Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2012-1045)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123893

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2012-1045)

Resumen: The remote host is missing an update for the 'php' package(s) announced via the ELSA-2012-1045 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php' package(s) announced via the ELSA-2012-1045 advisory.

Vulnerability Insight:
[5.1.6-39]
- fix issue in CVE-2012-0057 patch

[5.1.6-38]
- fix memory handling in CVE-2012-0789 patch

[5.1.6-37]
- add security fixes for CVE-2012-0057, CVE-2011-4153, CVE-2012-0789,
CVE-2012-1172

[5.1.6-36]
- add security fix for CVE-2012-2336

Affected Software/OS:
'php' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4153
Bugtraq: 20120114 PHP 5.3.8 Multiple vulnerabilities (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
http://www.exploit-db.com/exploits/18370/
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: HPSBUX02791
http://marc.info/?l=bugtraq&m=134012830914727&w=2
HPdes Security Advisory: SSRT100856
HPdes Security Advisory: SSRT100877
http://cxsecurity.com/research/103
http://secunia.com/advisories/48668
SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html
SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-0057
Debian Security Information: DSA-2399 (Google Search)
http://www.debian.org/security/2012/dsa-2399
http://openwall.com/lists/oss-security/2012/01/13/4
http://openwall.com/lists/oss-security/2012/01/13/10
http://openwall.com/lists/oss-security/2012/01/13/5
http://openwall.com/lists/oss-security/2012/01/13/6
http://openwall.com/lists/oss-security/2012/01/13/7
http://openwall.com/lists/oss-security/2012/01/14/1
http://openwall.com/lists/oss-security/2012/01/14/2
http://openwall.com/lists/oss-security/2012/01/14/3
http://openwall.com/lists/oss-security/2012/01/15/2
http://openwall.com/lists/oss-security/2012/01/15/1
http://openwall.com/lists/oss-security/2012/01/15/10
http://openwall.com/lists/oss-security/2012/01/18/3
XForce ISS Database: php-libxslt-security-bypass(72908)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72908
Common Vulnerability Exposure (CVE) ID: CVE-2012-0789
Common Vulnerability Exposure (CVE) ID: CVE-2012-1172
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Debian Security Information: DSA-2465 (Google Search)
http://www.debian.org/security/2012/dsa-2465
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/
https://bugs.php.net/bug.php?id=48597
https://bugs.php.net/bug.php?id=49683
https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/
https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf
http://openwall.com/lists/oss-security/2012/03/13/4
SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-2336
49014
http://secunia.com/advisories/49014
HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
SSRT100992
SUSE-SU-2012:0721
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html
SUSE-SU-2012:0840
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
http://www.php.net/ChangeLog-5.php#5.4.3
http://www.php.net/archive/2012.php#id2012-05-08-1
https://bugs.php.net/bug.php?id=61910
https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123893
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2012-1045)
Resumen:	The remote host is missing an update for the 'php' package(s) announced via the ELSA-2012-1045 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php' package(s) announced via the ELSA-2012-1045 advisory. Vulnerability Insight: [5.1.6-39] - fix issue in CVE-2012-0057 patch [5.1.6-38] - fix memory handling in CVE-2012-0789 patch [5.1.6-37] - add security fixes for CVE-2012-0057, CVE-2011-4153, CVE-2012-0789, CVE-2012-1172 [5.1.6-36] - add security fix for CVE-2012-2336 Affected Software/OS: 'php' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4153 Bugtraq: 20120114 PHP 5.3.8 Multiple vulnerabilities (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html http://www.exploit-db.com/exploits/18370/ HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 HPdes Security Advisory: SSRT100856 HPdes Security Advisory: SSRT100877 http://cxsecurity.com/research/103 http://secunia.com/advisories/48668 SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2012-0057 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://openwall.com/lists/oss-security/2012/01/13/4 http://openwall.com/lists/oss-security/2012/01/13/10 http://openwall.com/lists/oss-security/2012/01/13/5 http://openwall.com/lists/oss-security/2012/01/13/6 http://openwall.com/lists/oss-security/2012/01/13/7 http://openwall.com/lists/oss-security/2012/01/14/1 http://openwall.com/lists/oss-security/2012/01/14/2 http://openwall.com/lists/oss-security/2012/01/14/3 http://openwall.com/lists/oss-security/2012/01/15/2 http://openwall.com/lists/oss-security/2012/01/15/1 http://openwall.com/lists/oss-security/2012/01/15/10 http://openwall.com/lists/oss-security/2012/01/18/3 XForce ISS Database: php-libxslt-security-bypass(72908) https://exchange.xforce.ibmcloud.com/vulnerabilities/72908 Common Vulnerability Exposure (CVE) ID: CVE-2012-0789 Common Vulnerability Exposure (CVE) ID: CVE-2012-1172 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html Debian Security Information: DSA-2465 (Google Search) http://www.debian.org/security/2012/dsa-2465 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/ https://bugs.php.net/bug.php?id=48597 https://bugs.php.net/bug.php?id=49683 https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/ https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf http://openwall.com/lists/oss-security/2012/03/13/4 SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2336 49014 http://secunia.com/advisories/49014 HPSBMU02900 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 SSRT100992 SUSE-SU-2012:0721 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html SUSE-SU-2012:0840 http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html http://www.php.net/ChangeLog-5.php#5.4.3 http://www.php.net/archive/2012.php#id2012-05-08-1 https://bugs.php.net/bug.php?id=61910 https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1
Copyright	Copyright (C) 2015 Greenbone AG