Slackware Advisory SSA:2005-192-01 PHP Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2005-192-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2005-192-01

Insight

New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with the PEAR XML_RPC class that allows a remote attacker to run arbitrary PHP code. Sites that make use of this PHP library should upgrade to the new PHP package right away, or may instead upgrade the XML_RPC PEAR class with the following command: pear upgrade XML_RPC More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

Severity

Classification

CVE CVE-2005-1921

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2003-345-01 cvs security update
Slackware Advisory SSA:2003-266-01 New OpenSSH packages
Slackware Advisory SSA:2004-049-01 Kernel security update
Slackware Advisory SSA:2006-045-05 kdelibs
Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php

Take action and discover your vulnerabilities