Описание
ELSA-2014-1767: php security update (IMPORTANT)
[5.4.16-23.3]
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
[5.4.16-23.2]
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
php
5.3.3-40.el6_6
php-bcmath
5.3.3-40.el6_6
php-cli
5.3.3-40.el6_6
php-common
5.3.3-40.el6_6
php-dba
5.3.3-40.el6_6
php-devel
5.3.3-40.el6_6
php-embedded
5.3.3-40.el6_6
php-enchant
5.3.3-40.el6_6
php-fpm
5.3.3-40.el6_6
php-gd
5.3.3-40.el6_6
php-imap
5.3.3-40.el6_6
php-intl
5.3.3-40.el6_6
php-ldap
5.3.3-40.el6_6
php-mbstring
5.3.3-40.el6_6
php-mysql
5.3.3-40.el6_6
php-odbc
5.3.3-40.el6_6
php-pdo
5.3.3-40.el6_6
php-pgsql
5.3.3-40.el6_6
php-process
5.3.3-40.el6_6
php-pspell
5.3.3-40.el6_6
php-recode
5.3.3-40.el6_6
php-snmp
5.3.3-40.el6_6
php-soap
5.3.3-40.el6_6
php-tidy
5.3.3-40.el6_6
php-xml
5.3.3-40.el6_6
php-xmlrpc
5.3.3-40.el6_6
php-zts
5.3.3-40.el6_6
Oracle Linux i686
php
5.3.3-40.el6_6
php-bcmath
5.3.3-40.el6_6
php-cli
5.3.3-40.el6_6
php-common
5.3.3-40.el6_6
php-dba
5.3.3-40.el6_6
php-devel
5.3.3-40.el6_6
php-embedded
5.3.3-40.el6_6
php-enchant
5.3.3-40.el6_6
php-fpm
5.3.3-40.el6_6
php-gd
5.3.3-40.el6_6
php-imap
5.3.3-40.el6_6
php-intl
5.3.3-40.el6_6
php-ldap
5.3.3-40.el6_6
php-mbstring
5.3.3-40.el6_6
php-mysql
5.3.3-40.el6_6
php-odbc
5.3.3-40.el6_6
php-pdo
5.3.3-40.el6_6
php-pgsql
5.3.3-40.el6_6
php-process
5.3.3-40.el6_6
php-pspell
5.3.3-40.el6_6
php-recode
5.3.3-40.el6_6
php-snmp
5.3.3-40.el6_6
php-soap
5.3.3-40.el6_6
php-tidy
5.3.3-40.el6_6
php-xml
5.3.3-40.el6_6
php-xmlrpc
5.3.3-40.el6_6
php-zts
5.3.3-40.el6_6
Oracle Linux 7
Oracle Linux x86_64
php
5.4.16-23.el7_0.3
php-bcmath
5.4.16-23.el7_0.3
php-cli
5.4.16-23.el7_0.3
php-common
5.4.16-23.el7_0.3
php-dba
5.4.16-23.el7_0.3
php-devel
5.4.16-23.el7_0.3
php-embedded
5.4.16-23.el7_0.3
php-enchant
5.4.16-23.el7_0.3
php-fpm
5.4.16-23.el7_0.3
php-gd
5.4.16-23.el7_0.3
php-intl
5.4.16-23.el7_0.3
php-ldap
5.4.16-23.el7_0.3
php-mbstring
5.4.16-23.el7_0.3
php-mysql
5.4.16-23.el7_0.3
php-mysqlnd
5.4.16-23.el7_0.3
php-odbc
5.4.16-23.el7_0.3
php-pdo
5.4.16-23.el7_0.3
php-pgsql
5.4.16-23.el7_0.3
php-process
5.4.16-23.el7_0.3
php-pspell
5.4.16-23.el7_0.3
php-recode
5.4.16-23.el7_0.3
php-snmp
5.4.16-23.el7_0.3
php-soap
5.4.16-23.el7_0.3
php-xml
5.4.16-23.el7_0.3
php-xmlrpc
5.4.16-23.el7_0.3
Связанные CVE
Связанные уязвимости
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
Buffer overflow in the date_from_ISO8601 function in the mkgmtime impl ...