Mandriva Update For Php MDVSA-2011:166 (php) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been identified and fixed in php: The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders (CVE-2011-3379). The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version (2011.14) for 2011. The updated packages have been patched to correct this issue.

Affected

php on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Severity

Classification

CVE CVE-2011-3379
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:121 (lcms)
Mandrake Security Advisory MDVSA-2009:022 (php)
Mandrake Security Advisory MDVSA-2009:150 (libtiff)
Mandrake Security Advisory MDVSA-2009:073 (sarg)
Mandrake Security Advisory MDVSA-2009:179 (mysql)

Mandriva Update for php MDVSA-2011:166 (php)

Take action and discover your vulnerabilities