Mandrake Linux Security Advisory : php (MDKSA-2006:028)
Medium Nessus Plugin ID 20849
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMultiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in 'certain error conditions.' (CVE-2006-0208). This issue does not affect Corporate Server 2.1.
Updated packages are patched to address these issues. Users must execute 'service httpd restart' for the new PHP modules to be loaded by Apache.
SolutionUpdate the affected packages.