Mandriva Linux Security Advisory : php (MDVSA-2011:166)
High Nessus Plugin ID 56708
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been identified and fixed in php :
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the
__autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders (CVE-2011-3379).
The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version (2011.14) for 2011.
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.