Mandriva Linux Security Advisory : php (MDVSA-2010:254)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

This is a maintenance and security update that upgrades php to 5.3.4
for 2010.0/2010.1.

Security Enhancements and Fixes in PHP 5.3.4 :

- Paths with NULL in them (foo\0bar.txt) are now
considered as invalid (CVE-2006-7243).

- Fixed bug #53512 (NumberFormatter::setSymbol crash on
bogus values) (CVE-2010-4409)

Please note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436,
CVE-2010-3709, CVE-2010-3710 were fixed in previous advisories.

Key Bug Fixes in PHP 5.3.4 include :

- Added stat support for zip stream.

- Added follow_location (enabled by default) option for
the http stream support.

- Added a 3rd parameter to get_html_translation_table. It
now takes a charset hint, like htmlentities et al.

- Implemented FR #52348, added new constant ZEND_MULTIBYTE
to detect zend multibyte at runtime.

- Multiple improvements to the FPM SAPI.

- Over 100 other bug fixes.

Additional post 5.3.4 fixes :

- Fixed bug #53517 (segfault in pgsql_stmt_execute() when
postgres is down).

- Fixed bug #53541 (format string bug in ext/phar).

Additionally some of the PECL extensions has been upgraded and/or
rebuilt for the new php version.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 51196 ()

Bugtraq ID: 44951

CVE ID: CVE-2006-7243

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now