This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Updated php packages fix security vulnerabilities :
The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type
Confusion issue related to the SPL ArrayObject and SPLObjectStorage
It was discovered that PHP is vulnerable to a heap-based buffer
overflow in the DNS TXT record parsing. A malicious server or
man-in-the-middle attacker could possibly use this flaw to execute
arbitrary code as the PHP interpreter if a PHP application uses
dns_get_record() to perform a DNS query (CVE-2014-4049).
A flaw was found in the way file parsed property information from
Composite Document Files (CDF) files, where the mconvert() function
did not correctly compute the truncated pascal string size
Multiple flaws were found in the way file parsed property information
from Composite Document Files (CDF) files, due to insufficient
boundary checks on buffers (CVE-2014-0207, CVE-2014-3479,
PHP contains a bundled copy of the file utility's libmagic library, so
it was vulnerable to this issue. It has been updated to versions
5.5.14, which fix this issue and several other bugs.
The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type
Confusion issue that can cause it to leak arbitrary process memory
Additionally, php-apc has been rebuilt against the updated php
packages and the php-timezonedb packages has been upgraded to the
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false
Family: Mandriva Local Security Checks
Nessus Plugin ID: 76438 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now