Mandrake Linux Security Advisory : php (MDKSA-2006:196)
High Nessus Plugin ID 24581
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThe Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project.
The purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used) (CVE-2006-5465)
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494. (CVE-2006-5706)
Updated packages have been patched to correct these issues. Users must restart Apache for the changes to take effect.
SolutionUpdate the affected packages.