Oval Definition:oval:org.mitre.oval:def:22022
Revision Date:2014-02-24Version:100
Title:RHSA-2010:0919: php security update (Moderate)
Description:The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2010:0919
CVE-2009-5016
CVE-2010-0397
CVE-2010-1128
CVE-2010-1917
CVE-2010-2531
CVE-2010-3065
CVE-2010-3870
RHSA-2010:0919-01
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Product(s):php
Definition Synopsis
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • php-common is earlier than 0:5.1.6-27.el5_5.3
  • OR php-soap is earlier than 0:5.1.6-27.el5_5.3
  • OR php-odbc is earlier than 0:5.1.6-27.el5_5.3
  • OR php-gd is earlier than 0:5.1.6-27.el5_5.3
  • OR php-mysql is earlier than 0:5.1.6-27.el5_5.3
  • OR php is earlier than 0:5.1.6-27.el5_5.3
  • OR php-xmlrpc is earlier than 0:5.1.6-27.el5_5.3
  • OR php-cli is earlier than 0:5.1.6-27.el5_5.3
  • OR php-mbstring is earlier than 0:5.1.6-27.el5_5.3
  • OR php-pgsql is earlier than 0:5.1.6-27.el5_5.3
  • OR php-xml is earlier than 0:5.1.6-27.el5_5.3
  • OR php-dba is earlier than 0:5.1.6-27.el5_5.3
  • OR php-devel is earlier than 0:5.1.6-27.el5_5.3
  • OR php-bcmath is earlier than 0:5.1.6-27.el5_5.3
  • OR php-ncurses is earlier than 0:5.1.6-27.el5_5.3
  • OR php-imap is earlier than 0:5.1.6-27.el5_5.3
  • OR php-snmp is earlier than 0:5.1.6-27.el5_5.3
  • OR php-ldap is earlier than 0:5.1.6-27.el5_5.3
  • OR php-pdo is earlier than 0:5.1.6-27.el5_5.3
    • BACK