Mandriva Update For Php MDVSA-2010:009 (php) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in php: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). The updated packages have been patched to correct this issue.

Affected

php on Mandriva Linux 2009.1, Mandriva Linux 2009.1/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64

Severity

Classification

CVE CVE-2009-4142

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:046 (dia)
Mandrake Security Advisory MDVSA-2009:080 (glib2.0)
Mandrake Security Advisory MDVSA-2009:043 (gnumeric)
Mandrake Security Advisory MDVSA-2009:047-1 (vim)
Mandrake Security Advisory MDVSA-2009:129 (file)

Mandriva Update for php MDVSA-2010:009 (php)

Take action and discover your vulnerabilities