New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionThis is a maintenance and security update that upgrades php to 5.3.4 for 2010.0/2010.1.
Security Enhancements and Fixes in PHP 5.3.4 :
- Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
- Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus values) (CVE-2010-4409)
Please note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710 were fixed in previous advisories.
Key Bug Fixes in PHP 5.3.4 include :
- Added stat support for zip stream.
- Added follow_location (enabled by default) option for the http stream support.
- Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
- Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
- Multiple improvements to the FPM SAPI.
- Over 100 other bug fixes.
Additional post 5.3.4 fixes :
- Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down).
- Fixed bug #53541 (format string bug in ext/phar).
Additionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version.
SolutionUpdate the affected packages.