openSUSE 10 Security Update : php5 (php5-3753)
High Nessus Plugin ID 27392
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe following issues have been fixed in PHP, which were spotted by the MOPB project or fixed in PHP 5.2.3 release :
- missing open_basedir and safe_mode restriction (CVE-2007-3007)
- chunk_split() integer overflow (CVE-2007-2872)
- DoS condition in libgd's image processing (CVE-2007-2756)
- possible super-global overwrite inside import_request_variables() (CVE-2007-1396)
- buffer overflow inside user_filter_factory_create() (CVE-2007-2511)
- remotely trigger-able buffer overflow inside bundled libxmlrpc (CVE-2007-1864)
- CRLF injection inside ftp_putcmd() (CVE-2007-2509)
- remotely trigger-able buffer overflow inside make_http_soap_request() (CVE-2007-2510)
- MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability (CVE-2007-0906)
- MOPB-03-2007: deep recursion DoS (CVE-2007-1285)
SolutionUpdate the affected php5 packages.