aru Posted February 1, 2006 Report Share Posted February 1, 2006 Mandriva Advisories MDKSA-2006:028 : php Updated php packages fix XSS and response splitting vulnerabilities February 1st, 2006 Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. (CVE-2006-0207) Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in "certain error conditions." (CVE-2006-0208). This issue does not affect Corporate Server 2.1. Updated packages are patched to address these issues.Users must execute "service httpd restart" for the new PHP modules to be loaded by Apache. The released versions of Mandriva GNU/Linux affected are: 10.1 CS2.1 CS3.0 MNF2.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:028 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts