SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3754)

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

The following issues have been fixed :

- missing open_basedir and safe_mode restriction.

- chunk_split() integer overflow. (CVE-2007-2872)

- DoS condition in libgd's image processing.

- possible super-global overwrite inside
import_request_variables(). (CVE-2007-1396)

- buffer overflow inside user_filter_factory_create().

- remotely trigger-able buffer overflow inside bundled
libxmlrpc. (CVE-2007-1864)

- CRLF injection inside ftp_putcmd(). (CVE-2007-2509)

- remotely trigger-able buffer overflow inside
make_http_soap_request(). (CVE-2007-2510)

- MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer
Overflow Vulnerability. (CVE-2007-0906)

- MOPB-03-2007: deep recursion DoS (CVE-2007-1285)

See also :

Solution :

Apply ZYPP patch number 3754.

Risk factor :

High / CVSS Base Score : 7.5