openSUSE 10 Security Update : php5 (php5-3753)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The following issues have been fixed in PHP, which were spotted by the
MOPB project or fixed in PHP 5.2.3 release :

- missing open_basedir and safe_mode restriction
(CVE-2007-3007)

- chunk_split() integer overflow (CVE-2007-2872)

- DoS condition in libgd's image processing
(CVE-2007-2756)

- possible super-global overwrite inside
import_request_variables() (CVE-2007-1396)

- buffer overflow inside user_filter_factory_create()
(CVE-2007-2511)

- remotely trigger-able buffer overflow inside bundled
libxmlrpc (CVE-2007-1864)

- CRLF injection inside ftp_putcmd() (CVE-2007-2509)

- remotely trigger-able buffer overflow inside
make_http_soap_request() (CVE-2007-2510)

- MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer
Overflow Vulnerability (CVE-2007-0906)

- MOPB-03-2007: deep recursion DoS (CVE-2007-1285)

Solution :

Update the affected php5 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now