 HPdes Security Advisory: SSRT100826 http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html SuSE Security Announcement: SUSE-SR:2010:018 (Google Search) XForce ISS Database: php-substrreplace-info-disclosure(59220) https://exchange.xforce.ibmcloud.com/vulnerabilities/59220 Common Vulnerability Exposure (CVE) ID: CVE-2010-1914 http://www.php-security.org/2010/05/08/mops-2010-014-php-zend_bw_xor-opcode-interruption-address-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/08/mops-2010-015-php-zend_sl-opcode-interruption-address-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/08/mops-2010-016-php-zend_sr-opcode-interruption-address-information-leak-vulnerability/index.html XForce ISS Database: php-zendengine-info-disclosure(58587) https://exchange.xforce.ibmcloud.com/vulnerabilities/58587 Common Vulnerability Exposure (CVE) ID: CVE-2010-1915 http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html XForce ISS Database: php-pregquote-information-disclosure(58586) https://exchange.xforce.ibmcloud.com/vulnerabilities/58586 Common Vulnerability Exposure (CVE) ID: CVE-2010-1917 Debian Security Information: DSA-2089 (Google Search) HPdes Security Advisory: HPSBMA02662 HPdes Security Advisory: SSRT100409 http://www.php-security.org/2010/05/11/mops-2010-021-php-fnmatch-stack-exhaustion-vulnerability/index.html XForce ISS Database: php-fnmatchfunction-dos(58585) https://exchange.xforce.ibmcloud.com/vulnerabilities/58585
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.