Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2014-356-02
HistoryDec 23, 2014 - 5:38 a.m.

[slackware-security] php

2014-12-2305:38:55
Slackware Linux Project
www.slackware.com
38

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.861 High

EPSS

Percentile

98.5%

JSON

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/php-5.4.36-i486-1_slack14.1.txz: Upgraded.
This update fixes bugs and security issues.
#68545 (NULL pointer dereference in unserialize.c).
#68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
#68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
For more information, see:
https://vulners.com/cve/CVE-2014-3710
https://vulners.com/cve/CVE-2014-8142
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.36-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.36-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.36-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.36-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.36-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.36-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
d25a3e243ec1921b7ac321be40336251 php-5.4.36-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
c374f5fef8a922ee1718232be4baefbf php-5.4.36-x86_64-1_slack14.0.txz

Slackware 14.1 package:
365000d20e974b045b2acc143ba6dfbe php-5.4.36-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
81fc269537befcc2fcb3be913588d8cc php-5.4.36-x86_64-1_slack14.1.txz

Slackware -current package:
bce0dc50b1430ed7a521b07795763922 n/php-5.4.36-i486-1.txz

Slackware x86_64 -current package:
6266e021adac91c16e68e61ee4bcdf9b n/php-5.4.36-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg php-5.4.36-i486-1_slack14.1.txz

Then, restart Apache httpd:
> /etc/rc.d/rc.httpd stop
> /etc/rc.d/rc.httpd start

Related

securityvulns 7
openvas 44
nessus 62
archlinux 4
mageia 3
exploitdb 2
debian 6
exploitpack 2
checkpoint_advisories 3
fedora 7
packetstorm 2
f5 6
amazon 7
debiancve 1
prion 3
ubuntucve 3
veracode 9
osv 3
cve 3
gentoo 2
ubuntu 3
freebsd 1
freebsd_advisory 1
oraclelinux 4
centos 4
redhat 3
suse 1
ibm 3
securityvulns
securityvulns
[slackware-security] php (SSA:2014-356-02)
2014-12-23 00:00:00
PHP security vulnerabilities
2014-12-23 00:00:00
PHP/fileinfo/file DoS
2014-06-14 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2014-356-02)
2022-04-21 00:00:00
Fedora Update for php FEDORA-2014-17241
2015-01-05 00:00:00
Debian Security Advisory DSA 3117-1 (php5 - security update)
2014-12-31 00:00:00
nessus
nessus
Slackware 14.0 / 14.1 / current : php (SSA:2014-356-02)
2014-12-23 00:00:00
Fedora 19 : php-5.5.20-2.fc19 (2014-17276)
2014-12-30 00:00:00
PHP 5.5.x < 5.5.20 'process_nested_data' RCE
2015-01-02 00:00:00
archlinux
archlinux
php: use after free
2014-12-19 00:00:00
file: denial of service through out-of-bounds read
2014-11-12 00:00:00
php: denial of service
2014-11-13 00:00:00
mageia
mageia
Updated php packages fix CVE-2014-8142
2014-12-21 23:47:32
Updated php packages fix security vulnerability
2014-11-12 12:56:47
Updated [package] package fix CVE-2014-3710
2014-10-31 18:53:38
exploitdb
exploitdb
eFront 3.6.15 - PHP Object Injection
2015-05-11 00:00:00
Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities
2016-09-22 00:00:00
debian
debian
[SECURITY] [DSA 3117-1] php5 security update
2014-12-31 14:47:01
[SECURITY] [DSA 3117-1] php5 security update
2014-12-31 14:47:01
[SECURITY] [DLA 86-1] file security update
2014-11-12 16:17:29
exploitpack
exploitpack
eFront 3.6.15 - PHP Object Injection
2015-05-11 00:00:00
Kerio Control Unified Threat Management 9.1.0 build 10879.1.1 build 1324 - Multiple Vulnerabilities
2016-09-22 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Core unserialize process nested data Use After Free - Ver2 (CVE-2014-8142)
2015-05-18 00:00:00
PHP Core unserialize process nested data Use After Free (CVE-2014-8142)
2015-02-09 00:00:00
PHP Core unserialize process nested data Use After Free - ver 2 (CVE-2014-8142; CVE-2015-0231)
2015-04-29 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.4-2.fc21
2014-12-29 09:59:23
[SECURITY] Fedora 21 Update: file-5.19-7.fc21
2014-11-10 06:44:48
[SECURITY] Fedora 20 Update: php-5.5.20-2.fc20
2014-12-29 10:03:10
packetstorm
packetstorm
eFront 3.6.15 PHP Object Injection
2015-05-09 00:00:00
Kerio Control Unified Threat Management Code Execution / XSS / Memory Corruption
2016-09-22 00:00:00
f5
f5
K15898 : PHP vulnerability CVE-2014-3710
2014-12-08 00:00:00
SOL15898 - PHP vulnerability CVE-2014-3710
2014-12-08 00:00:00
SOL16021 - PHP vulnerability CVE-2014-8142
2015-01-22 00:00:00
amazon
amazon
Medium: php54
2014-11-22 13:58:00
Medium: file
2014-11-22 14:34:00
Medium: php55
2014-11-22 13:58:00
debiancve
debiancve
CVE-2014-3710
2014-11-05 11:55:00
prion
prion
Out-of-bounds
2014-11-05 11:55:00
Design/Logic Flaw
2014-12-20 11:59:00
Design/Logic Flaw
2015-01-27 20:03:00
ubuntucve
ubuntucve
CVE-2014-3710
2014-10-24 00:00:00
CVE-2015-0231
2015-01-27 00:00:00
CVE-2014-8142
2014-12-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:21
Arbitrary Code Execution
2019-01-15 09:06:10
Remote Code Execution (RCE) Via Memory Corruption
2019-05-02 05:39:23
osv
osv
php5 - security update
2014-11-18 00:00:00
file - security update
2014-11-11 00:00:00
php5 - security update
2014-11-25 00:00:00
cve
cve
CVE-2014-3710
2014-11-05 11:55:00
CVE-2014-8142
2014-12-20 11:59:00
CVE-2015-0231
2015-01-27 20:03:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2015-03-08 00:00:00
file: Multiple vulnerabilities
2017-01-17 00:00:00
ubuntu
ubuntu
file vulnerabilities
2015-02-04 00:00:00
php5 vulnerabilities
2014-10-30 00:00:00
PHP vulnerabilities
2015-02-17 00:00:00
freebsd
freebsd
file -- multiple vulnerabilities
2014-12-16 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:28.file
2014-12-10 00:00:00
oraclelinux
oraclelinux
php security update
2014-10-30 00:00:00
php53 security update
2014-10-30 00:00:00
file security, bug fix, and enhancement update
2016-05-12 00:00:00
centos
centos
php53 security update
2014-10-31 14:37:09
php security update
2014-10-31 13:14:51
file, python security update
2016-05-16 10:13:44
redhat
redhat
(RHSA-2014:1767) Important: php security update
2014-10-30 00:00:00
(RHSA-2014:1768) Important: php53 security update
2014-10-30 00:00:00
(RHSA-2016:0760) Moderate: file security, bug fix, and enhancement update
2016-05-10 06:42:18
suse
suse
Security update for php5 (important)
2015-02-24 11:05:36
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection
2018-06-16 21:43:49
Security Bulletin: File vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.861 High

EPSS

Percentile

98.5%

JSON
Related for SSA-2014-356-02
securityvulns7openvas44nessus62archlinux4mageia3exploitdb2debian6exploitpack2checkpoint_advisories3fedora7packetstorm2f56amazon7debiancve1prion3ubuntucve3veracode9osv3cve3gentoo2ubuntu3freebsd1freebsd_advisory1oraclelinux4centos4redhat3suse1ibm3