Mandriva Update For Libmbfl MDVSA-2010:225-1 (libmbfl) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in libmbfl (php): * Fix bug #53273 (mb_strcut() returns garbage with the excessive length parameter) (CVE-2010-4156). The updated packages have been patched to correct these issues. Update: The MDVSA-2010:225 advisory used the wrong patch to address the problem, however it did fix the issue. This advisory provides the correct upstream patch.

Affected

libmbfl on Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Severity

Classification

CVE CVE-2010-4156

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:094 (mysql)
Mandrake Security Advisory MDVSA-2009:154 (dhcp)
Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)
Mandrake Security Advisory MDVSA-2009:037 (bind)
Mandrake Security Advisory MDVSA-2009:043 (gnumeric)

Mandriva Update for libmbfl MDVSA-2010:225-1 (libmbfl)

Take action and discover your vulnerabilities