MDVSA-2009:188
- Package name
- php4-eaccelerator
- Date
- 2009-08-01
- Advisory ID
- MDVSA-2009:188
- Affected versions
- CS4.0 x86_64 , CS4.0 i586
Problem description
A vulnerability has been found and corrected in php4-eaccelerator:
encoder.php in eAccelerator allows remote attackers to execute
arbitrary code by copying a local executable file to a location under
the web root via the -o option, and then making a direct request to
this file, related to upload of image files (CVE-2009-2353).
Additionally to adressing the security issue this update also provides
php4-eaccelerator 0.9.5.
Updated packages
CS4.0 x86_64
e9e3ee27351d4a545e3d37272ef89d8f corporate/4.0/x86_64/php4-eaccelerator-0.9.5-1.1.20060mlcs4.x86_64.rpm d999744cdb5f8325a59a84dd3c478397 corporate/4.0/x86_64/php4-eaccelerator-admin-0.9.5-1.1.20060mlcs4.x86_64.rpm 0f4a2d49182485b26370593bc2bd1dab corporate/4.0/x86_64/php4-eaccelerator-eloader-0.9.5-1.1.20060mlcs4.x86_64.rpm 600f50f507a5027362791c7e5920a163 corporate/4.0/SRPMS/php4-eaccelerator-0.9.5-1.1.20060mlcs4.src.rpm
CS4.0 i586
316f952f5c20ac686b85b90663e0fa77 corporate/4.0/i586/php4-eaccelerator-0.9.5-1.1.20060mlcs4.i586.rpm a5a1897fc80cefe48bb007a79faee847 corporate/4.0/i586/php4-eaccelerator-admin-0.9.5-1.1.20060mlcs4.i586.rpm ed1eda86b967cb3ee8d7f6792833aa4d corporate/4.0/i586/php4-eaccelerator-eloader-0.9.5-1.1.20060mlcs4.i586.rpm 600f50f507a5027362791c7e5920a163 corporate/4.0/SRPMS/php4-eaccelerator-0.9.5-1.1.20060mlcs4.src.rpm