Lucene search

K
osvGoogleOSV:DLA-0018-1
HistoryJul 23, 2014 - 12:00 a.m.

php5 - security update

2014-07-2300:00:00
Google
osv.dev
32

EPSS

0.798

Percentile

98.4%

  • [CVE-2014-3515]:
    fix unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
  • [CVE-2014-0207]:
    fileinfo: cdf_read_short_sector insufficient boundary check
  • [CVE-2014-3480]:
    fileinfo: cdf_count_chain insufficient boundary check
  • [CVE-2014-4721]:
    The phpinfo implementation in ext/standard/info.c in
    PHP before 5.4.30 and 5.5.x before 5.5.14 does not
    ensure use of the string data type for the PHP_AUTH_PW,
    PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables,
    which might allow context-dependent attackers to obtain
    sensitive information from process memory by using the
    integer data type with crafted values, related to a
    type confusion vulnerability, as demonstrated by
    reading a private SSL key in an Apache HTTP Server
    web-hosting environment with mod_ssl and a
    PHP 5.3.x mod_php.

For Debian 6 Squeeze, these issues have been fixed in php5 version 5.3.3-7+squeeze20