New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2009-4142 The htmlspecialchars function does not properly handle invalid multi-byte sequences.
- CVE-2009-4143 Memory corruption via session interruption.
In the stable distribution (lenny), this update also includes bug fixes (bug #529278, #556459, #565387, #523073) that were to be included in a stable point release as version 5.2.6.dfsg.1-1+lenny5.
SolutionUpgrade the php5 packages.
For the stable distribution (lenny), these problems have been fixed in version 5.2.6.dfsg.1-1+lenny6.