Oracle Linux 5 : php (ELSA-2009-0338)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

From Red Hat Security Advisory 2009:0338 :

Updated php packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Web server.

A heap-based buffer overflow flaw was found in PHP's mbstring
extension. A remote attacker able to pass arbitrary input to a PHP
script using mbstring conversion functions could cause the PHP
interpreter to crash or, possibly, execute arbitrary code.
(CVE-2008-5557)

A flaw was found in the handling of the 'mbstring.func_overload'
configuration setting. A value set for one virtual host, or in a
user's .htaccess file, was incorrectly applied to other virtual hosts
on the same server, causing the handling of multibyte character
strings to not work correctly. (CVE-2009-0754)

A buffer overflow flaw was found in PHP's imageloadfont function. If a
PHP script allowed a remote attacker to load a carefully crafted font
file, it could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-3658)

A flaw was found in the way PHP handled certain file extensions when
running in FastCGI mode. If the PHP interpreter was being executed via
FastCGI, a remote attacker could create a request which would cause
the PHP interpreter to crash. (CVE-2008-3660)

A memory disclosure flaw was found in the PHP gd extension's
imagerotate function. A remote attacker able to pass arbitrary values
as the 'background color' argument of the function could, possibly,
view portions of the PHP interpreter's memory. (CVE-2008-5498)

A cross-site scripting flaw was found in a way PHP reported errors for
invalid cookies. If the PHP interpreter had 'display_errors' enabled,
a remote attacker able to set a specially-crafted cookie on a victim's
system could possibly inject arbitrary HTML into an error message
generated by PHP. (CVE-2008-5814)

All php users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. The httpd web
server must be restarted for the changes to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2009-April/000949.html

Solution :

Update the affected php packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 67818 ()

Bugtraq ID:

CVE ID: CVE-2008-3658
CVE-2008-3660
CVE-2008-5498
CVE-2008-5557
CVE-2008-5814
CVE-2009-0754