|
Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2005:023: php4, php5 Vulnerability Scan
Vulnerability Scan Summary Check for the version of the php4, php5 package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2005:023 (php4, php5).
This update fixes the following security issues in the PHP scripting
language:
- A bug in getimagesize() EXIF handling which could lead to a denial of
service attack.
This is tracked by the Mitre CVE IDs CVE-2005-0524 and CVE-2005-0525.
Additionally this non-security bug was fixed:
- Performance problems of unserialize() caused by previous security
fix to unserialize were fixed.
All SUSE Linux based distributions shipping php4 and php5 were affected.
Solution : http://www.suse.de/security/advisories/2005_23_php.html
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|