Fedora 16 : maniadrive-1.2-32.fc16.3 / php-5.3.11-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.3 (2012-6907)

NASLDB: Fedora 16 : maniadrive-1.2-32.fc16.3 / php-5.3.11-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.3 (2012-6907)

General

ID: 59007
Name: Fedora 16 : maniadrive-1.2-32.fc16.3 / php-5.3.11-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.3 (2012-6907)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

Upstream Security Enhancements :

– Fixed bug #54374 (Insufficient validating of upload name
leading to corrupted $_FILES indices). (CVE-2012-1172).

– Add open_basedir checks to readline_write_history and
readline_read_history.

– Fixed bug #61043 (Regression in magic_quotes_gpc fix
for CVE-2012-0831).

Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1

RPM changes :

– php-fpm: add comment about security.limit_extensions in
provided conf

– php-fpm: add /etc/sysconfig/php-fpm environment file

– php-common provides zip extension, as in previous
fedora version

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2012-0831
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/04/28
Plugin Release: 2012/05/07

Plugin

Version: 1.2
Filename: fedora_2012-6907.nasl
Filesize: 4421 bytes
MD5 Hash: c12e81a25ed6beb2a3ecf5efacb2405c

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"