Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:1013
HistoryAug 06, 2014 - 12:00 a.m.

(RHSA-2014:1013) Moderate: php security update

2014-08-0600:00:00
access.redhat.com
16

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.959 High

EPSS

Percentile

99.1%

JSON

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. PHP’s fileinfo module provides functions used to identify a
particular file according to the type of data contained by the file.

A denial of service flaw was found in the File Information (fileinfo)
extension rules for detecting AWK files. A remote attacker could use this
flaw to cause a PHP application using fileinfo to consume an excessive
amount of CPU. (CVE-2013-7345)

Multiple denial of service flaws were found in the way the File Information
(fileinfo) extension parsed certain Composite Document Format (CDF) files.
A remote attacker could use either of these flaws to crash a PHP
application using fileinfo via a specially crafted CDF file.
(CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487)

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT
records. A malicious DNS server or a man-in-the-middle attacker could
possibly use this flaw to execute arbitrary code as the PHP interpreter if
a PHP application used the dns_get_record() function to perform a DNS
query. (CVE-2014-4049)

A type confusion issue was found in PHP’s phpinfo() function. A malicious
script author could possibly use this flaw to disclose certain portions of
server memory. (CVE-2014-4721)

A type confusion issue was found in the SPL ArrayObject and
SPLObjectStorage classes’ unserialize() method. A remote attacker able to
submit specially crafted input to a PHP application, which would then
unserialize this input using one of the aforementioned methods, could use
this flaw to execute arbitrary code with the privileges of the user running
that PHP application. (CVE-2014-3515)

The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,
CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso
of Red Hat Product Security.

All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.

OSVersionArchitecturePackageVersionFilename
RedHat7s390xphp-ldap< 5.4.16-23.el7_0php-ldap-5.4.16-23.el7_0.s390x.rpm
RedHat7x86_64php< 5.4.16-23.el7_0php-5.4.16-23.el7_0.x86_64.rpm
RedHat7s390xphp-soap< 5.4.16-23.el7_0php-soap-5.4.16-23.el7_0.s390x.rpm
RedHat7s390xphp-embedded< 5.4.16-23.el7_0php-embedded-5.4.16-23.el7_0.s390x.rpm
RedHat7x86_64php-pspell< 5.4.16-23.el7_0php-pspell-5.4.16-23.el7_0.x86_64.rpm
RedHat7x86_64php-mbstring< 5.4.16-23.el7_0php-mbstring-5.4.16-23.el7_0.x86_64.rpm
RedHat7ppc64php-mysqlnd< 5.4.16-23.el7_0php-mysqlnd-5.4.16-23.el7_0.ppc64.rpm
RedHat7x86_64php-process< 5.4.16-23.el7_0php-process-5.4.16-23.el7_0.x86_64.rpm
RedHat7s390xphp-cli< 5.4.16-23.el7_0php-cli-5.4.16-23.el7_0.s390x.rpm
RedHat7ppc64php-common< 5.4.16-23.el7_0php-common-5.4.16-23.el7_0.ppc64.rpm
Rows per page:
1-10 of 791

Related

openvas 56
oraclelinux 4
nessus 62
centos 4
mageia 6
debian 7
osv 5
amazon 10
ibm 2
f5 7
slackware 3
ubuntu 4
securityvulns 4
redhat 5
freebsd 1
fedora 8
suse 1
veracode 4
prion 2
gentoo 1
cve 2
ubuntucve 1
openvas
openvas
Oracle: Security Advisory (ELSA-2014-1013)
2015-10-06 00:00:00
RedHat Update for php RHSA-2014:1013-01
2014-08-06 00:00:00
CentOS Update for php CESA-2014:1013 centos7
2014-09-10 00:00:00
oraclelinux
oraclelinux
php security update
2014-08-06 00:00:00
php53 and php security update
2014-08-06 00:00:00
file security and bug fix update
2014-10-15 00:00:00
nessus
nessus
Oracle Linux 7 : php (ELSA-2014-1013)
2014-08-07 00:00:00
RHEL 7 : php (RHSA-2014:1013)
2014-08-06 00:00:00
CentOS 7 : php (CESA-2014:1013)
2014-08-07 00:00:00
centos
centos
php security update
2014-08-06 14:38:20
php, php53 security update
2014-08-06 14:53:37
file, python security update
2014-10-20 18:08:44
mageia
mageia
Updated php packages fix multiple vulnerabilities
2014-07-09 02:30:04
Updated php packages fix multiple vulnerabilities
2014-07-09 02:29:20
Updated file packages fix security vulnerabilities
2014-07-04 22:26:27
debian
debian
[DLA 27-1] file security update
2014-07-31 14:47:17
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
osv
osv
php5 - security update
2014-07-08 00:00:00
file - security update
2014-07-31 00:00:00
php5 - security update
2014-07-23 00:00:00
amazon
amazon
Medium: file
2014-07-23 13:57:00
Medium: php54
2014-07-09 16:24:00
Medium: php55
2014-07-09 16:42:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in PHP as used by IBM QRadar Incident Forensics 7.2 MR2. (CVE-2014-3515, CVE-2014-4049, CVE-2014-3981, CVE-2014-0238, CVE-2014-0237, CVE-2014-4721)
2018-06-16 21:19:23
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
f5
f5
SOL15498 - Multiple PHP vulnerabilities
2014-08-12 00:00:00
K15498 : Multiple PHP vulnerabilities
2014-08-12 00:00:00
K16954 : Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238
2015-09-16 00:00:00
slackware
slackware
[slackware-security] php
2014-07-12 03:48:04
[slackware-security] php
2014-06-09 21:04:52
[slackware-security] php
2014-04-21 21:13:00
ubuntu
ubuntu
file vulnerabilities
2014-07-15 00:00:00
PHP vulnerabilities
2014-07-09 00:00:00
PHP vulnerabilities
2014-06-23 00:00:00
securityvulns
securityvulns
[USN-2276-1] PHP vulnerabilities
2014-07-14 00:00:00
file / PHP multiple security vulnerabilities
2014-07-14 00:00:00
[ MDVSA-2014:116 ] file
2014-06-14 00:00:00
redhat
redhat
(RHSA-2014:1012) Moderate: php53 and php security update
2014-08-06 00:00:00
(RHSA-2014:1606) Moderate: file security and bug fix update
2014-10-14 00:00:00
(RHSA-2014:1766) Important: php55-php security update
2014-10-30 00:00:00
freebsd
freebsd
PHP multiple vulnerabilities
2014-08-14 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: file-5.19-1.fc20
2014-07-05 14:54:09
[SECURITY] Fedora 20 Update: php-5.5.14-1.fc20
2014-06-30 10:25:38
[SECURITY] Fedora 19 Update: php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19
2014-06-17 23:36:22
suse
suse
Security update for php53 (important)
2014-07-04 01:04:18
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:16
Denial Of Service (DoS)
2019-05-02 05:04:17
prion
prion
Type confusion
2014-07-06 23:55:00
Design/Logic Flaw
2014-03-24 16:31:00
gentoo
gentoo
file: Denial of service
2014-08-26 00:00:00
cve
cve
CVE-2014-4721
2014-07-06 23:55:00
CVE-2013-7345
2014-03-24 16:31:00
ubuntucve
ubuntucve
CVE-2014-4721
2014-07-06 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.959 High

EPSS

Percentile

99.1%

JSON
Related for RHSA-2014:1013
openvas56oraclelinux4nessus62centos4mageia6debian7osv5amazon10ibm2f57slackware3ubuntu4securityvulns4redhat5freebsd1fedora8suse1veracode4prion2gentoo1cve2ubuntucve1