Mandriva Update For Php MDVSA-2011:166 (php) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been identified and fixed in php: The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders (CVE-2011-3379). The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version (2011.14) for 2011. The updated packages have been patched to correct this issue.

Affected

php on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Severity

Classification

CVE CVE-2011-3379

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:141 (mozilla-thunderbird)
Mandrake Security Advisory MDVSA-2009:078 (evolution-data-server)
Mandrake Security Advisory MDVSA-2009:013 (mplayer)
Mandrake Security Advisory MDVSA-2009:140 (gaim)
Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)

Mandriva Update for php MDVSA-2011:166 (php)

Take action and discover your vulnerabilities