Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Fedora Local Security Checks
Title:Fedora Core 13 FEDORA-2010-19011 (php-eaccelerator)
The remote host is missing an update to php-eaccelerator
announced via advisory FEDORA-2010-19011.

Update Information:

Security Enhancements and Fixes in PHP 5.3.4:

* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS share.
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).

Key Bug Fixes in PHP 5.3.4 include:

* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http stream support.
* Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.

Full upstream Changelog :

This update also provides php-eaccelerator and maniadrive packages rebuild against update php.


[ 1 ] Bug #649056 - CVE-2010-3870 php: XSS mitigation bypass via utf8_decode()
[ 2 ] Bug #651206 - CVE-2010-3709 php: NULL pointer dereference in ZipArchive::getArchiveComment
[ 3 ] Bug #651682 - CVE-2010-4156 php information disclosure via mb_strcut()
[ 4 ] Bug #652836 - CVE-2009-5016 php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
[ 5 ] Bug #660382 - CVE-2010-4409 php: getSymbol() integer overflow vulnerability
[ 6 ] Bug #656917 - CVE-2010-4150 php: Double free in the imap extension
[ 7 ] Bug #646684 - CVE-2010-3710 php: DoS in filter_var() via long email string

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update php-eaccelerator' at the command line.
For more information, refer to Managing Software with yum,
available at

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-7243
BugTraq ID: 44951
HPdes Security Advisory: HPSBOV02763
HPdes Security Advisory: HPSBUX02741
HPdes Security Advisory: SSRT100728
HPdes Security Advisory: SSRT100826
RedHat Security Advisories: RHSA-2013:1307
RedHat Security Advisories: RHSA-2013:1615
RedHat Security Advisories: RHSA-2014:0311
Common Vulnerability Exposure (CVE) ID: CVE-2010-4150
BugTraq ID: 44980
XForce ISS Database: php-phpimapc-dos(63390)
Common Vulnerability Exposure (CVE) ID: CVE-2010-3709
BugTraq ID: 44718
HPdes Security Advisory: HPSBMA02662
HPdes Security Advisory: SSRT100409
Common Vulnerability Exposure (CVE) ID: CVE-2010-3436
BugTraq ID: 44723
Common Vulnerability Exposure (CVE) ID: CVE-2010-2950
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-3710
BugTraq ID: 43926
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-3870
BugTraq ID: 44605
Common Vulnerability Exposure (CVE) ID: CVE-2010-4156
BugTraq ID: 44727
Common Vulnerability Exposure (CVE) ID: CVE-2009-5016
BugTraq ID: 44889
Common Vulnerability Exposure (CVE) ID: CVE-2010-4409
BugTraq ID: 45119
Bugtraq: 20101210 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow (Google Search)
CERT/CC vulnerability note: VU#479900
SuSE Security Announcement: openSUSE-SU-2012:0100 (Google Search)
CopyrightCopyright (c) 2011 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.