Описание
ELSA-2014-1824: php security update (IMPORTANT)
[5.1.6-45]
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
- xmlrpc: fix buffer overflow in date parser #1155607
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
php
5.1.6-45.el5_11
php-bcmath
5.1.6-45.el5_11
php-cli
5.1.6-45.el5_11
php-common
5.1.6-45.el5_11
php-dba
5.1.6-45.el5_11
php-devel
5.1.6-45.el5_11
php-gd
5.1.6-45.el5_11
php-imap
5.1.6-45.el5_11
php-ldap
5.1.6-45.el5_11
php-mbstring
5.1.6-45.el5_11
php-mysql
5.1.6-45.el5_11
php-ncurses
5.1.6-45.el5_11
php-odbc
5.1.6-45.el5_11
php-pdo
5.1.6-45.el5_11
php-pgsql
5.1.6-45.el5_11
php-snmp
5.1.6-45.el5_11
php-soap
5.1.6-45.el5_11
php-xml
5.1.6-45.el5_11
php-xmlrpc
5.1.6-45.el5_11
Oracle Linux x86_64
php
5.1.6-45.el5_11
php-bcmath
5.1.6-45.el5_11
php-cli
5.1.6-45.el5_11
php-common
5.1.6-45.el5_11
php-dba
5.1.6-45.el5_11
php-devel
5.1.6-45.el5_11
php-gd
5.1.6-45.el5_11
php-imap
5.1.6-45.el5_11
php-ldap
5.1.6-45.el5_11
php-mbstring
5.1.6-45.el5_11
php-mysql
5.1.6-45.el5_11
php-ncurses
5.1.6-45.el5_11
php-odbc
5.1.6-45.el5_11
php-pdo
5.1.6-45.el5_11
php-pgsql
5.1.6-45.el5_11
php-snmp
5.1.6-45.el5_11
php-soap
5.1.6-45.el5_11
php-xml
5.1.6-45.el5_11
php-xmlrpc
5.1.6-45.el5_11
Oracle Linux i386
php
5.1.6-45.el5_11
php-bcmath
5.1.6-45.el5_11
php-cli
5.1.6-45.el5_11
php-common
5.1.6-45.el5_11
php-dba
5.1.6-45.el5_11
php-devel
5.1.6-45.el5_11
php-gd
5.1.6-45.el5_11
php-imap
5.1.6-45.el5_11
php-ldap
5.1.6-45.el5_11
php-mbstring
5.1.6-45.el5_11
php-mysql
5.1.6-45.el5_11
php-ncurses
5.1.6-45.el5_11
php-odbc
5.1.6-45.el5_11
php-pdo
5.1.6-45.el5_11
php-pgsql
5.1.6-45.el5_11
php-snmp
5.1.6-45.el5_11
php-soap
5.1.6-45.el5_11
php-xml
5.1.6-45.el5_11
php-xmlrpc
5.1.6-45.el5_11
Связанные CVE
Связанные уязвимости
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.