openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)
Medium Nessus Plugin ID 27151
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update fixes multiple bugs in php :
- predictable generaton of an initialization vector (IV) in the mcrypt extension
- additional cookie attributes could be injected via a session id
- specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications
- insufficient validation of parmeters in the substr_count function
- predictable generaton of an initialization vector (IV) in the soap extension
CVE-2007-2727, CVE-2007-2748, CVE-2007-2728, CVE-2007-3472 CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478 CVE-2007-3799
SolutionUpdate the affected apache2-mod_php5 packages.