Debian Wheezy: DSA-3008-2 Moderate: PHP5 Sessionclean Error Correction
debian
August 21, 2014
This update corrects a packaging error for the packages released in DSA-3008-1
Topics Covered
Summary
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2014-3538
It was discovered that the original fix for CVE-2013-7345 did not
sufficiently address the problem. A remote attacker could still
cause a denial of service (CPU consumption) via a specially-crafted
input file that triggers backtracking during processing of an awk
regular expression rule.
CVE-2014-3587
It was discovered that the CDF parser of the fileinfo module does
not properly process malformed files in the Composite Document File
(CDF) format, leading to crashes.
CVE-2014-3597
It was discovered that the original fix for CVE-2014-4049 did not
completely address the issue. A malicious server or
man-in-the-middle attacker could cause a denial of service (crash)
and possibly execute arbitrary code via a crafted DNS TXT record.
CVE-20...
PREVIOUS
NEXT
Package: php5
CVE ID: CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!