php53 security update

2013-07-12T21:36:11
ID CESA-2013:1050
Type centos
Reporter CentOS Project
Modified 2013-07-12T21:36:11

Description

CentOS Errata and Security Advisory CESA-2013:1050

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113)

All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2013-July/019851.html

Affected packages: php53 php53-bcmath php53-cli php53-common php53-dba php53-devel php53-gd php53-imap php53-intl php53-ldap php53-mbstring php53-mysql php53-odbc php53-pdo php53-pgsql php53-process php53-pspell php53-snmp php53-soap php53-xml php53-xmlrpc

Upstream details at: https://rhn.redhat.com/errata/RHSA-2013-1050.html