Lucene search

K
suseSuseSUSE-SU-2014:0873-1
HistoryJul 05, 2014 - 2:05 a.m.

Security update for PHP5 (important)

2014-07-0502:05:05
lists.opensuse.org
20

0.951 High

EPSS

Percentile

99.1%

PHP5 has been updated to fix four security vulnerabilities:

   * Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049)
   * NULL pointer dereference in GD XPM decoder (CVE-2014-2497)
   * Memory corrpution in openssl_parse_x509 (CVE-2013-6420)
   * Attackers can perform man-in-the-middle attacks by specially
     crafting certificates (CVE-2013-4248)

Security Issues:

   * CVE-2014-4049
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049</a>&gt;
   * CVE-2014-2497
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497</a>&gt;
   * CVE-2013-6420
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420</a>&gt;
   * CVE-2013-4248
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248</a>&gt;