Amazon Linux AMI : php (ALAS-2014-393)

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. acinclude.m4, as used in the configure script...

Medium: php

Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. acinclude.m4, as used in the...

php: heap-based buffer over-read in DateInterval

A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash...

Moderate: Red Hat Security Advisory: php53 and php security update

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

php53 and php security update

5.3.3-27.1 - core: type confusion issue in phpinfo. CVE-2014-4721 - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 - core: fix heap-based buffer overflow in DNS TXT record parsing. CVE-2014-4049 - core: unserialize SPL ArrayObject / SPLObjectStorage type confusion flaw...

MGASA-2014-0162 Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: It was discovered that the file utility contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. A flaw was foun...

PHP DateInterval Heap Buffer Overread Denial of Service (CVE-2013-6712)

A denial of service vulnerability has been reported in PHP. The vulnerability is due to a buffer overread when creating a dateInterval object. A remote attacker can exploit this flaw by sending a malicious request. Successful exploitation could result in a denial of service condition...

SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684)

This update fixes the following issues : - memory corruption in opensslparsex509. CVE-2013-6420 - Heap buffer over-read in DateInterval. CVE-2013-6712 - man-in-the-middle attacks by specially crafting certificates CVE-2013-4248 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

PHP 5.5.x < 5.5.8 Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.8. It is, therefore, potentially affected by the following vulnerabilities : - A heap-based buffer overflow error exists in the file 'ext/date/lib/parseisointervals.c' related to handling...

Updated php packages fix multiple security vulnerabilities

Updated php packages fix security vulnerabilities: Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2013-6420. It was discovered that PHP...

MGASA-2013-0379 Updated php packages fix multiple security vulnerabilities

Updated php packages fix security vulnerabilities: Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2013-6420. It was discovered that PHP...

Ubuntu Update for php5 USN-2055-1

Check for the Version of php5 OpenVAS Vulnerability Test $Id: gbubuntuUSN20551.nasl 8448 2018-01-17 16:18:06Z teissa $ Ubuntu Update for php5 USN-2055-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Debian DSA-2816-1 : php5 - several vulnerabilities

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-6420 Stefan Esser reported possible memory corruption in opensslx509parse. -...

Fedora 19 : php-5.5.7-1.fc19 (2013-23208)

12 Dec 2013, PHP 5.5.7 CLI server : - Added some MIME types to the CLI web server Chris Jones - Implemented FR 65917 getallheaders is not supported by the built-in web server - also implements apacheresponseheaders Andrea Faulds Core : - Fixed bug 66094 unregistertickfunction tries to cast a...

USN-2055-1: PHP vulnerabilities

Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-6420 It was discovered that PHP incorrectly handled DateInterval objects. An attack...

DSA-2816-1 php5 - several

Bulletin has no description...

CVE-2013-6712

The scan function in ext/date/lib/parseisointervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service heap-based buffer over-read via a crafted interval specification...

CVE-2013-6712

The scan function in ext/date/lib/parseisointervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service heap-based buffer over-read via a crafted interval specification...

EUVD-2013-6514

The scan function in ext/date/lib/parseisointervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service heap-based buffer over-read via a crafted interval specification...

CVE-2013-6712

The scan function in ext/date/lib/parseisointervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service heap-based buffer over-read via a crafted interval specification...