Mandriva Linux Security Advisory : php (MDVSA-2009:248)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Multiple vulnerabilities was discovered and corrected in php :

The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).

Unspecified vulnerability in PHP before 5.2.11 has unknown impact and
attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)

Unspecified vulnerability in the imagecolortransparent function in PHP
before 5.2.11 has unknown impact and attack vectors related to an
incorrect sanity check for the color index. (CVE-2009-3293). However
in Mandriva we don't use the bundled libgd source in php per default,
there is a unsupported package in contrib named php-gd-bundled that
eventually will get updated to pickup these fixes.

This update provides a solution to these vulnerabilities.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 48154 (mandriva_MDVSA-2009-248.nasl)

Bugtraq ID: 36449

CVE ID: CVE-2009-3291

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now