oval:org.mitre.oval:def:13519

Definition Id: oval:org.mitre.oval:def:13519

Oval ID:	oval:org.mitre.oval:def:13519
Title:	DSA-1940-1 php5 -- multiple issues
Description:	Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: The following issues have been fixed in both the stable and the oldstable distributions: CVE-2009-2687 CVE-2009-3292 The exif module did not properly handle malformed jpeg files, allowing an attacker to cause a segfault, resulting in a denial of service. CVE-2009-3291 The php_openssl_apply_verification_policy function did not properly perform certificate validation. No CVE id yet Bogdan Calin discovered that a remote attacker could cause a denial of service by uploading a large number of files in using multipart/ form-data requests, causing the creation of a large number of temporary files. To address this issue, the max_file_uploads option introduced in PHP 5.3.1 has been backported. This option limits the maximum number of files uploaded per request. The default value for this new option is 50. See NEWS.Debian for more information. The following issue has been fixed in the stable distribution: CVE-2009-2626 A flaw in the ini_restore function could lead to a memory disclosure, possibly leading to the disclosure of sensitive data. In the oldstable distribution, this update also fixes a regression introduced by the fix for CVE-2008-5658 in DSA-1789-1. For the stable distribution, these problems have been fixed in version 5.2.6.dfsg.1-1+lenny4. The oldstable distribution, these problems have been fixed in version 5.2.0+dfsg-8+etch16. For the testing distribution and the unstable distribution , these problems will be fixed in version 5.2.11.dfsg.1-2. We recommend that you upgrade your php5 packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1940-1 CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292 CVE-2008-5658	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	php5
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section php-pear DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5 DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section php5-recode DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-xmlrpc DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-curl DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-snmp DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-mysql DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-odbc DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-xsl DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-gd DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND libapache2-mod-php5 DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-mhash DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-tidy DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-mcrypt DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-dev DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-pgsql DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-gmp DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-cgi DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-imap DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-sqlite DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-ldap DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-cli DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-sybase DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND libapache2-mod-php5filter DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-pspell DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-common DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-dbg DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 OR Architecture depended section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is amd64 AND php5-interbase DPKG is earlier than 5.2.6.dfsg.1-1+lenny4 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section php5 DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php-pear DPKG is earlier than 5.2.0+dfsg-8+etch16 AND libapache-mod-php5 DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-recode DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-cgi DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-curl DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-snmp DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-mysql DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-odbc DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-xsl DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-gd DPKG is earlier than 5.2.0+dfsg-8+etch16 AND libapache2-mod-php5 DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-mhash DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-tidy DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-mcrypt DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-dev DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-pgsql DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-xmlrpc DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-imap DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-sqlite DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-ldap DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-cli DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-sybase DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-pspell DPKG is earlier than 5.2.0+dfsg-8+etch16 AND php5-common DPKG is earlier than 5.2.0+dfsg-8+etch16 OR Architecture depended section Supported architectures section Installed architecture is i386 AND Installed architecture is amd64 AND php5-interbase DPKG is earlier than 5.2.0+dfsg-8+etch16

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:13519

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:13519

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0418s

Facebook rss twitter linkedin mail