Описание
ELSA-2013-1615: php security, bug fix, and enhancement update (MODERATE)
[5.3.3-26]
- add security fix for CVE-2013-4248
[5.3.3-25]
- rename patch to math CVE-2010-3709 name
- add security fixes for CVE-2006-7243, CVE-2013-1643
[5.3.3-24]
- fix buffer overflow in _pdo_pgsql_error (#969110)
- fix double free when destroy_zend_class fails (#910466)
- fix segfault in error_handler with allow_call_time_pass_reference = Off (#892158)
- fix copy doesn't report failure on partial copy (#947428)
- add rpm macros for packagers: %php_inidir, %php_incldir and %__php (#953814)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
php
5.3.3-26.el6
php-bcmath
5.3.3-26.el6
php-cli
5.3.3-26.el6
php-common
5.3.3-26.el6
php-dba
5.3.3-26.el6
php-devel
5.3.3-26.el6
php-embedded
5.3.3-26.el6
php-enchant
5.3.3-26.el6
php-fpm
5.3.3-26.el6
php-gd
5.3.3-26.el6
php-imap
5.3.3-26.el6
php-intl
5.3.3-26.el6
php-ldap
5.3.3-26.el6
php-mbstring
5.3.3-26.el6
php-mysql
5.3.3-26.el6
php-odbc
5.3.3-26.el6
php-pdo
5.3.3-26.el6
php-pgsql
5.3.3-26.el6
php-process
5.3.3-26.el6
php-pspell
5.3.3-26.el6
php-recode
5.3.3-26.el6
php-snmp
5.3.3-26.el6
php-soap
5.3.3-26.el6
php-tidy
5.3.3-26.el6
php-xml
5.3.3-26.el6
php-xmlrpc
5.3.3-26.el6
php-zts
5.3.3-26.el6
Oracle Linux i686
php
5.3.3-26.el6
php-bcmath
5.3.3-26.el6
php-cli
5.3.3-26.el6
php-common
5.3.3-26.el6
php-dba
5.3.3-26.el6
php-devel
5.3.3-26.el6
php-embedded
5.3.3-26.el6
php-enchant
5.3.3-26.el6
php-fpm
5.3.3-26.el6
php-gd
5.3.3-26.el6
php-imap
5.3.3-26.el6
php-intl
5.3.3-26.el6
php-ldap
5.3.3-26.el6
php-mbstring
5.3.3-26.el6
php-mysql
5.3.3-26.el6
php-odbc
5.3.3-26.el6
php-pdo
5.3.3-26.el6
php-pgsql
5.3.3-26.el6
php-process
5.3.3-26.el6
php-pspell
5.3.3-26.el6
php-recode
5.3.3-26.el6
php-snmp
5.3.3-26.el6
php-soap
5.3.3-26.el6
php-tidy
5.3.3-26.el6
php-xml
5.3.3-26.el6
php-xmlrpc
5.3.3-26.el6
php-zts
5.3.3-26.el6
Связанные CVE
Связанные уязвимости
ELSA-2013-1307: php53 security, bug fix and enhancement update (MODERATE)
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
The openssl_x509_parse function in openssl.c in the OpenSSL module in ...