Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:196 (php)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57627

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:196 (php)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to php
announced via advisory MDKSA-2006:196.

The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used)

In addition, selected patches backported from php cvs that address
other issues that may or may not have security implications have been
applied to this release.

Updated packages have been patched to correct these issues. Users must
restart Apache for the changes to take effect.

Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:196

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-5465
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
BugTraq ID: 20879
http://www.securityfocus.com/bid/20879
Bugtraq: 20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/450431/100/0/threaded
Bugtraq: 20061109 rPSA-2006-0205-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/451098/100/0/threaded
Bugtraq: 20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/453024/100/0/threaded
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Cisco Security Advisory: 20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces
http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml
Cisco Security Advisory: 20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces
http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html
Debian Security Information: DSA-1206 (Google Search)
http://www.debian.org/security/2006/dsa-1206
http://security.gentoo.org/glsa/glsa-200703-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:196
http://www.hardened-php.net/advisory_132006.138.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240
http://www.redhat.com/support/errata/RHSA-2006-0730.html
http://www.redhat.com/support/errata/RHSA-2006-0731.html
RedHat Security Advisories: RHSA-2006:0736
http://rhn.redhat.com/errata/RHSA-2006-0736.html
http://securitytracker.com/id?1017152
http://securitytracker.com/id?1017296
http://secunia.com/advisories/22653
http://secunia.com/advisories/22685
http://secunia.com/advisories/22688
http://secunia.com/advisories/22693
http://secunia.com/advisories/22713
http://secunia.com/advisories/22753
http://secunia.com/advisories/22759
http://secunia.com/advisories/22779
http://secunia.com/advisories/22881
http://secunia.com/advisories/22929
http://secunia.com/advisories/23139
http://secunia.com/advisories/23155
http://secunia.com/advisories/23247
http://secunia.com/advisories/24606
http://secunia.com/advisories/25047
SGI Security Advisory: 20061101-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
SuSE Security Announcement: SUSE-SA:2006:067 (Google Search)
http://www.novell.com/linux/security/advisories/2006_67_php.html
http://www.trustix.org/errata/2006/0061/
TurboLinux Advisory: TLSA-2006-38
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://www.ubuntu.com/usn/usn-375-1
http://www.vupen.com/english/advisories/2006/4317
http://www.vupen.com/english/advisories/2006/4749
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2007/1546
XForce ISS Database: php-htmlentities-bo(29971)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29971

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57627
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:196 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDKSA-2006:196. The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used) In addition, selected patches backported from php cvs that address other issues that may or may not have security implications have been applied to this release. Updated packages have been patched to correct these issues. Users must restart Apache for the changes to take effect. Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:196 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5465 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html BugTraq ID: 20879 http://www.securityfocus.com/bid/20879 Bugtraq: 20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/450431/100/0/threaded Bugtraq: 20061109 rPSA-2006-0205-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/451098/100/0/threaded Bugtraq: 20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability (Google Search) http://www.securityfocus.com/archive/1/453024/100/0/threaded Cert/CC Advisory: TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html Cisco Security Advisory: 20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml Cisco Security Advisory: 20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html Debian Security Information: DSA-1206 (Google Search) http://www.debian.org/security/2006/dsa-1206 http://security.gentoo.org/glsa/glsa-200703-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:196 http://www.hardened-php.net/advisory_132006.138.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240 http://www.redhat.com/support/errata/RHSA-2006-0730.html http://www.redhat.com/support/errata/RHSA-2006-0731.html RedHat Security Advisories: RHSA-2006:0736 http://rhn.redhat.com/errata/RHSA-2006-0736.html http://securitytracker.com/id?1017152 http://securitytracker.com/id?1017296 http://secunia.com/advisories/22653 http://secunia.com/advisories/22685 http://secunia.com/advisories/22688 http://secunia.com/advisories/22693 http://secunia.com/advisories/22713 http://secunia.com/advisories/22753 http://secunia.com/advisories/22759 http://secunia.com/advisories/22779 http://secunia.com/advisories/22881 http://secunia.com/advisories/22929 http://secunia.com/advisories/23139 http://secunia.com/advisories/23155 http://secunia.com/advisories/23247 http://secunia.com/advisories/24606 http://secunia.com/advisories/25047 SGI Security Advisory: 20061101-01-P ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P SuSE Security Announcement: SUSE-SA:2006:067 (Google Search) http://www.novell.com/linux/security/advisories/2006_67_php.html http://www.trustix.org/errata/2006/0061/ TurboLinux Advisory: TLSA-2006-38 http://www.turbolinux.com/security/2006/TLSA-2006-38.txt http://www.ubuntu.com/usn/usn-375-1 http://www.vupen.com/english/advisories/2006/4317 http://www.vupen.com/english/advisories/2006/4749 http://www.vupen.com/english/advisories/2006/4750 http://www.vupen.com/english/advisories/2007/1546 XForce ISS Database: php-htmlentities-bo(29971) https://exchange.xforce.ibmcloud.com/vulnerabilities/29971
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com