Описание
ELSA-2007-0890: Moderate: php security update (MODERATE)
[5.1.6-15.el5]
- improve fix for CVE-2007-3997 (#278411)
[5.1.6-14.el5]
- fix backport for CVE-2007-3996 (#278411)
[5.1.6-13.el5]
- add security fixes for CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670 (#278411)
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
php
5.1.6-15.el5
php-bcmath
5.1.6-15.el5
php-cli
5.1.6-15.el5
php-common
5.1.6-15.el5
php-dba
5.1.6-15.el5
php-devel
5.1.6-15.el5
php-gd
5.1.6-15.el5
php-imap
5.1.6-15.el5
php-ldap
5.1.6-15.el5
php-mbstring
5.1.6-15.el5
php-mysql
5.1.6-15.el5
php-ncurses
5.1.6-15.el5
php-odbc
5.1.6-15.el5
php-pdo
5.1.6-15.el5
php-pgsql
5.1.6-15.el5
php-snmp
5.1.6-15.el5
php-soap
5.1.6-15.el5
php-xml
5.1.6-15.el5
php-xmlrpc
5.1.6-15.el5
Oracle Linux i386
php
5.1.6-15.el5
php-bcmath
5.1.6-15.el5
php-cli
5.1.6-15.el5
php-common
5.1.6-15.el5
php-dba
5.1.6-15.el5
php-devel
5.1.6-15.el5
php-gd
5.1.6-15.el5
php-imap
5.1.6-15.el5
php-ldap
5.1.6-15.el5
php-mbstring
5.1.6-15.el5
php-mysql
5.1.6-15.el5
php-ncurses
5.1.6-15.el5
php-odbc
5.1.6-15.el5
php-pdo
5.1.6-15.el5
php-pgsql
5.1.6-15.el5
php-snmp
5.1.6-15.el5
php-soap
5.1.6-15.el5
php-xml
5.1.6-15.el5
php-xmlrpc
5.1.6-15.el5
Ссылки на источники
Связанные уязвимости
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5 ...
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.