SuSE 10 Security Update : PHP5 (ZYPP Patch Number 2684)
Critical Nessus Plugin ID 29377
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis update fixes security problems also fixed in PHP 5.2.1, including following problems :
- Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. (CVE-2007-0906)
- Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. (CVE-2007-0907)
- The wddx extension in PHP before 5.2.1 allows remote attackers to obtain sensitive information via unspecified vectors. (CVE-2007-0908)
- Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. (CVE-2007-0909)
- Unspecified vulnerability in PHP before 5.2.1 allows attackers to 'clobber' certain super-global variables via unspecified vectors. (CVE-2007-0910)
- Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). (CVE-2007-0911)
- PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ';' in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. And another fix for open_basedir was added to stop mixing up its setting in a virtual host environment.
SolutionApply ZYPP patch number 2684.