Описание
ELSA-2014-1327: php security update (MODERATE)
[5.4.16-23.1]
- gd: fix NULL pointer dereference in gdImageCreateFromXpm(). CVE-2014-2497
- gd: fix NUL byte injection in file names. CVE-2014-5120
- fileinfo: fix extensive backtracking in regular expression (incomplete fix for CVE-2013-7345). CVE-2014-3538
- fileinfo: fix mconvert incorrect handling of truncated pascal string size. CVE-2014-3478
- fileinfo: fix cdf_read_property_info (incomplete fix for CVE-2012-1571). CVE-2014-3587
- spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670
- network: fix segfault in dns_get_record (incomplete fix for CVE-2014-4049). CVE-2014-3597
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
php
5.4.16-23.el7_0.1
php-bcmath
5.4.16-23.el7_0.1
php-cli
5.4.16-23.el7_0.1
php-common
5.4.16-23.el7_0.1
php-dba
5.4.16-23.el7_0.1
php-devel
5.4.16-23.el7_0.1
php-embedded
5.4.16-23.el7_0.1
php-enchant
5.4.16-23.el7_0.1
php-fpm
5.4.16-23.el7_0.1
php-gd
5.4.16-23.el7_0.1
php-intl
5.4.16-23.el7_0.1
php-ldap
5.4.16-23.el7_0.1
php-mbstring
5.4.16-23.el7_0.1
php-mysql
5.4.16-23.el7_0.1
php-mysqlnd
5.4.16-23.el7_0.1
php-odbc
5.4.16-23.el7_0.1
php-pdo
5.4.16-23.el7_0.1
php-pgsql
5.4.16-23.el7_0.1
php-process
5.4.16-23.el7_0.1
php-pspell
5.4.16-23.el7_0.1
php-recode
5.4.16-23.el7_0.1
php-snmp
5.4.16-23.el7_0.1
php-soap
5.4.16-23.el7_0.1
php-xml
5.4.16-23.el7_0.1
php-xmlrpc
5.4.16-23.el7_0.1
Ссылки на источники
Связанные уязвимости
ELSA-2014-1326: php53 and php security update (MODERATE)
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.