Detections
Analytics

Debian DSA-2001-1 : php5 - multiple vulnerabilities

critical Nessus Plugin ID 44865

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems :

 - CVE-2009-4142 The htmlspecialchars function does not properly handle invalid multi-byte sequences.

 - CVE-2009-4143 Memory corruption via session interruption.

In the stable distribution (lenny), this update also includes bug fixes (bug #529278, #556459, #565387, #523073) that were to be included in a stable point release as version 5.2.6.dfsg.1-1+lenny5.

Solution

Upgrade the php5 packages.

For the stable distribution (lenny), these problems have been fixed in version 5.2.6.dfsg.1-1+lenny6.

See Also

https://security-tracker.debian.org/tracker/CVE-2009-4142

https://security-tracker.debian.org/tracker/CVE-2009-4143

https://www.debian.org/security/2010/dsa-2001

Plugin Details

Severity: Critical

ID: 44865

File Name: debian_DSA-2001.nasl

Version: 1.12

Type: local

Agent: unix

Published: 2/24/2010

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:php5, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 2/19/2010

Reference Information

CVE: CVE-2009-4142, CVE-2009-4143

BID: 37390

CWE: 79

DSA: 2001