Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Mandriva Security Update Fixes PHP Cross Site Scripting Vulnerabilities

Title : Mandriva Security Update Fixes PHP Cross Site Scripting Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-0410
CVE ID : CVE-2006-0207 - CVE-2006-0208
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-02

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Mandriva has released updated packages to address multiple vulnerabilities identified in PHP. These flaws may be exploited by malicious people to conduct cross site scripting and response splitting attacks. For additional information, see : VUPEN/ADV-2006-0177

Affected Products

Mandriva Linux 10.1
Mandriva Linux 10.2
Mandriva Linux 2006.0
Corporate Server 2.1
Corporate 3.0
Multi Network Firewall 2.0

Solution

Upgrade the affected packages :

Mandriva Linux 10.1:
df01c3861affe2f3e1c889018bb2bdbf 10.1/RPMS/libphp_common432-4.3.8-3.7.101mdk.i586.rpm
f9df1052bc1f6ce85a3bbb5ec544b077 10.1/RPMS/php432-devel-4.3.8-3.7.101mdk.i586.rpm
3be049c85f40f7051f3cf1e44b165485 10.1/RPMS/php-cgi-4.3.8-3.7.101mdk.i586.rpm
de903ca3c9126f451f48d71e30042066 10.1/RPMS/php-cli-4.3.8-3.7.101mdk.i586.rpm
d697297c4330d93379848b2f3ea5b59c 10.1/SRPMS/php-4.3.8-3.7.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
c9123a9203fd795b7445c2d54b2e0e65 x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.7.101mdk.x86_64.rpm
a8ec659d640715f2cbe8ec5b93868de2 x86_64/10.1/RPMS/php432-devel-4.3.8-3.7.101mdk.x86_64.rpm
76ff7da663400e000c148d5562540097 x86_64/10.1/RPMS/php-cgi-4.3.8-3.7.101mdk.x86_64.rpm
d4c84cc9cf9325560e641f20040579ee x86_64/10.1/RPMS/php-cli-4.3.8-3.7.101mdk.x86_64.rpm
d697297c4330d93379848b2f3ea5b59c x86_64/10.1/SRPMS/php-4.3.8-3.7.101mdk.src.rpm

Mandriva Linux 10.2:
fb20504431c87a13d3dccc44a14cc8fb 10.2/RPMS/libphp_common432-4.3.10-7.5.102mdk.i586.rpm
a4a9a3e923ad9fb3364cb40fc65d4dda 10.2/RPMS/php432-devel-4.3.10-7.5.102mdk.i586.rpm
603deaacb7e29fbb89c45bbedc5669dd 10.2/RPMS/php-cgi-4.3.10-7.5.102mdk.i586.rpm
80c2c8841acd4119ef49be89c0fcc2d0 10.2/RPMS/php-cli-4.3.10-7.5.102mdk.i586.rpm
7e608b7cc03ac505f9a118f75fd62d25 10.2/SRPMS/php-4.3.10-7.5.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
17a7eb595d3d46d7a5aaface597c8667 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.5.102mdk.x86_64.rpm
b1e1b44ebdefde1f92fd4067f8dbabf5 x86_64/10.2/RPMS/php432-devel-4.3.10-7.5.102mdk.x86_64.rpm
778fa2d2adaf31a8cb7e31dbd808066e x86_64/10.2/RPMS/php-cgi-4.3.10-7.5.102mdk.x86_64.rpm
d02642564aa38691a881194c2662d98c x86_64/10.2/RPMS/php-cli-4.3.10-7.5.102mdk.x86_64.rpm
7e608b7cc03ac505f9a118f75fd62d25 x86_64/10.2/SRPMS/php-4.3.10-7.5.102mdk.src.rpm

Mandriva Linux 2006.0:
f2b7973428979dd09f52accd547568da 2006.0/RPMS/libphp5_common5-5.0.4-9.3.20060mdk.i586.rpm
5f4d832f023ab7a89ef0100bf84f5287 2006.0/RPMS/php-cgi-5.0.4-9.3.20060mdk.i586.rpm
2670bb765568506f6747a73974939c07 2006.0/RPMS/php-cli-5.0.4-9.3.20060mdk.i586.rpm
379cda215916c997a1dc2dbd5fb2620c 2006.0/RPMS/php-devel-5.0.4-9.3.20060mdk.i586.rpm
ca8db2763cf64ea2bac4322ee9cca899 2006.0/RPMS/php-fcgi-5.0.4-9.3.20060mdk.i586.rpm
92af673ab17df4b7dfe7fdebee76a48b 2006.0/SRPMS/php-5.0.4-9.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
f3d43c707c9a8d5cec75bafcb78e6ab1 x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.3.20060mdk.x86_64.rpm
2f94a04a14fe62fae94111b6cb684ece x86_64/2006.0/RPMS/php-cgi-5.0.4-9.3.20060mdk.x86_64.rpm
4ede0e512810b584bed25e09fca6ba4a x86_64/2006.0/RPMS/php-cli-5.0.4-9.3.20060mdk.x86_64.rpm
f172b4c76fcf58cd9dc090a25103f6a5 x86_64/2006.0/RPMS/php-devel-5.0.4-9.3.20060mdk.x86_64.rpm
79efe6cf1c641439fe1bbd4e75b8fc4f x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.3.20060mdk.x86_64.rpm
92af673ab17df4b7dfe7fdebee76a48b x86_64/2006.0/SRPMS/php-5.0.4-9.3.20060mdk.src.rpm

Corporate Server 2.1:
09f5076909971d5604836d7b9ea9fd45 corporate/2.1/RPMS/php-4.2.3-4.7.C21mdk.i586.rpm
8c035441a66315b1eff8b17312c3a930 corporate/2.1/RPMS/php-common-4.2.3-4.7.C21mdk.i586.rpm
c6f1fd24fe3e8f1ab43dcac22606486f corporate/2.1/RPMS/php-devel-4.2.3-4.7.C21mdk.i586.rpm
86819061809b349bd18566a406273570 corporate/2.1/RPMS/php-pear-4.2.3-4.7.C21mdk.i586.rpm
7dd951360a264bf5866d065a00d5238f corporate/2.1/SRPMS/php-4.2.3-4.7.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
37b27434d1c44f27d8c277ae564b936e x86_64/corporate/2.1/RPMS/php-4.2.3-4.7.C21mdk.x86_64.rpm
6136563a8257ef44180ca6b4401901f6 x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.7.C21mdk.x86_64.rpm
bbdb1dbdda2d70b035ef466443bfc422 x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.7.C21mdk.x86_64.rpm
5d44bf1bfea2cf67b4d8e89199163451 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.7.C21mdk.x86_64.rpm
7dd951360a264bf5866d065a00d5238f x86_64/corporate/2.1/SRPMS/php-4.2.3-4.7.C21mdk.src.rpm

Corporate 3.0:
f888ebc54f82378b18d93215be73d644 corporate/3.0/RPMS/libphp_common432-4.3.4-4.9.C30mdk.i586.rpm
1b24d7a3868b0ad3447306d68278ea9a corporate/3.0/RPMS/php432-devel-4.3.4-4.9.C30mdk.i586.rpm
5bc5839d0a2747b4752af35136e198e7 corporate/3.0/RPMS/php-cgi-4.3.4-4.9.C30mdk.i586.rpm
d78925d4af67aa5485e5b46c41989b9c corporate/3.0/RPMS/php-cli-4.3.4-4.9.C30mdk.i586.rpm
27ef8f959b0f289b57762ff27a5ac80b corporate/3.0/SRPMS/php-4.3.4-4.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
9bed4b632f00c11be8a5ad2f18f55856 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.9.C30mdk.x86_64.rpm
46f077064f5f9c200fda31f35975a16c x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.9.C30mdk.x86_64.rpm
ed1e1bba020c45e77f29193925639e2e x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.9.C30mdk.x86_64.rpm
6bdd852998838bc68e15bd336aedd197 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.9.C30mdk.x86_64.rpm
27ef8f959b0f289b57762ff27a5ac80b x86_64/corporate/3.0/SRPMS/php-4.3.4-4.9.C30mdk.src.rpm

Multi Network Firewall 2.0:
5addfadc57bce90e16b99fa09c8223d0 mnf/2.0/RPMS/libphp_common432-4.3.4-4.9.M20mdk.i586.rpm
68ebbc08d9225e65e7760a98a440fc50 mnf/2.0/RPMS/php432-devel-4.3.4-4.9.M20mdk.i586.rpm
c3e1085df6f3e9802d25c31201f91004 mnf/2.0/RPMS/php-cgi-4.3.4-4.9.M20mdk.i586.rpm
ae86a53032acd9d82f9dbfba561a173c mnf/2.0/RPMS/php-cli-4.3.4-4.9.M20mdk.i586.rpm
01bd5e9d8cb5520e29a9dec0358c1ecd mnf/2.0/SRPMS/php-4.3.4-4.9.M20mdk.src.rpm

References

http://www.vupen.com/english/advisories/2006/0410
http://www.frsirt.com/english/reference/5324

ChangeLog

2006-02-02 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy