Mandriva Linux Security Advisory : php (MDVSA-2011:069)
Medium Nessus Plugin ID 53348
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionIt was discovered that the /etc/cron.d/php cron job for php-session allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php (CVE-2011-0441).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated packages contains a fix that corrects this flaw.
SolutionUpdate the affected packages.