This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in php :
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not
validate the relationship between the soap.wsdl_cache_dir directive
and the open_basedir directive, which allows remote attackers to
bypass intended access restrictions by triggering the creation of
cached SOAP WSDL files in an arbitrary directory (CVE-2013-1635).
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows
remote attackers to read arbitrary files via a SOAP WSDL file
containing an XML external entity declaration in conjunction with an
entity reference, related to an XML External Entity (XXE) issue in the
soap_xmlParseFile and soap_xmlParseMemory functions (CVE-2013-1643).
Backported upstream php bug #61930: 'openssl corrupts ssl key resource
when using openssl_get_publickey\(\)' to php-5.3.x.
The new Powered by Mageia logo has been added to php, this is only a
The php-timezonedb package has been updated to the 2013.2 version.
The updated packages have been upgraded to the 5.3.23 version which is
not vulnerable to these issues.
Additionally, some packages which requires so has been rebuilt for
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true