Mandrake Security Advisory MDVSA-2009:066 (php) Network Vulnerability

Summary

The remote host is missing an update to php announced via advisory MDVSA-2009:066.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:066

Insight

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server (CVE-2009-0754). The updated packages have been patched to correct these issues. Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0

Severity

Classification

CVE CVE-2009-0754
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandriva Update for wireshark MDVSA-2012:125 (wireshark)
Mandriva Update for krb5 MDVA-2010:177-1 (krb5)
Mandriva Update for glpi-massocsimport MDVA-2011:021 (glpi-massocsimport)
Mandriva Update for gdm MDKSA-2007:169 (gdm)
Mandriva Update for systemtap MDVSA-2011:154 (systemtap)

Take action and discover your vulnerabilities