Mandriva Linux Security Advisory : php (MDVSA-2010:140)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

This is a maintenance and security update that upgrades php to 5.3.3
for 2010.0/2010.1.

Security Enhancements and Fixes in PHP 5.3.3 :

- Rewrote var_export() to use smart_str rather than output
buffering, prevents data disclosure if a fatal error
occurs (CVE-2010-2531).

- Fixed a possible resource destruction issues in

- Fixed a possible information leak because of
interruption of XOR operator.

- Fixed a possible memory corruption because of unexpected
call-time pass by refernce and following memory
clobbering through callbacks.

- Fixed a possible memory corruption in

- Fixed a possible memory corruption in parse_str().

- Fixed a possible memory corruption in pack().

- Fixed a possible memory corruption in

- Fixed a possible memory corruption in addcslashes().

- Fixed a possible stack exhaustion inside fnmatch().

- Fixed a possible dechunking filter buffer overflow.

- Fixed a possible arbitrary memory access inside sqlite

- Fixed string format validation inside phar extension.

- Fixed handling of session variable serialization on
certain prefix characters.

- Fixed a NULL pointer dereference when processing invalid
XML-RPC requests (Fixes CVE-2010-0397, bug #51288).

- Fixed SplObjectStorage unserialization problems

- Fixed possible buffer overflows in
mysqlnd_list_fields, mysqlnd_change_user.

- Fixed possible buffer overflows when handling error
packets in mysqlnd.

Additionally some of the third-party extensions and required
dependencies has been upgraded and/or rebuilt for the new php version.

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: Mandriva Local Security Checks

Nessus Plugin ID: 48198 (mandriva_MDVSA-2010-140.nasl)

Bugtraq ID:

CVE ID: CVE-2010-0397

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now