Advisories:rPSA-2008-0176

From rPath Wiki

rPath Security Advisory 2008-0176-1

Published: 2008-05-23

Products

• rPath Appliance Platform Linux Service 1
• rPath Linux 1
• rPath Linux 2

Rating

Critical

Exposure Level Classification

Remote System User Deterministic Unauthorized Access

Updated Versions

• php=conary.rpath.com@rpl:2/5.2.6-0.1-1
• php5=conary.rpath.com@rpl:1/5.2.6-1-1
• php5-cgi=conary.rpath.com@rpl:1/5.2.6-1-1
• php5-imap=conary.rpath.com@rpl:1/5.2.6-1-1
• php5-mcrypt=conary.rpath.com@rpl:1/5.2.6-1-1
• php5-mysql=conary.rpath.com@rpl:1/5.2.6-1-1
• php5-mysqli=conary.rpath.com@rpl:1/5.2.6-1-1
• php5-pear=conary.rpath.com@rpl:1/5.2.6-1-1
• php5-pgsql=conary.rpath.com@rpl:1/5.2.6-1-1
• php5-soap=conary.rpath.com@rpl:1/5.2.6-1-1
• php5-xsl=conary.rpath.com@rpl:1/5.2.6-1-1
• php-cgi=conary.rpath.com@rpl:2/5.2.6-0.1-1
• php-imap=conary.rpath.com@rpl:2/5.2.6-0.1-1
• php-mcrypt=conary.rpath.com@rpl:2/5.2.6-0.1-1
• php-mysql=conary.rpath.com@rpl:2/5.2.6-0.1-1
• php-mysqli=conary.rpath.com@rpl:2/5.2.6-0.1-1
• php-pgsql=conary.rpath.com@rpl:2/5.2.6-0.1-1
• php-soap=conary.rpath.com@rpl:2/5.2.6-0.1-1
• php-xsl=conary.rpath.com@rpl:2/5.2.6-0.1-1

rPath Issue Tracking System

• RPL-2503

References

• CVE-2008-0599
• CVE-2008-0674
• CVE-2008-2050
• CVE-2008-2051
• CVE-2008-1384

Description

Previous versions of the php version 5 packages contain multiple

vulnerabilities, the most serious of which may allow a remote

attacker to execute arbitrary code.

In its default configuration, rPath Linux 1 does not install php

version 5 and is thus not vulnerable to these attacks; however,

systems to which php version 5 has been added may be vulnerable.

Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html