Updated php packages fix security vulnerabilities: Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2013-6420). It was discovered that PHP incorrectly handled DateInterval objects. An attacker could use this issue to cause PHP to crash, resulting in a denial of service (CVE-2013-6712).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchphp< 5.4.23-1php-5.4.23-1.mga3
Mageia3noarchphp-gd-bundled< 5.4.23-1php-gd-bundled-5.4.23-1.mga3
Mageia3noarchphp-apc< 3.1.14-7.5php-apc-3.1.14-7.5.mga3

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	php	< 5.4.23-1	php-5.4.23-1.mga3
Mageia	3	noarch	php-gd-bundled	< 5.4.23-1	php-gd-bundled-5.4.23-1.mga3
Mageia	3	noarch	php-apc	< 3.1.14-7.5	php-apc-3.1.14-7.5.mga3

References

www.php.net/ChangeLog-5.php#5.4.23

www.ubuntu.com/usn/usn-2055-1/

bugs.mageia.org/show_bug.cgi?id=11947

openvas 62

osv 1

nessus 46

debian 1

ubuntu 1

securityvulns 9

checkpoint_advisories 2

prion 2

cve 2

veracode 5

ubuntucve 2

redhat 8

seebug 2

fedora 24

zdt 2

amazon 4

packetstorm 1

f5 4

oraclelinux 3

exploitpack 1

freebsd 2

slackware 1

hackerone 1

centos 3

exploitdb 1

kaspersky 1

mageia 1

suse 2

ibm 4

gentoo 1

openvas

Ubuntu Update for php5 USN-2055-1

2013-12-17 00:00:00

Ubuntu Update for php5 USN-2055-1

2013-12-17 00:00:00

Debian Security Advisory DSA 2816-1 (php5 - several vulnerabilities)

2013-12-12 00:00:00

osv

php5 - several

2013-12-12 00:00:00

nessus

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : php5 vulnerabilities (USN-2055-1)

2013-12-13 00:00:00

Debian DSA-2816-1 : php5 - several vulnerabilities

2013-12-14 00:00:00

SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684)

2014-01-15 00:00:00

debian

[SECURITY] [DSA 2816-1] php5 security update

2013-12-12 21:18:13

ubuntu

PHP vulnerabilities

2013-12-12 00:00:00

securityvulns

[ MDVSA-2014:014 ] php

2014-01-29 00:00:00

PHP DoS

2014-01-29 00:00:00

PHP memory corruption

2013-12-30 00:00:00

checkpoint_advisories

PHP DateInterval Heap Buffer Overread Denial of Service (CVE-2013-6712)

2014-01-22 00:00:00

PHP OpenSSL Extension X.509 Certificate Memory Corruption (CVE-2013-6420)

2013-12-26 00:00:00

prion

Heap overflow

2013-11-28 04:37:00

Memory corruption

2013-12-17 04:46:00

cve

CVE-2013-6712

2013-11-28 04:37:00

CVE-2013-6420

2013-12-17 04:46:00

veracode

Denial Of Service (DoS)

2019-01-15 09:02:52

Remote Code Execution (RCE)

2019-01-15 08:53:15

Denial Of Service (DoS)

2019-05-02 05:04:17

ubuntucve

CVE-2013-6712

2013-11-27 00:00:00

CVE-2013-6420

2013-12-11 00:00:00

redhat

(RHSA-2013:1825) Critical: php53 security update

2013-12-11 00:00:00

(RHSA-2013:1813) Critical: php53 and php security update

2013-12-11 00:00:00

(RHSA-2013:1824) Critical: php security update

2013-12-11 00:00:00

seebug

PHP OpenSSL Extension 'openssl_x509_parse()'内存破坏漏洞

2013-12-18 00:00:00

PHP openssl_x509_parse() - Memory Corruption Vulnerability

2014-07-01 00:00:00

fedora

[SECURITY] Fedora 20 Update: php-5.5.7-1.fc20

2013-12-20 02:06:02

[SECURITY] Fedora 20 Update: php-5.5.12-1.fc20

2014-05-06 03:27:27

[SECURITY] Fedora 20 Update: php-5.5.11-1.fc20

2014-04-15 15:57:56

zdt

PHP openssl_x509_parse() Memory Corruption Vulnerability

2013-12-16 00:00:00

PHP openssl_x509_parse() Memory Corruption Vulnerability

2013-12-17 00:00:00

amazon

Critical: php54

2013-12-17 21:29:00

Critical: php

2013-12-17 21:29:00

Critical: php55

2013-12-17 21:29:00

packetstorm

PHP openssl_x509_parse() Memory Corruption

2013-12-15 00:00:00

K15110 : PHP Vulnerability CVE-2013-6420

2014-05-23 00:00:00

SOL15110 - PHP Vulnerability CVE-2013-6420

2014-03-27 00:00:00

SOL15903 - Multiple PHP vulnerabilities

2014-12-11 00:00:00

oraclelinux

php53 and php security update

2013-12-10 00:00:00

php security update

2013-12-10 00:00:00

php53 and php security update

2014-08-06 00:00:00

exploitpack

PHP - openssl_x509_parse() Memory Corruption

2013-12-17 00:00:00

freebsd

PHP5 -- memory corruption in openssl_x509_parse()

2013-12-13 00:00:00

PHP multiple vulnerabilities

2014-08-14 00:00:00

slackware

php

2014-01-13 22:30:32

hackerone

Internet Bug Bounty: PHP openssl_x509_parse() Memory Corruption Vulnerability

2013-11-30 23:00:00

centos

php, php53 security update

2013-12-11 09:25:38

php security update

2013-12-11 09:34:01

php, php53 security update

2014-08-06 14:53:37

exploitdb

PHP - 'openssl_x509_parse()' Memory Corruption

2013-12-17 00:00:00

kaspersky

KLA10458 Multiple vulnerabilities in HP SMH

2014-01-10 00:00:00

mageia

Updated php packages fix security vulnerabilities

2014-04-04 16:08:18

suse

Security update for PHP5 (important)

2014-07-07 19:04:42

Security update for PHP5 (important)

2014-07-05 02:05:05

ibm

Security Bulletin: Vulnerabilities in PHP affect IBM Chassis Management Module (CMM) (CVE-2013-4248, CVE-2013-6420, CVE-2014-2497, CVE-2014-4049)

2019-01-31 01:55:01

Security Bulletin: Vulnerabilities in php5 affect IBM Flex System Manager (FSM): (CVE-2013-4248 CVE-2013-6420 CVE-2014-2497 CVE-2014-4049)

2019-01-31 01:30:01

Security Bulletin: Network Intrusion Prevention System is affected by curl and php5 vulnerabilities (CVE-2013-2174, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2013-4248, CVE-2013-6420, CVE-2014-2497, CVE-2014-4049)

2022-02-23 17:14:38

gentoo

PHP: Multiple vulnerabilities

2014-08-29 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.95 High

EPSS

Percentile

99.3%

JSON

Related for MGASA-2013-0379