Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:166 (php)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72065

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:166 (php)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to php
announced via advisory MDVSA-2011:166.

A vulnerability has been identified and fixed in php:

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the
__autoload function, which makes it easier for remote attackers to
execute arbitrary code by providing a crafted URL and leveraging
potentially unsafe behavior in certain PEAR packages and custom
autoloaders (CVE-2011-3379).

The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory
and is now being provided, the php-timezonedb package was upgraded
to the latest version (2011.14) for 2011.

The updated packages have been patched to correct this issue.

Affected: 2010.1, 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:166

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-3379
20110923 Security issue is_a function in PHP 5.3.7+
http://www.securityfocus.com/archive/1/519770/30/0/threaded
8525
http://securityreason.com/securityalert/8525
HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
SSRT100877
http://svn.php.net/viewvc/?view=revision&revision=317183
http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
https://bugs.php.net/bug.php?id=55475
https://bugzilla.redhat.com/show_bug.cgi?id=741020

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72065
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:166 (php)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to php announced via advisory MDVSA-2011:166. A vulnerability has been identified and fixed in php: The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders (CVE-2011-3379). The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version (2011.14) for 2011. The updated packages have been patched to correct this issue. Affected: 2010.1, 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:166 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3379 20110923 Security issue is_a function in PHP 5.3.7+ http://www.securityfocus.com/archive/1/519770/30/0/threaded 8525 http://securityreason.com/securityalert/8525 HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 SSRT100877 http://svn.php.net/viewvc/?view=revision&revision=317183 http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/ https://bugs.php.net/bug.php?id=55475 https://bugzilla.redhat.com/show_bug.cgi?id=741020
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com