oval:org.mitre.oval:def:7890

Definition Id: oval:org.mitre.oval:def:7890

Oval ID:	oval:org.mitre.oval:def:7890
Title:	DSA-1940 php5 -- multiple issues
Description:	Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: The following issues have been fixed in both the stable (lenny) and the oldstable (etch) distributions: CVE-2009-2687, CVE-2009-3292. The exif module did not properly handle malformed jpeg files, allowing an attacker to cause a segfault, resulting in a denial of service. The php_openssl_apply_verification_policy() function did not properly perform certificate validation. Bogdan Calin discovered that a remote attacker could cause a denial of service by uploading a large number of files in using multipart/ form-data requests, causing the creation of a large number of temporary files. To address this issue, the max_file_uploads option introduced in PHP 5.3.1 has been backported. This option limits the maximum number of files uploaded per request. The default value for this new option is 50. See NEWS.Debian for more information. The following issue has been fixed in the stable (lenny) distribution: A flaw in the ini_restore() function could lead to a memory disclosure, possibly leading to the disclosure of sensitive data. In the oldstable (etch) distribution, this update also fixes a regression introduced by the fix for CVE-2008-5658 in DSA-1789-1 (bug #527560).
Family:	unix	Class:	patch
Reference(s):	DSA-1940 CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292 CVE-2008-5658	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	php5
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section php-pear is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5 is earlier than 5.2.6.dfsg.1-1+lenny4 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section php5-recode is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-cgi is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-curl is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-snmp is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-mysql is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-odbc is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-xsl is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-gd is earlier than 5.2.6.dfsg.1-1+lenny4 AND libapache2-mod-php5 is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-mhash is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-tidy is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-mcrypt is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-dev is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-pgsql is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-gmp is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-xmlrpc is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-imap is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-sqlite is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-ldap is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-cli is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-sybase is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-pspell is earlier than 5.2.6.dfsg.1-1+lenny4 AND libapache2-mod-php5filter is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-common is earlier than 5.2.6.dfsg.1-1+lenny4 AND php5-dbg is earlier than 5.2.6.dfsg.1-1+lenny4 OR Architecture dependent section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is amd64 AND php5-interbase is earlier than 5.2.6.dfsg.1-1+lenny4 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section php5 is earlier than 5.2.0+dfsg-8+etch16 AND php-pear is earlier than 5.2.0+dfsg-8+etch16 AND libapache-mod-php5 is earlier than 5.2.0+dfsg-8+etch16 AND php5-recode is earlier than 5.2.0+dfsg-8+etch16 AND php5-xmlrpc is earlier than 5.2.0+dfsg-8+etch16 AND php5-curl is earlier than 5.2.0+dfsg-8+etch16 AND php5-snmp is earlier than 5.2.0+dfsg-8+etch16 AND php5-mysql is earlier than 5.2.0+dfsg-8+etch16 AND php5-odbc is earlier than 5.2.0+dfsg-8+etch16 AND php5-xsl is earlier than 5.2.0+dfsg-8+etch16 AND php5-gd is earlier than 5.2.0+dfsg-8+etch16 AND libapache2-mod-php5 is earlier than 5.2.0+dfsg-8+etch16 AND php5-mhash is earlier than 5.2.0+dfsg-8+etch16 AND php5-tidy is earlier than 5.2.0+dfsg-8+etch16 AND php5-mcrypt is earlier than 5.2.0+dfsg-8+etch16 AND php5-dev is earlier than 5.2.0+dfsg-8+etch16 AND php5-pgsql is earlier than 5.2.0+dfsg-8+etch16 AND php5-cgi is earlier than 5.2.0+dfsg-8+etch16 AND php5-imap is earlier than 5.2.0+dfsg-8+etch16 AND php5-sqlite is earlier than 5.2.0+dfsg-8+etch16 AND php5-ldap is earlier than 5.2.0+dfsg-8+etch16 AND php5-cli is earlier than 5.2.0+dfsg-8+etch16 AND php5-sybase is earlier than 5.2.0+dfsg-8+etch16 AND php5-pspell is earlier than 5.2.0+dfsg-8+etch16 AND php5-common is earlier than 5.2.0+dfsg-8+etch16 OR Architecture dependent section Supported architectures section Installed architecture is i386 AND Installed architecture is amd64 AND php5-interbase is earlier than 5.2.0+dfsg-8+etch16

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:7890

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:7890

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0414s

Facebook rss twitter linkedin mail