SUSE-SA:2005:049: php4, php5

high Nessus Plugin ID 19928

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:049 (php4, php5).


This update fixes the following security issues in the PHP scripting language.

- Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498).

The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications.

- A integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491)

Solution

http://www.suse.de/security/advisories/2005_49_php.html

Plugin Details

Severity: High

ID: 19928

File Name: suse_SA_2005_049.nasl

Version: 1.9

Agent: unix

Published: 10/5/2005

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list