Mandriva Linux Security Advisory : php (MDVSA-2010:139)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

This is a maintenance and security update that upgrades php to 5.2.14
for CS4/MES5/2008.0/2009.0/2009.1.

Security Enhancements and Fixes in PHP 5.2.14 :

- Rewrote var_export() to use smart_str rather than output
buffering, prevents data disclosure if a fatal error
occurs (CVE-2010-2531).

- Fixed a possible interruption array leak in

- Fixed a possible interruption array leak in strchr(),
strstr(), substr(), chunk_split(), strtok(),
addcslashes(), str_repeat(), trim().

- Fixed a possible memory corruption in substr_replace().

- Fixed SplObjectStorage unserialization problems

- Fixed a possible stack exaustion inside fnmatch().

- Fixed a NULL pointer dereference when processing
invalid XML-RPC requests (Fixes CVE-2010-0397, bug

- Fixed handling of session variable serialization on
certain prefix characters.

- Fixed a possible arbitrary memory access inside sqlite
extension. Reported by Mateusz Kocielski.

Additionally some of the third-party extensions has been upgraded
and/or rebuilt for the new php version.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: Mandriva Local Security Checks

Nessus Plugin ID: 48197 (mandriva_MDVSA-2010-139.nasl)

Bugtraq ID:

CVE ID: CVE-2010-0397

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now