openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4909)
High Nessus Plugin ID 30092
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update fixes multiple bugs in php by upgrading it to version 5.2.5.
- Flaws in processing multi byte sequences in htmlentities/htmlspecialchars (CVE-2007-5898)
- overly long arguments to the dl() function could crash php (CVE-2007-4825)
- overy long arguments to the glob() function could crash php (CVE-2007-4782)
- overly long arguments to some iconv functions could crash php (CVE-2007-4840)
- overy long arguments to the setlocale() function could crash php (CVE-2007-4784)
- the wordwrap-Function could cause a floating point exception (CVE-2007-3998)
- overy long arguments to the fnmatch() function could crash php (CVE-2007-4782)
- incorrect size calculation in the chunk_split function could lead to a buffer overflow (CVE-2007-4661, CVE-2007-2872)
- Flaws in the GD extension could lead to integer overflows (CVE-2007-3996)
- The money_format function contained format string flaws (CVE-2007-4658)
- Data for some time zones has been updated
- php5 has been updated to version 5.2.5 to fix those problems
SolutionUpdate the affected apache2-mod_php5 packages.