Mandriva Linux Security Advisory : php (MDVSA-2010:218)
Medium Nessus Plugin ID 50429
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities were discovered and corrected in php :
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string (CVE-2010-3710).
A NULL pointer dereference was discovered in ZipArchive::getArchiveComment (CVE-2010-3709).
A possible flaw was discovered in open_basedir (CVE-2010-3436).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.