php53 security update

5.3.3-26 - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 5.3.3-25 - xmlrpc: fix out-of-bounds read flaw in mkgmtime CVE-2014-3668 - core: fix integer overflow in unserialize CVE-2014-3669 - exif: fix heap corruption issue in exifthumbnail CVE-2014-3670...

php security update

5.4.16-23.3 - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 5.4.16-23.2 - xmlrpc: fix out-of-bounds read flaw in mkgmtime CVE-2014-3668 - core: fix integer overflow in unserialize CVE-2014-3669 - exif: fix heap corruption issue in exifthumbnail CVE-2014-3670...

PHP Fileinfo cdf_read_property_info Denial of Service (CVE-2014-3587)

A denial of service vulnerability exists in PHP. It is due to an integer overflow error in the FileInfo module while processing CDF files. A remote attacker can exploit the vulnerability by sending crafted CDF files to a web application running a vulnerable version of PHP...

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...

UBUNTU-CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...

file: out-of-bounds access in search rules with offsets from input file

A denial of service flaw was found in the way the File Information fileinfo extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU...

file: out of bounds read in CDF parser

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...

file: unrestricted recursion in handling of indirect type rules

A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU...

Amazon Linux AMI : php54 (ALAS-2014-361)

The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the Fileinfo component i...

Amazon Linux AMI : file (ALAS-2014-382)

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. Buffer overflow in the mconvert function in...

Amazon Linux AMI : php (ALAS-2014-393)

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. acinclude.m4, as used in the configure script...

Amazon Linux AMI : php55 (ALAS-2014-362)

The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the Fileinfo component i...

Amazon Linux AMI : php55 (ALAS-2014-415)

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. gdctx.c in the GD component in PHP 5.4.x befo...

CentOS 7 : php (CESA-2014:1327)

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

RHEL 7 : php (RHSA-2014:1327)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1327 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to...

Oracle Linux 5 / 6 : php53 / and / php (ELSA-2014-1326)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1326 advisory. - spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698 - spl: fix use-after-free in SPL Iterators...

CentOS 5 / 6 : php / php53 (CESA-2014:1326)

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

Oracle Linux 7 : php (ELSA-2014-1327)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1327 advisory. - gd: fix NULL pointer dereference in gdImageCreateFromXpm. CVE-2014-2497 - gd: fix NUL byte injection in file names. CVE-2014-5120 - fileinfo: fix...

php security update

CentOS Errata and Security Advisory CESA-2014:1327 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

php, php53 security update

CentOS Errata and Security Advisory CESA-2014:1326 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring...