Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Slackware Local Security Checks >> SSA-2005-251-04 php5 in Slackware 10.1


Vulnerability Assessment Details

SSA-2005-251-04 php5 in Slackware 10.1

Vulnerability Assessment Summary
SSA-2005-251-04 php5 in Slackware 10.1

Detailed Explanation for this Vulnerability Assessment

A new php5 package is available for Slackware 10.1 in /testing to fix
security issues. PHP has been relinked with the shared PCRE library
to fix an overflow issue with PHP's builtin PRCE code, and
PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the
eval() function. The eval() function is believed to be insecure as
implemented, and would be difficult to secure.

Note that this new package now requires that the PCRE package be
installed, so be sure to get the new package from the patches/packages/
directory if you don't already have it.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498



Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Michel Arboi

Cables, Connectors

Cisco Linksys WAG320N router
$15.83
Cisco Linksys WAG320N router pictureCisco UGSW 2.5" SAS SATA HDD Hard Drive Caddy Tray GENUINE
$7.99
Cisco UGSW 2.5Genuine Cisco rack mount kit, 3750, 53-3329-02, 800-33229-02, factory sealed
$12.5
Genuine Cisco rack mount kit, 3750, 53-3329-02, 800-33229-02, factory sealed pictureCisco Linksys Compact Wireless-G USB Network Adapter WUSB54GC
$5.0
Cisco Linksys Compact Wireless-G USB Network Adapter WUSB54GC  picture


Discussions

No Discussions have been posted on this vulnerability.