Slackware 10.2 / 11.0 : php (SSA:2007-053-01)

critical Nessus Plugin ID 24691

Synopsis

The remote Slackware host is missing a security update.

Description

New php packages are available for Slackware 10.2 and 11.0 to improve the stability and security of PHP. Quite a few bugs were fixed -- please see http://www.php.net for a detailed list. All sites that use PHP are encouraged to upgrade. Please note that we haven't tested all PHP applications for backwards compatibility with this new upgrade, so you should have the old package on hand just in case. Both PHP 4.4.5 and PHP 5.2.1 updates have been provided. Some of these issues have been assigned CVE numbers and may be referenced in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988

Solution

Update the affected php package.

See Also

http://www.php.net

http://www.nessus.org/u?6ec7ea49

Plugin Details

Severity: Critical

ID: 24691

File Name: Slackware_SSA_2007-053-01.nasl

Version: 1.18

Type: local

Published: 2/23/2007

Updated: 1/14/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:php, cpe:/o:slackware:slackware_linux:10.2, cpe:/o:slackware:slackware_linux:11.0

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 2/23/2007

Vulnerability Publication Date: 2/13/2007

Reference Information

CVE: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988

SSA: 2007-053-01

CWE: 20, 399