This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
This is a maintenance and security update that upgrades php to 5.3.4
Security Enhancements and Fixes in PHP 5.3.4 :
- Paths with NULL in them (foo\0bar.txt) are now
considered as invalid (CVE-2006-7243).
- Fixed bug #53512 (NumberFormatter::setSymbol crash on
bogus values) (CVE-2010-4409)
Please note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436,
CVE-2010-3709, CVE-2010-3710 were fixed in previous advisories.
Key Bug Fixes in PHP 5.3.4 include :
- Added stat support for zip stream.
- Added follow_location (enabled by default) option for
the http stream support.
- Added a 3rd parameter to get_html_translation_table. It
now takes a charset hint, like htmlentities et al.
- Implemented FR #52348, added new constant ZEND_MULTIBYTE
to detect zend multibyte at runtime.
- Multiple improvements to the FPM SAPI.
- Over 100 other bug fixes.
Additional post 5.3.4 fixes :
- Fixed bug #53517 (segfault in pgsql_stmt_execute() when
postgres is down).
- Fixed bug #53541 (format string bug in ext/phar).
Additionally some of the PECL extensions has been upgraded and/or
rebuilt for the new php version.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true