| Description: | Description:
The remote host is missing an update to php
announced via advisory MDVSA-2011:053.
Multiple vulnerabilities has been identified and fixed in php:
The _zip_name_locate function in zip_name_locate.c in the Zip extension
in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
argument, which might allow context-dependent attackers to cause
a denial of service (application crash) via an empty ZIP archive
that is processed with a (1) locateName or (2) statName operation
(CVE-2011-0421).
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms
performs an incorrect cast, which allows remote attackers to cause a
denial of service (application crash) via an image with a crafted Image
File Directory (IFD) that triggers a buffer over-read (CVE-2011-0708).
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows
context-dependent attackers to cause a denial of service (crash)
and possibly read sensitive memory via a large third argument to the
shmop_read function (CVE-2011-1092).
Multiple format string vulnerabilities in phar_object.c in the phar
extension in PHP 5.3.5 and earlier allow context-dependent attackers
to obtain sensitive information from process memory, cause a denial of
service (memory corruption), or possibly execute arbitrary code via
format string specifiers in an argument to a class method, leading
to an incorrect zend_throw_exception_ex call (CVE-2011-1153).
Buffer overflow in the strval function in PHP before 5.3.6, when
the precision configuration option has a large value, might allow
context-dependent attackers to cause a denial of service (application
crash) via a small numerical value in the argument (CVE-2011-1464).
Integer overflow in the SdnToJulian function in the Calendar extension
in PHP before 5.3.6 allows context-dependent attackers to cause a
denial of service (application crash) via a large integer in the
first argument to the cal_from_jd function (CVE-2011-1466).
Unspecified vulnerability in the NumberFormatter::setSymbol (aka
numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6
allows context-dependent attackers to cause a denial of service
(application crash) via an invalid argument, a related issue to
CVE-2010-4409 (CVE-2011-1467).
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6
might allow remote attackers to cause a denial of service (memory
consumption) via (1) plaintext data to the openssl_encrypt function or
(2) ciphertext data to the openssl_decrypt function (CVE-2011-1468).
Unspecified vulnerability in the Streams component in PHP before
5.3.6 allows context-dependent attackers to cause a denial of service
(application crash) by accessing an ftp:// URL during use of an HTTP
proxy with the FTP wrapper (CVE-2011-1469).
The Zip extension in PHP before 5.3.6 allows context-dependent
attackers to cause a denial of service (application crash)
via a ziparchive stream that is not properly handled by the
stream_get_contents function (CVE-2011-1470).
Integer signedness error in zip_stream.c in the Zip extension in PHP
before 5.3.6 allows context-dependent attackers to cause a denial of
service (CPU consumption) via a malformed archive file that triggers
errors in zip_fread function calls (CVE-2011-1471).
The updated php packages have been upgraded to 5.3.6 which is not
vulnerable to these issues.
Additionally some of the PECL extensions has been upgraded and/or
rebuilt for the new php version.
Affected: 2010.0, 2010.1
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:053
Risk factor : High
CVSS Score:
7.5
|
