Mandrake Security Advisory MDVSA-2009:188 (php4-eaccelerator)

The remote host is missing an update to php4-eaccelerator announced via advisory MDVSA-2009:188.
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
A vulnerability has been found and corrected in php4-eaccelerator: encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files (CVE-2009-2353). Additionally to adressing the security issue this update also provides php4-eaccelerator 0.9.5. Affected: Corporate 4.0