Mandriva Update For Php MDVSA-2010:058 (php) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been found and corrected in php: * Improved LCG entropy. (Rasmus, Samy Kamkar) * Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) * Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia) Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

Affected

php on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2009.1, Mandriva Linux 2009.1/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:012 (mozilla-thunderbird)
Mandrake Security Advisory MDVSA-2009:041 (jhead)
Mandrake Security Advisory MDVSA-2009:142 (jasper)
Mandrake Security Advisory MDVSA-2009:081 (libsoup)
Mandrake Security Advisory MDVSA-2009:075 (firefox)

Mandriva Update for php MDVSA-2010:058 (php)

Take action and discover your vulnerabilities