Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2007-0890

Опубликовано: 20 сент. 2007
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2007-0890: Moderate: php security update (MODERATE)

[5.1.6-15.el5]

  • improve fix for CVE-2007-3997 (#278411)

[5.1.6-14.el5]

  • fix backport for CVE-2007-3996 (#278411)

[5.1.6-13.el5]

  • add security fixes for CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670 (#278411)

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

php

5.1.6-15.el5

php-bcmath

5.1.6-15.el5

php-cli

5.1.6-15.el5

php-common

5.1.6-15.el5

php-dba

5.1.6-15.el5

php-devel

5.1.6-15.el5

php-gd

5.1.6-15.el5

php-imap

5.1.6-15.el5

php-ldap

5.1.6-15.el5

php-mbstring

5.1.6-15.el5

php-mysql

5.1.6-15.el5

php-ncurses

5.1.6-15.el5

php-odbc

5.1.6-15.el5

php-pdo

5.1.6-15.el5

php-pgsql

5.1.6-15.el5

php-snmp

5.1.6-15.el5

php-soap

5.1.6-15.el5

php-xml

5.1.6-15.el5

php-xmlrpc

5.1.6-15.el5

Oracle Linux i386

php

5.1.6-15.el5

php-bcmath

5.1.6-15.el5

php-cli

5.1.6-15.el5

php-common

5.1.6-15.el5

php-dba

5.1.6-15.el5

php-devel

5.1.6-15.el5

php-gd

5.1.6-15.el5

php-imap

5.1.6-15.el5

php-ldap

5.1.6-15.el5

php-mbstring

5.1.6-15.el5

php-mysql

5.1.6-15.el5

php-ncurses

5.1.6-15.el5

php-odbc

5.1.6-15.el5

php-pdo

5.1.6-15.el5

php-pgsql

5.1.6-15.el5

php-snmp

5.1.6-15.el5

php-soap

5.1.6-15.el5

php-xml

5.1.6-15.el5

php-xmlrpc

5.1.6-15.el5

Связанные уязвимости

ubuntu
около 18 лет назад

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.

redhat
около 18 лет назад

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.

nvd
около 18 лет назад

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.

debian
около 18 лет назад

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5 ...

github
больше 3 лет назад

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.