CentOS 7 : php (CESA-2014:1013)

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CentOS 5 / 6 : php / php53 (CESA-2014:1012)

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

CentOS Update for php CESA-2014:1012 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140806)

Multiple denial of service flaws were found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. CVE-2014-0237,...

Oracle Linux 7 : php (ELSA-2014-1013)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1013 advisory. - fileinfo: cdfunpacksummaryinfo excessive looping DoS. CVE-2014-0237 - fileinfo: CDF property info parsing nelements infinite loop. CVE-2014-0238 -...

php, php53 security update

CentOS Errata and Security Advisory CESA-2014:1012 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerabilit...

php security update

CentOS Errata and Security Advisory CESA-2014:1013 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

file: cdf_count_chain insufficient boundary check

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...

file: cdf_read_property_info insufficient boundary check

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...

Moderate: Red Hat Security Advisory: php security update

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

file: cdf_check_stream_offset insufficient boundary check

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...

file: unrestricted recursion in handling of indirect type rules

A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU...

file: out-of-bounds access in search rules with offsets from input file

A denial of service flaw was found in the way the File Information fileinfo extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU...

Moderate: Red Hat Security Advisory: php53 and php security update

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

php53 and php security update

5.3.3-27.1 - core: type confusion issue in phpinfo. CVE-2014-4721 - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 - core: fix heap-based buffer overflow in DNS TXT record parsing. CVE-2014-4049 - core: unserialize SPL ArrayObject / SPLObjectStorage type confusion flaw...

php security update

5.4.16-23 - fileinfo: cdfunpacksummaryinfo excessive looping DoS. CVE-2014-0237 - fileinfo: CDF property info parsing nelements infinite loop. CVE-2014-0238 - fileinfo: cdfcheckstreamoffset insufficient boundary check. CVE-2014-3479 - fileinfo: cdfcountchain insufficient boundary check...

USN-2276-1 php5 vulnerabilities

Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487 Stefan Esser...

CVE-2014-3478

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service application crash via a crafted Pascal string in a FILEPSTRING conversion...

CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

DEBIAN-CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...