SuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958)
Medium Nessus Plugin ID 58615
The remote SuSE 11 host is missing one or more security updates.
This update of PHP5 fixes multiple security flaws : - missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). (CVE-2011-4153) - specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. (CVE-2012-0057) - a stack-based buffer overflow in php5's Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. (CVE-2012-0807) - temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections. (CVE-2012-0831)