Oval Definition:oval:org.mitre.oval:def:21723
Revision Date:2014-05-26Version:28
Title:ELSA-2007:0153: php security update (Moderate)
Description:CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2007-0455
CVE-2007-1001
CVE-2007-1583
CVE-2007-1718
ELSA-2007:0153-01
Platform(s):Oracle Linux 5
Product(s):php
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • php-odbc is earlier than 0:5.1.6-11.el5
  • OR php-soap is earlier than 0:5.1.6-11.el5
  • OR php-gd is earlier than 0:5.1.6-11.el5
  • OR php-common is earlier than 0:5.1.6-11.el5
  • OR php-mysql is earlier than 0:5.1.6-11.el5
  • OR php is earlier than 0:5.1.6-11.el5
  • OR php-xmlrpc is earlier than 0:5.1.6-11.el5
  • OR php-cli is earlier than 0:5.1.6-11.el5
  • OR php-mbstring is earlier than 0:5.1.6-11.el5
  • OR php-pgsql is earlier than 0:5.1.6-11.el5
  • OR php-xml is earlier than 0:5.1.6-11.el5
  • OR php-dba is earlier than 0:5.1.6-11.el5
  • OR php-devel is earlier than 0:5.1.6-11.el5
  • OR php-ncurses is earlier than 0:5.1.6-11.el5
  • OR php-imap is earlier than 0:5.1.6-11.el5
  • OR php-bcmath is earlier than 0:5.1.6-11.el5
  • OR php-snmp is earlier than 0:5.1.6-11.el5
  • OR php-pdo is earlier than 0:5.1.6-11.el5
  • OR php-ldap is earlier than 0:5.1.6-11.el5
    • BACK