Scientific Linux Security Update : subversion on SL6.x i386/x86_64

An access restriction bypass flaw was found in the moddavsvn module. If the SVNPathAuthz directive was set to 'shortcircuit', certain access rules were not enforced, possibly allowing sensitive repository data to be leaked to remote users. Note that SVNPathAuthz is set to 'On' by default...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64

A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker's input in a numeric context, the PHP interpreter could cause high CPU usage until the script execution time limit is reached. This issue only...

Scientific Linux Security Update : php on SL4.x, SL5.x i386/x86_64

An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. CVE-2010-3065 An information leak flaw was discovered in t...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64

A flaw was discovered in the way the modproxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certa...

Scientific Linux Security Update : apr-util on SL4.x, SL5.x i386/x86_64

An off-by-one overflow flaw was found in the way apr-util processed a variable list of arguments. An attacker could provide a specially crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64

A flaw was found in the handling of compression structures between modssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. CVE-2008-1678 A flaw...

Scientific Linux Security Update : httpd on SL3.x i386/x86_64

A flaw was found in the Apache HTTP Server modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best...

Scientific Linux Security Update : subversion on SL5.x, SL6.x i386/x86_64

Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The moddavsvn module is used with the Apache HTTP Server to allow access to Subversion...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120627)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2009-1891 httpd: possible temporary DoS CPU consumption in moddeflate CVE-2009-3094 httpd: NULL pointer defer in modproxyftp caused by crafted EPSV and PASV reply CVE-2009-3095 httpd: modproxyftp FTP command injection via Authorization HTTP header CVE-2009-3555 TLS: MITM attacks via session...

Scientific Linux Security Update : php on SL4.x, SL5.x, SL6.x i386/x86_64 (20120202)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 released via previous php packages introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP...

Scientific Linux Security Update : php on SL4.x i386/x86_64 (20120130)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120202)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 released via in a previous update for php53 introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause th...

Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20120111)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash...

Scientific Linux Security Update : php on SL3.x, SL4.x, SL5.x i386/x86_64

A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2008-5557 A flaw was found in the handling...

CentOS Update for httpd CESA-2012:0128 centos6

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2012:0128 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for httpd CESA-2011:1245 centos4 x86_64

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1245 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for mod_dav_svn CESA-2011:0327 centos5 x86_64

Check for the Version of moddavsvn OpenVAS Vulnerability Test CentOS Update for moddavsvn CESA-2011:0327 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

CentOS Update for httpd CESA-2011:1392 centos4 x86_64

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for httpd CESA-2011:1392 centos5 x86_64

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...