---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Mandriva update for php SECUNIA ADVISORY ID: SA26895 VERIFY ADVISORY: http://secunia.com/advisories/26895/ CRITICAL: Moderately critical IMPACT: Unknown, Security Bypass, Brute force, Exposure of sensitive information, Privilege escalation, DoS WHERE: >From remote OPERATING SYSTEM: Mandriva Linux 2007 http://secunia.com/product/12165/ DESCRIPTION: Mandriva has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious, local users to bypass certain security restrictions, malicious users to bypass certain security restrictions, gain escalated privileges, disclose potentially sensitive information, or cause a DoS (Denial of Service), and by malicious people to bypass certain security restrictions and cause a DoS. For more information: SA24089 SA25123 SA25306 SA25378 SA25456 SA26642 SOLUTION: Apply updated packages. Mandriva Linux 2007 57a68f47fd8c691db93b9eadbbf19b40 2007.0/i586/libphp5_common5-5.1.6-1.9mdv2007.0.i586.rpm f82d39f70da087f4d7f9470f81211276 2007.0/i586/php-cgi-5.1.6-1.9mdv2007.0.i586.rpm a22e66bf85ab53ff1782ce331ffa60a6 2007.0/i586/php-cli-5.1.6-1.9mdv2007.0.i586.rpm c3cd07dba2182b4f583794a3b240e84e 2007.0/i586/php-devel-5.1.6-1.9mdv2007.0.i586.rpm 265ef0003e043ad3013022b1e566fd89 2007.0/i586/php-fcgi-5.1.6-1.9mdv2007.0.i586.rpm 598e110d6abcc345a0b6ee1676214ee2 2007.0/i586/php-gd-5.1.6-1.3mdv2007.0.i586.rpm 0f9a486f5ccadd55c81aa61705ae5d81 2007.0/i586/php-mcrypt-5.1.6-1.1mdv2007.0.i586.rpm 6d7d80d3cdeae2e4ca286b67be659cef 2007.0/i586/php-soap-5.1.6-1.2mdv2007.0.i586.rpm 06fef845a7f0eb15fbda8e01d2449759 2007.0/SRPMS/php-5.1.6-1.9mdv2007.0.src.rpm 1c4c5379d367dd0ba8c002d2a60eb8b1 2007.0/SRPMS/php-gd-5.1.6-1.3mdv2007.0.src.rpm 4b4382448f9be55ea66f8b910a12a97c 2007.0/SRPMS/php-mcrypt-5.1.6-1.1mdv2007.0.src.rpm c9e9b415eac3b864ffcece762c6aa6bb 2007.0/SRPMS/php-soap-5.1.6-1.2mdv2007.0.src.rpm Mandriva Linux 2007/X86_64 8ddfb570e663d8b61cbfaf5bc8585d54 2007.0/x86_64/lib64php5_common5-5.1.6-1.9mdv2007.0.x86_64.rpm d05d20ad5c5ddd84649aaed661b83c7a 2007.0/x86_64/php-cgi-5.1.6-1.9mdv2007.0.x86_64.rpm 9ba45cce68ffa043cf1fb23fe765e104 2007.0/x86_64/php-cli-5.1.6-1.9mdv2007.0.x86_64.rpm 26ead0e8cd3bab9ba64cc39f596d6533 2007.0/x86_64/php-devel-5.1.6-1.9mdv2007.0.x86_64.rpm 65673d78e3e1af683d64e30ba832be63 2007.0/x86_64/php-fcgi-5.1.6-1.9mdv2007.0.x86_64.rpm 0d478806da998759a96cdbf8694c0324 2007.0/x86_64/php-gd-5.1.6-1.3mdv2007.0.x86_64.rpm 99ec9336533a6ff74b93841497a73fe1 2007.0/x86_64/php-mcrypt-5.1.6-1.1mdv2007.0.x86_64.rpm 1b5bdc02b561134835c729fb404b0931 2007.0/x86_64/php-soap-5.1.6-1.2mdv2007.0.x86_64.rpm 06fef845a7f0eb15fbda8e01d2449759 2007.0/SRPMS/php-5.1.6-1.9mdv2007.0.src.rpm 1c4c5379d367dd0ba8c002d2a60eb8b1 2007.0/SRPMS/php-gd-5.1.6-1.3mdv2007.0.src.rpm 4b4382448f9be55ea66f8b910a12a97c 2007.0/SRPMS/php-mcrypt-5.1.6-1.1mdv2007.0.src.rpm c9e9b415eac3b864ffcece762c6aa6bb 2007.0/SRPMS/php-soap-5.1.6-1.2mdv2007.0.src.rpm ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 OTHER REFERENCES: SA24089: http://secunia.com/advisories/24089/ SA25123: http://secunia.com/advisories/25123/ SA25306: http://secunia.com/advisories/25306/ SA25378: http://secunia.com/advisories/25378/ SA25456: http://secunia.com/advisories/25456/ SA26642: http://secunia.com/advisories/26642/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------