Slackware Advisory SSA:2005-251-04 Php5 In Slackware 10.1 Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2005-251-04.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2005-251-04

Insight

A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval() function. The eval() function is believed to be insecure as implemented, and would be difficult to secure. Note that this new package now requires that the PCRE package be installed, so be sure to get the new package from the patches/packages/ directory if you don't already have it.

Severity

Classification

CVE CVE-2005-2491, CVE-2005-2498
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2004-278-02 zlib DoS
Slackware Advisory SSA:2005-255-02 util-linux umount
Slackware Advisory SSA:2003-149-01 CUPS DoS vulnerability fixed
Slackware Advisory SSA:2004-124-02 sysklogd update
Slackware Advisory SSA:2006-207-01 mutt

Slackware Advisory SSA:2005-251-04 php5 in Slackware 10.1

Take action and discover your vulnerabilities