Fedora Core 5 : php-5.1.6-1.2 (2006-1168)
High Nessus Plugin ID 24042
SynopsisThe remote Fedora Core host is missing a security update.
DescriptionThis update fixes a security vulnerability in PHP.
The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.