php5 - security update

2014-09-3000:00:00

Google

osv.dev

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

CVE-2014-3538
It was discovered that the original fix for CVE-2013-7345 did not
sufficiently address the problem. A remote attacker could still
cause a denial of service (CPU consumption) via a specially-crafted
input file that triggers backtracking during processing of an awk
regular expression rule.
CVE-2014-3587
It was discovered that the CDF parser of the fileinfo module does
not properly process malformed files in the Composite Document File
(CDF) format, leading to crashes.
CVE-2014-3597
It was discovered that the original fix for CVE-2014-4049 did not
completely address the issue. A malicious server or
man-in-the-middle attacker could cause a denial of service (crash)
and possibly execute arbitrary code via a crafted DNS TXT record.
CVE-2014-4670
It was discovered that PHP incorrectly handled certain SPL
Iterators. A local attacker could use this flaw to cause PHP to
crash, resulting in a denial of service.

For Debian 6 Squeeze, these issues have been fixed in php5 version 5.3.3-7+squeeze22

CPENameOperatorVersion
php5eq5.3.3-7+squeeze15
php5eq5.3.3-7+squeeze19
php5eq5.3.3-7
php5eq5.3.3-7+squeeze20
php5eq5.3.3-7+squeeze16
php5eq5.3.3-7+squeeze18
php5eq5.3.3-7+squeeze2
php5eq5.3.3-7+squeeze14
php5eq5.3.3-7+squeeze3
php5eq5.3.3-7+squeeze17

Name	Operator	Version
php5	eq	5.3.3-7+squeeze15
php5	eq	5.3.3-7+squeeze19
php5	eq	5.3.3-7
php5	eq	5.3.3-7+squeeze20
php5	eq	5.3.3-7+squeeze16
php5	eq	5.3.3-7+squeeze18
php5	eq	5.3.3-7+squeeze2
php5	eq	5.3.3-7+squeeze14
php5	eq	5.3.3-7+squeeze3
php5	eq	5.3.3-7+squeeze17