Fedora 12 : maniadrive-1.2-21.fc12 / php-5.3.2-1.fc12 (2010-4212)

high Nessus Plugin ID 47341

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.2: - Improved LCG entropy. (Rasmus, Samy Kamkar) - Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) - Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia) Key Bug Fixes in PHP 5.3.2 include: - Added support for SHA-256 and SHA-512 to php's crypt. - Added protection for $_SESSION from interrupt corruption and improved 'session.save_path' check. - Fixed bug #51059 (crypt crashes when invalid salt are given). - Fixed bug #50940 Custom content-length set incorrectly in Apache sapis. - Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). - Fixed bug #50723 (Bug in garbage collector causes crash). - Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). - Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).

- Fixed bug #50540 (Crash while running ldap_next_reference test cases). - Fixed bug #49851 (http wrapper breaks on 1024 char long headers). - Over 60 other bug fixes. Full upstream changelog:
http://www.php.net/ChangeLog-5.php#5.3.2

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected maniadrive and / or php packages.

See Also

http://www.php.net/ChangeLog-5.php#5.3.2

https://bugzilla.redhat.com/show_bug.cgi?id=570769

http://www.nessus.org/u?7bfe0751

http://www.nessus.org/u?b126b0ff

Plugin Details

Severity: High

ID: 47341

File Name: fedora_2010-4212.nasl

Version: 1.14

Type: local

Agent: unix

Published: 7/1/2010

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:maniadrive, p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:12

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/11/2010

Reference Information

BID: 38182, 38430, 38431

FEDORA: 2010-4212