Package name
php4-eaccelerator
Date
2009-08-01
Advisory ID
MDVSA-2009:188
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

A vulnerability has been found and corrected in php4-eaccelerator:

encoder.php in eAccelerator allows remote attackers to execute
arbitrary code by copying a local executable file to a location under
the web root via the -o option, and then making a direct request to
this file, related to upload of image files (CVE-2009-2353).

Additionally to adressing the security issue this update also provides
php4-eaccelerator 0.9.5.

Updated packages

CS4.0 x86_64

 e9e3ee27351d4a545e3d37272ef89d8f  corporate/4.0/x86_64/php4-eaccelerator-0.9.5-1.1.20060mlcs4.x86_64.rpm
 d999744cdb5f8325a59a84dd3c478397  corporate/4.0/x86_64/php4-eaccelerator-admin-0.9.5-1.1.20060mlcs4.x86_64.rpm
 0f4a2d49182485b26370593bc2bd1dab  corporate/4.0/x86_64/php4-eaccelerator-eloader-0.9.5-1.1.20060mlcs4.x86_64.rpm 
 600f50f507a5027362791c7e5920a163  corporate/4.0/SRPMS/php4-eaccelerator-0.9.5-1.1.20060mlcs4.src.rpm

CS4.0 i586

 316f952f5c20ac686b85b90663e0fa77  corporate/4.0/i586/php4-eaccelerator-0.9.5-1.1.20060mlcs4.i586.rpm
 a5a1897fc80cefe48bb007a79faee847  corporate/4.0/i586/php4-eaccelerator-admin-0.9.5-1.1.20060mlcs4.i586.rpm
 ed1eda86b967cb3ee8d7f6792833aa4d  corporate/4.0/i586/php4-eaccelerator-eloader-0.9.5-1.1.20060mlcs4.i586.rpm 
 600f50f507a5027362791c7e5920a163  corporate/4.0/SRPMS/php4-eaccelerator-0.9.5-1.1.20060mlcs4.src.rpm

References