rPSA-2006-0182-1 php php-mysql php-pgsql
Date: Thu, 05 Oct 2006 17:45:48 -0400
From: rPath Update Announcements <announce-noreply@rpath.com.>
To: [email protected],
Subject: rPSA-2006-0182-1 php php-mysql php-pgsql
Message-ID: <45257d0c.GEJu1EwQsXmDY1At%[email protected]>
User-Agent: nail 11.22 3/20/05
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru
rPath Security Advisory: 2006-0182-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote System User Deterministic Unauthorized Access
Updated Versions:
php=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1
php-mysql=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1
php-pgsql=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3017
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486
https://issues.rpath.com/browse/RPL-683
Description:
Previous versions of the php package contain multiple vulnerabilities,
or weaknesses that may enable vulnerabilities in applications written
in php. The most severe of these vulnerabilities may enable remote
unauthorized access vulnerabilities, depending on the application or
applications involved. Other vulnerabilities or weaknesses involve
SQL injection attacks, cross-site scripting (XSS), information
exposure, and denial of service vulnerabilities.
