[Full-disclosure] rPSA-2006-0182-1 php php-mysql php-pgsql
rPath Update Announcements
announce-noreply at rpath.com
Thu Oct 5 22:45:48 BST 2006
rPath Security Advisory: 2006-0182-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote System User Deterministic Unauthorized Access
Updated Versions:
php=/conary.rpath.com at rpl:devel//1/4.3.11-15.7-1
php-mysql=/conary.rpath.com at rpl:devel//1/4.3.11-15.7-1
php-pgsql=/conary.rpath.com at rpl:devel//1/4.3.11-15.7-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3017
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486
https://issues.rpath.com/browse/RPL-683
Description:
Previous versions of the php package contain multiple vulnerabilities,
or weaknesses that may enable vulnerabilities in applications written
in php. The most severe of these vulnerabilities may enable remote
unauthorized access vulnerabilities, depending on the application or
applications involved. Other vulnerabilities or weaknesses involve
SQL injection attacks, cross-site scripting (XSS), information
exposure, and denial of service vulnerabilities.
Full-Disclosure is hosted and sponsored by Secunia.