php53 and php security update

2014-08-06T00:00:00
ID ELSA-2014-1012
Type oraclelinux
Reporter Oracle
Modified 2014-08-06T00:00:00

Description

[5.3.3-27.1] - core: type confusion issue in phpinfo(). CVE-2014-4721 - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 - core: fix heap-based buffer overflow in DNS TXT record parsing. CVE-2014-4049 - core: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw. CVE-2014-3515 - fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270 - fileinfo: unrestricted recursion in handling of indirect type rules. CVE-2014-1943 - fileinfo: out of bounds read in CDF parser. CVE-2012-1571 - fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479 - fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480 - fileinfo: cdf_unpack_summary_info() excessive looping DoS. CVE-2014-0237 - fileinfo: CDF property info parsing nelements infinite loop. CVE-2014-0238