Oval Definition:oval:org.mitre.oval:def:23025
Revision Date:2014-05-26Version:36
Title:ELSA-2010:0040: php security update (Moderate)
Description:The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-2687
CVE-2009-3291
CVE-2009-3292
CVE-2009-3546
CVE-2009-4017
CVE-2009-4142
ELSA-2010:0040-01
Platform(s):Oracle Linux 5
Product(s):php
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • php-gd is earlier than 0:5.1.6-24.el5_4.5
  • OR php-soap is earlier than 0:5.1.6-24.el5_4.5
  • OR php-common is earlier than 0:5.1.6-24.el5_4.5
  • OR php-odbc is earlier than 0:5.1.6-24.el5_4.5
  • OR php-mysql is earlier than 0:5.1.6-24.el5_4.5
  • OR php is earlier than 0:5.1.6-24.el5_4.5
  • OR php-xmlrpc is earlier than 0:5.1.6-24.el5_4.5
  • OR php-cli is earlier than 0:5.1.6-24.el5_4.5
  • OR php-mbstring is earlier than 0:5.1.6-24.el5_4.5
  • OR php-pgsql is earlier than 0:5.1.6-24.el5_4.5
  • OR php-xml is earlier than 0:5.1.6-24.el5_4.5
  • OR php-dba is earlier than 0:5.1.6-24.el5_4.5
  • OR php-devel is earlier than 0:5.1.6-24.el5_4.5
  • OR php-bcmath is earlier than 0:5.1.6-24.el5_4.5
  • OR php-imap is earlier than 0:5.1.6-24.el5_4.5
  • OR php-ncurses is earlier than 0:5.1.6-24.el5_4.5
  • OR php-snmp is earlier than 0:5.1.6-24.el5_4.5
  • OR php-pdo is earlier than 0:5.1.6-24.el5_4.5
  • OR php-ldap is earlier than 0:5.1.6-24.el5_4.5
    • BACK