Amazon Linux AMI : php54 (ALAS-2014-450)

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. C Tenable Network Security, Inc. The descripti...

Medium: php54

Issue Overview: An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. Affected Packages: php54 Issue...

Amazon Linux AMI : php54 (ALAS-2014-434)

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. CVE-2014-3668 An integer overflow flaw was found in the way custom objects were unserialized...

Important: php54

Issue Overview: An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. CVE-2014-3668 An integer overflow flaw was found in the way custom objects wer...

Amazon Linux AMI : php54 (ALAS-2014-361)

The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the Fileinfo component i...

Amazon Linux AMI : php54 (ALAS-2014-367)

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document...

Amazon Linux AMI : php54 (ALAS-2014-333)

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

Amazon Linux AMI : php54 (ALAS-2014-343)

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

Medium: php54

Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...

Medium: php54

Issue Overview: The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the...

Medium: php54

Issue Overview: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a...

Medium: php54

Issue Overview: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a...

Amazon Linux AMI : php54 (ALAS-2014-313)

A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : php54 (ALAS-2013-263)

A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the...

Medium: php54

Issue Overview: Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly...

Amazon Linux AMI : php54 (ALAS-2013-212)

A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xmlparseintostruct function to parse untrusted XML content, an attacker able to supply specially crafted XML could use this flaw to crash the application or, possibly, execute arbitra...

Amazon Linux AMI : php54 (ALAS-2013-206)

Heap-based buffer overflow in the phpquotprintencode function in ext/standard/quotprint.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted argument to the quotedprintableenco...

Critical: php54

Issue Overview: A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xmlparseintostruct function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly,...