openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes multiple bugs in php :

- predictable generaton of an initialization vector (IV)
in the mcrypt extension

- additional cookie attributes could be injected via a
session id

- specially crafted files could cause integer overflows in
gd and leverage them to at least crash gd based
applications

- insufficient validation of parmeters in the substr_count
function

- predictable generaton of an initialization vector (IV)
in the soap extension

CVE-2007-2727, CVE-2007-2748, CVE-2007-2728, CVE-2007-3472
CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478
CVE-2007-3799

Solution :

Update the affected apache2-mod_php5 packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 27151 ()

Bugtraq ID:

CVE ID: CVE-2007-2727
CVE-2007-2728
CVE-2007-2748
CVE-2007-3472
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now