TITLE: Mandriva update for php SECUNIA ADVISORY ID: SA17557 VERIFY ADVISORY: http://secunia.com/advisories/17557/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Mandrake Corporate Server 2.x http://secunia.com/product/1222/ Mandrakelinux 10.1 http://secunia.com/product/4198/ DESCRIPTION: Mandriva has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. For more information: SA16971 SA17371 SOLUTION: Apply updated packages. Mandrakelinux 10.1: 3966e335bc3a2ae6dffbbc8e83575865 10.1/RPMS/libphp_common432-4.3.8-3.6.101mdk.i586.rpm 199fa9e0baf46bda77e660555626ed4e 10.1/RPMS/php432-devel-4.3.8-3.6.101mdk.i586.rpm 05ef30fa2004ffd60f4519fd41a444e3 10.1/RPMS/php-cgi-4.3.8-3.6.101mdk.i586.rpm fe48fbbb47b3bcdab5054ffdd2067b6a 10.1/RPMS/php-cli-4.3.8-3.6.101mdk.i586.rpm 90b47f8c1515b5043d513db11d6607ca 10.1/SRPMS/php-4.3.8-3.6.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 9fe206e55dca158523dab0a85f1a5dec x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.6.101mdk.x86_64.rpm d36a3e7f90980388196aa58b6dbb94af x86_64/10.1/RPMS/php432-devel-4.3.8-3.6.101mdk.x86_64.rpm 416b3bacf2b57f1a9cae5ca172e39135 x86_64/10.1/RPMS/php-cgi-4.3.8-3.6.101mdk.x86_64.rpm 0c27298aadb7d0a847a93316ce4d9d57 x86_64/10.1/RPMS/php-cli-4.3.8-3.6.101mdk.x86_64.rpm 90b47f8c1515b5043d513db11d6607ca x86_64/10.1/SRPMS/php-4.3.8-3.6.101mdk.src.rpm Corporate Server 2.1: 18b1c4dab517ae624ee96b7558112d84 corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.i586.rpm 25e79b0cbb0b1ed8c0915db93efe7863 corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.i586.rpm c818089e5fe42953da5ca48855c52a39 corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.i586.rpm aaafac3f547795f1e4ab50094fb05bb8 corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.i586.rpm 590fd7d0a4340ac62e443a1c1543fe60 corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm Corporate Server 2.1/X86_64: d3ad20980ced61773e64fc0cd347dbc0 x86_64/corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.x86_64.rpm 74dc4c2cd5a48ebc77d081ae64fe38cd x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.x86_64.rpm 5acad2f71a4e4728a986f08a7966846a x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.x86_64.rpm 39856102ebde84daad4d917cfa94b067 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.x86_64.rpm 590fd7d0a4340ac62e443a1c1543fe60 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm ORIGINAL ADVISORY: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:213 OTHER REFERENCES: SA16971: http://secunia.com/advisories/16971/ SA17371: http://secunia.com/advisories/17371/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------