Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2014-160-01
HistoryJun 09, 2014 - 9:04 p.m.

[slackware-security] php

2014-06-0921:04:52
Slackware Linux Project
www.slackware.com
24

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.098 Low

EPSS

Percentile

94.7%

JSON

New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/php-5.4.29-i486-1_slack14.1.txz: Upgraded.
This update fixes bugs and security issues, including a possible denial
of service, and an issue where insecure default permissions on the FPM
socket may allow local users to run arbitrary code as the apache user.
For more information, see:
https://vulners.com/cve/CVE-2014-0185
https://vulners.com/cve/CVE-2014-0237
https://vulners.com/cve/CVE-2014-0238
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.28-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.28-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.28-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.28-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.28-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.28-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.29-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.29-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.29-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.29-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.29-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.29-x86_64-1.txz

MD5 signatures:

Slackware 13.0 package:
ccea945b3f2148537e32262056c6baf3 php-5.3.28-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
538810888d000fc5c9d9c89eebcd98ca php-5.3.28-x86_64-1_slack13.0.txz

Slackware 13.1 package:
dcddf3bab56b9c384dc68f6d8ddac784 php-5.3.28-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
8d9211b49b895c96feba41b1d035004f php-5.3.28-x86_64-1_slack13.1.txz

Slackware 13.37 package:
28280a25871c27ed5c1a4be5d53f7640 php-5.3.28-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
4a4be5f6e1731a9c45f58063d7dd19f0 php-5.3.28-x86_64-1_slack13.37.txz

Slackware 14.0 package:
2eb778df214832e87f3a605a65ee82ec php-5.4.29-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
b18c187d6be6cb63f08744d3f93d9c35 php-5.4.29-x86_64-1_slack14.0.txz

Slackware 14.1 package:
36e8852834584501a5118800a3e944cb php-5.4.29-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
eb6e16e0fc7e88939dc5ef8bfef5011f php-5.4.29-x86_64-1_slack14.1.txz

Slackware -current package:
edf4ffd856eb50241a5847d405c4e87e n/php-5.4.29-i486-1.txz

Slackware x86_64 -current package:
29b6e83289af8b31f1a27cb99e06078c n/php-5.4.29-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg php-5.4.29-i486-1_slack14.1.txz

Then, restart Apache httpd:
> /etc/rc.d/rc.httpd stop
> /etc/rc.d/rc.httpd start

Related

openvas 57
nessus 52
fedora 22
ubuntu 2
osv 5
debian 5
mageia 3
f5 4
securityvulns 8
amazon 4
suse 1
ubuntucve 3
cve 3
debiancve 2
prion 3
checkpoint_advisories 1
threatpost 1
ibm 2
redhat 6
oraclelinux 4
centos 4
freebsd 1
gentoo 1
veracode 3
rosalinux 1
openvas
openvas
Slackware: Security Advisory (SSA:2014-160-01)
2022-04-21 00:00:00
Debian Security Advisory DSA 2943-1 (php5 - security update)
2014-06-01 00:00:00
Debian: Security Advisory (DSA-2943-1)
2014-05-31 00:00:00
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : php (SSA:2014-160-01)
2014-06-10 00:00:00
Ubuntu 14.04 LTS : PHP updates (USN-2254-2)
2014-06-26 00:00:00
Debian DSA-2943-1 : php5 - security update
2014-06-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.13-3.fc20
2014-06-17 23:31:30
[SECURITY] Fedora 20 Update: php-phpunit-PHPUnit-MockObject-1.2.3-4.fc20
2014-06-17 23:31:30
[SECURITY] Fedora 19 Update: php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19
2014-06-17 23:36:22
ubuntu
ubuntu
PHP updates
2014-06-25 00:00:00
PHP vulnerabilities
2014-06-23 00:00:00
osv
osv
php5 - security update
2014-06-01 00:00:00
php5 - security update
2015-01-31 00:00:00
php5 - regression update
2015-01-31 00:00:00
debian
debian
[SECURITY] [DSA 2943-1] php5 security update
2014-06-01 08:38:03
[SECURITY] [DLA 145-1] php5 security update
2015-01-31 13:08:25
[DLA 27-1] file security update
2014-07-31 14:47:17
mageia
mageia
Updated file packages fix CVE-2014-0237-8
2014-06-06 09:52:39
Updated php packages fix CVE-2014-0237-8
2014-06-06 21:54:14
Updated php packages fix CVE-2014-0185
2014-05-15 02:02:58
f5
f5
SOL16954 - Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238
2015-07-14 00:00:00
K16954 : Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238
2015-09-16 00:00:00
K15322 : PHP vulnerability CVE-2014-0185
2014-06-05 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:116 ] file
2014-06-14 00:00:00
PHP/fileinfo/file DoS
2014-06-14 00:00:00
[ MDVSA-2014:087 ] php
2014-05-30 00:00:00
amazon
amazon
Medium: php55
2014-06-15 16:29:00
Medium: php54
2014-06-15 16:29:00
Medium: php
2014-08-21 11:15:00
suse
suse
Security update for php53 (important)
2014-07-04 01:04:18
ubuntucve
ubuntucve
CVE-2014-0237
2014-06-01 00:00:00
CVE-2014-0185
2014-05-06 00:00:00
CVE-2014-0238
2014-06-01 00:00:00
cve
cve
CVE-2014-0237
2014-06-01 04:29:00
CVE-2014-0185
2014-05-06 10:44:00
CVE-2014-0238
2014-06-01 04:29:00
debiancve
debiancve
CVE-2014-0237
2014-06-01 04:29:00
CVE-2014-0238
2014-06-01 04:29:00
prion
prion
Code injection
2014-06-01 04:29:00
Code injection
2014-05-06 10:44:00
Design/Logic Flaw
2014-06-01 04:29:00
checkpoint_advisories
checkpoint_advisories
PHP CDF File Handling Infinite Loop (CVE-2014-0238)
2014-08-03 00:00:00
threatpost
threatpost
PHP Updated to Fix Heartbleed, Other Bugs
2014-05-02 10:48:20
ibm
ibm
Security Bulletin: Multiple vulnerabilities in PHP as used by IBM QRadar Incident Forensics 7.2 MR2. (CVE-2014-3515, CVE-2014-4049, CVE-2014-3981, CVE-2014-0238, CVE-2014-0237, CVE-2014-4721)
2018-06-16 21:19:23
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
redhat
redhat
(RHSA-2014:1606) Moderate: file security and bug fix update
2014-10-14 00:00:00
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2014:1012) Moderate: php53 and php security update
2014-08-06 00:00:00
oraclelinux
oraclelinux
file security and bug fix update
2014-10-15 00:00:00
php security update
2014-08-06 00:00:00
php53 and php security update
2014-08-06 00:00:00
centos
centos
file, python security update
2014-10-20 18:08:44
php security update
2014-08-06 14:38:20
php, php53 security update
2014-08-06 14:53:37
freebsd
freebsd
PHP multiple vulnerabilities
2014-08-14 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2014-08-29 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:16
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.098 Low

EPSS

Percentile

94.7%

JSON
Related for SSA-2014-160-01
openvas57nessus52fedora22ubuntu2osv5debian5mageia3f54securityvulns8amazon4suse1ubuntucve3cve3debiancve2prion3checkpoint_advisories1threatpost1ibm2redhat6oraclelinux4centos4freebsd1gentoo1veracode3rosalinux1