Lucene search

K
centosCentOS ProjectCESA-2014:1013
HistoryAug 06, 2014 - 2:38 p.m.

php security update

2014-08-0614:38:20
CentOS Project
lists.centos.org
514

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.948 High

EPSS

Percentile

99.2%

CentOS Errata and Security Advisory CESA-2014:1013

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. PHP’s fileinfo module provides functions used to identify a
particular file according to the type of data contained by the file.

A denial of service flaw was found in the File Information (fileinfo)
extension rules for detecting AWK files. A remote attacker could use this
flaw to cause a PHP application using fileinfo to consume an excessive
amount of CPU. (CVE-2013-7345)

Multiple denial of service flaws were found in the way the File Information
(fileinfo) extension parsed certain Composite Document Format (CDF) files.
A remote attacker could use either of these flaws to crash a PHP
application using fileinfo via a specially crafted CDF file.
(CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487)

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT
records. A malicious DNS server or a man-in-the-middle attacker could
possibly use this flaw to execute arbitrary code as the PHP interpreter if
a PHP application used the dns_get_record() function to perform a DNS
query. (CVE-2014-4049)

A type confusion issue was found in PHP’s phpinfo() function. A malicious
script author could possibly use this flaw to disclose certain portions of
server memory. (CVE-2014-4721)

A type confusion issue was found in the SPL ArrayObject and
SPLObjectStorage classes’ unserialize() method. A remote attacker able to
submit specially crafted input to a PHP application, which would then
unserialize this input using one of the aforementioned methods, could use
this flaw to execute arbitrary code with the privileges of the user running
that PHP application. (CVE-2014-3515)

The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,
CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso
of Red Hat Product Security.

All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-August/082630.html

Affected packages:
php
php-bcmath
php-cli
php-common
php-dba
php-devel
php-embedded
php-enchant
php-fpm
php-gd
php-intl
php-ldap
php-mbstring
php-mysql
php-mysqlnd
php-odbc
php-pdo
php-pgsql
php-process
php-pspell
php-recode
php-snmp
php-soap
php-xml
php-xmlrpc

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1013

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.948 High

EPSS

Percentile

99.2%