Scientific Linux Security Update : php on SL5.x, SL6.x i386/x86_64 (20120507)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially crafted request to a PHP script that would result in the que...

Scientific Linux Security Update : php on SL6.x i386/x86_64

A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker's input in a numeric context, the PHP interpreter could cause high CPU usage until the script execution time limit is reached. This issue only...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64

A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker's input in a numeric context, the PHP interpreter could cause high CPU usage until the script execution time limit is reached. This issue only...

Scientific Linux Security Update : mod_auth_mysql on SL5.x i386/x86_64

A flaw was found in the way modauthmysql escaped certain multibyte-encoded strings. If modauthmysql was configured to use a multibyte character set that allowed a backslash '' as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request...

Scientific Linux Security Update : apr on SL4.x, SL5.x, SL6.x i386/x86_64

It was discovered that the aprfnmatch function used an unconstrained recursion when processing patterns with the '' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching such as an httpd server using th...

Scientific Linux Security Update : subversion on SL5.x i386/x86_64

A NULL pointer dereference flaw was found in the way the moddavsvn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd process serving the request to crash. CVE-2011-0715 This update also fixes the...

Scientific Linux Security Update : httpd on SL4.x i386/x86_64

CVE-2010-0434 httpd: request header information leak A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM Multi-Processing Module could possibly leak information from other...

Scientific Linux Security Update : subversion on SL5.x, SL6.x i386/x86_64

Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The moddavsvn module is used with the Apache HTTP Server to allow access to Subversion...

Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2009-1891 httpd: possible temporary DoS CPU consumption in moddeflate CVE-2009-3094 httpd: NULL pointer defer in modproxyftp caused by crafted EPSV and PASV reply CVE-2009-3095 httpd: modproxyftp FTP command injection via Authorization HTTP header CVE-2009-3555 TLS: MITM attacks via session...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64

A denial of service flaw was found in the Apache modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. CVE-2009-1890 A denial of service flaw was found in the Apache moddeflate module. This module...

Scientific Linux Security Update : subversion on SL4.x, SL5.x i386/x86_64

CVE-2009-2411 subversion: multiple heap overflow issues Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion server and client when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicio...

Scientific Linux Security Update : php on SL4.x, SL5.x, SL6.x i386/x86_64 (20120202)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 released via previous php packages introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP...

CentOS Update for httpd CESA-2011:1245 centos4 x86_64

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1245 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for httpd CESA-2012:0128 centos6

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2012:0128 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for httpd CESA-2011:1392 centos5 x86_64

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for httpd CESA-2011:1245 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for httpd CESA-2012:0128 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for httpd CESA-2011:1392 centos4 x86_64

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for php53 CESA-2012:0092 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for php CESA-2012:0019 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...