Fedora 13 : maniadrive-1.2-23.fc13 / php-5.3.4-1.fc13.1 / php-eaccelerator-0.9.6.1-3.fc13 (2010-19011)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

Security Enhancements and Fixes in PHP 5.3.4 :

- Fixed crash in zip extract method (possible CWE-170).

- Paths with NULL in them (foo\0bar.txt) are now
considered as invalid (CVE-2006-7243).

- Fixed a possible double free in imap extension
(Identified by Mateusz Kocielski). (CVE-2010-4150).

- Fixed NULL pointer dereference in
ZipArchive::getArchiveComment. (CVE-2010-3709).

- Fixed possible flaw in open_basedir (CVE-2010-3436).

- Fixed MOPS-2010-24, fix string validation.
(CVE-2010-2950).

- Fixed symbolic resolution support when the target is a
DFS share.

- Fixed bug #52929 (Segfault in filter_var with
FILTER_VALIDATE_EMAIL with large amount of data)
(CVE-2010-3710).

Key Bug Fixes in PHP 5.3.4 include :

- Added stat support for zip stream.

- Added follow_location (enabled by default) option for
the http stream support.

- Added a 3rd parameter to get_html_translation_table.
It now takes a charset hint, like htmlentities et al.

- Implemented FR #52348, added new constant
ZEND_MULTIBYTE to detect zend multibyte at runtime.

Full upstream Changelog : http://www.php.net/ChangeLog-5.php#5.3.4

This update also provides php-eaccelerator and maniadrive packages
rebuild against update php.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.php.net/ChangeLog-5.php#5.3.4
https://bugzilla.redhat.com/show_bug.cgi?id=646684
https://bugzilla.redhat.com/show_bug.cgi?id=649056
https://bugzilla.redhat.com/show_bug.cgi?id=651206
https://bugzilla.redhat.com/show_bug.cgi?id=651682
https://bugzilla.redhat.com/show_bug.cgi?id=652836
https://bugzilla.redhat.com/show_bug.cgi?id=656917
https://bugzilla.redhat.com/show_bug.cgi?id=660382
http://www.nessus.org/u?6016f929
http://www.nessus.org/u?9c46c86e
http://www.nessus.org/u?ea13a1e7

Solution :

Update the affected maniadrive, php and / or php-eaccelerator
packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 51413 ()

Bugtraq ID: 43926
44605
44718
44727
44889
44980
45119

CVE ID: CVE-2009-5016
CVE-2010-3709
CVE-2010-3710
CVE-2010-3870
CVE-2010-4150
CVE-2010-4156
CVE-2010-4409

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now