5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.044 Low
EPSS
Percentile
92.3%
Debian Security Advisory DSA-3074-1 [email protected]
http://www.debian.org/security/ Yves-Alexis Perez
November 18, 2014 http://www.debian.org/security/faq
Package : php5
CVE ID : CVE-2014-3710
Debian Bug : 68283
Francisco Alonso of Red Hat Product Security found an issue in the file
utility, whose code is embedded in PHP, a general-purpose scripting
language. When checking ELF files, note headers are incorrectly
checked, thus potentially allowing attackers to cause a denial of
service (out-of-bounds read and application crash) by supplying a
specially crafted ELF file.
As announced in DSA-3064-1 it has been decided to follow the stable
5.4.x releases for the Wheezy php5 packages. Consequently the
vulnerability is addressed by upgrading PHP to a new upstream version
5.4.35, which includes additional bug fixes, new features and possibly
incompatible changes. Please refer to the upstream changelog for more
information:
http://php.net/ChangeLog-5.php#5.4.35
For the stable distribution (wheezy), this problem has been fixed in
version 5.4.35-0+deb7u1.
We recommend that you upgrade your php5 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | s390x | file | < 5.11-2+deb7u6 | file_5.11-2+deb7u6_s390x.deb |
Debian | 7 | all | php-pear | < 5.4.35-0+deb7u1 | php-pear_5.4.35-0+deb7u1_all.deb |
Debian | 7 | ia64 | libapache2-mod-php5 | < 5.4.35-0+deb7u1 | libapache2-mod-php5_5.4.35-0+deb7u1_ia64.deb |
Debian | 7 | amd64 | php5-gmp | < 5.4.35-0+deb7u1 | php5-gmp_5.4.35-0+deb7u1_amd64.deb |
Debian | 6 | all | php-pear | < 5.3.3-7+squeeze23 | php-pear_5.3.3-7+squeeze23_all.deb |
Debian | 7 | mips | php5-pspell | < 5.4.35-0+deb7u1 | php5-pspell_5.4.35-0+deb7u1_mips.deb |
Debian | 7 | amd64 | php5-mysqlnd | < 5.4.35-0+deb7u1 | php5-mysqlnd_5.4.35-0+deb7u1_amd64.deb |
Debian | 7 | kfreebsd-i386 | php5-odbc | < 5.4.35-0+deb7u1 | php5-odbc_5.4.35-0+deb7u1_kfreebsd-i386.deb |
Debian | 7 | kfreebsd-i386 | python-magic-dbg | < 5.11-2+deb7u6 | python-magic-dbg_5.11-2+deb7u6_kfreebsd-i386.deb |
Debian | 6 | amd64 | python-magic-dbg | < 5.04-5+squeeze8 | python-magic-dbg_5.04-5+squeeze8_amd64.deb |