Mandrake Linux Security Advisory : php (MDKSA-2006:074)
Medium Nessus Plugin ID 21281
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP <= 5.1.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. (CVE-2006-0996)
Directory traversal vulnerability in file.c in PHP <= 5.1.2 allows local users to bypass open_basedir restrictions and allows remote attackers to create files in arbitrary directories via the tempnam function. (CVE-2006-1494)
The copy function in file.c in PHP <= 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. (CVE-2006-1608)
Updated packages have been patched to address these issues. After upgrading these packages, please run 'service httpd restart'.
SolutionUpdate the affected packages.