oval:org.mitre.oval:def:12483

Definition Id: oval:org.mitre.oval:def:12483

Oval ID:	oval:org.mitre.oval:def:12483
Title:	DSA-2089-1 php5 -- several
Description:	Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1917 The fnmatch function can be abused to conduct denial of service attacks by the means of a stack overflow. CVE-2010-2225 The SplObjectStorage unserializer allows attackers to execute arbitrary code via serialized data by the means of a use-after-free vulnerability. MOPS-60 The default sessions serializer does not correctly handle a special marker, which allows an attacker to inject arbitrary variables into the session and possibly exploit vulnerabilities in the unserializer. For the vulnerability described by CVE-2010-1128 we do not consider upstream's solution to be sufficient. It is recommended to uncomment the "session.entropy_file" and "session.entropy_length" settings in the php.ini files. Further improvements can be achieved by setting "session.hash_function" to 1 and incrementing the value of "session.entropy_length." For the stable distribution, these problems have been fixed in version 5.2.6.dfsg.1-1+lenny9. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your php5 packages.
Family:	unix	Class:	patch
Reference(s):	DSA-2089-1 CVE-2010-1917 CVE-2010-2225 CVE-2010-3065 CVE-2010-1128	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	php5
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independet section Installed architecture is all AND Packages section php-pear DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5 DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section php5-recode DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-xmlrpc DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-curl DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-snmp DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-mysql DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-odbc DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-xsl DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-gd DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND libapache2-mod-php5 DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-mhash DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-tidy DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-mcrypt DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-dev DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-pgsql DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-gmp DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-cgi DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-imap DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-sqlite DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-ldap DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-cli DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-sybase DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND libapache2-mod-php5filter DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-pspell DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-common DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 AND php5-dbg DPKG is earlier than 5.2.6.dfsg.1-1+lenny9 OR Architecture depended section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is amd64 AND php5-interbase DPKG is earlier than 5.2.6.dfsg.1-1+lenny9

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:12483

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0339s

Facebook rss twitter linkedin mail