openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2238)

high Nessus Plugin ID 27148

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes the following security problems in the PHP scripting language :

- CVE-2006-5465: Various buffer overflows in htmlentities/htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used.

- A missing open_basedir check inside chdir() function was added.

- A tempnam() openbasedir bypass was fixed.

- A possible buffer overflow in stream_socket_client() when using 'bindto' + IPv6 was fixed.

- Do not build php5 with --enable-sigchld.

Solution

Update the affected apache2-mod_php5 packages.

Plugin Details

Severity: High

ID: 27148

File Name: suse_apache2-mod_php5-2238.nasl

Version: 1.13

Type: local

Agent: unix

Published: 10/17/2007

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:php5-gd, p-cpe:/a:novell:opensuse:php5-iconv, p-cpe:/a:novell:opensuse:php5-imap, p-cpe:/a:novell:opensuse:php5-ldap, p-cpe:/a:novell:opensuse:php5-mbstring, p-cpe:/a:novell:opensuse:php5-mysql, p-cpe:/a:novell:opensuse:php5-mysqli, p-cpe:/a:novell:opensuse:php5-pdo, p-cpe:/a:novell:opensuse:php5-pear, p-cpe:/a:novell:opensuse:php5-pgsql, p-cpe:/a:novell:opensuse:php5-soap, p-cpe:/a:novell:opensuse:php5-wddx, p-cpe:/a:novell:opensuse:php5-xmlrpc, cpe:/o:novell:opensuse:10.1, p-cpe:/a:novell:opensuse:apache2-mod_php5, p-cpe:/a:novell:opensuse:php5, p-cpe:/a:novell:opensuse:php5-bcmath, p-cpe:/a:novell:opensuse:php5-curl, p-cpe:/a:novell:opensuse:php5-dba, p-cpe:/a:novell:opensuse:php5-devel, p-cpe:/a:novell:opensuse:php5-dom, p-cpe:/a:novell:opensuse:php5-exif, p-cpe:/a:novell:opensuse:php5-fastcgi, p-cpe:/a:novell:opensuse:php5-ftp

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/7/2006

Reference Information

CVE: CVE-2006-5465