Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Scientific Linux: SLSA-2013:1814-1 Critical Memory Flaw Fix

Scientific Large Esm H446
Critical: php security update
Date: Wed, 11 Dec 2013 15:58:50 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Critical: php on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Critical: php security update
Advisory ID: SLSA-2013:1814-1
Issue Date: 2013-12-11
CVE Numbers: CVE-2012-2688
 CVE-2011-1398
 CVE-2013-1643
 CVE-2013-6420
--

A memory corruption flaw was found in the way the openssl_x509_parse()
function of the PHP openssl extension parsed X.509 certificates. A remote
attacker could use this flaw to provide a malicious self-signed
certificate or a certificate signed by a trusted authority to a PHP
application using the aforementioned function, causing the application to
crash or, possibly, allow the attacker to execute arbitrary code with the
privileges of the user running the PHP interpreter. (CVE-2013-6420)

It was found that PHP did not check for carriage returns in HTTP headers,
allowing intended HTTP response splitting protections to be bypassed.
Depending on the web browser the victim is using, a remote attacker could
use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)

An integer signedness issue, leading to a heap-based buffer underflow, was
found in the PHP scandir() function. If a remote attacker could upload an
excessively large number of files to a directory the scandir() function
runs on, it could cause the PHP interpreter to crash or, possibly, execute
arbitrary code. (CVE-2012-2688)

It was found that the PHP SOAP parser allowed the expansion of external
XML entities during SOAP message parsing. A remote attacker could possibly
use this flaw to read arbitrary files that are accessible to a PHP
application using a SOAP extension. (CVE-2013-1643)

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
--

SL5
 x86_64
 php-5.1.6-43.el5_10.x86_64.rpm
 php-bcmath-5.1.6-43.el5_10.x86_64.rpm
 php-cli-5.1.6-43.el5_10.x86_64.rpm
 php-common-5.1.6-43.el5_10.x86_64.rpm
 php-dba-5.1.6-43.el5_10.x86_64.rpm
 php-debuginfo-5.1.6-43.el5_10.x86_64.rpm
 php-devel-5.1.6-43.el5_10.x86_64.rpm
 php-gd-5.1.6-43.el5_10.x86_64.rpm
 php-imap-5.1.6-43.el5_10.x86_64.rpm
 php-ldap-5.1.6-43.el5_10.x86_64.rpm
 php-mbstring-5.1.6-43.el5_10.x86_64.rpm
 php-mysql-5.1.6-43.el5_10.x86_64.rpm
 php-ncurses-5.1.6-43.el5_10.x86_64.rpm
 php-odbc-5.1.6-43.el5_10.x86_64.rpm
 php-pdo-5.1.6-43.el5_10.x86_64.rpm
 php-pgsql-5.1.6-43.el5_10.x86_64.rpm
 php-snmp-5.1.6-43.el5_10.x86_64.rpm
 php-soap-5.1.6-43.el5_10.x86_64.rpm
 php-xml-5.1.6-43.el5_10.x86_64.rpm
 php-xmlrpc-5.1.6-43.el5_10.x86_64.rpm
 i386
 php-5.1.6-43.el5_10.i386.rpm
 php-bcmath-5.1.6-43.el5_10.i386.rpm
 php-cli-5.1.6-43.el5_10.i386.rpm
 php-common-5.1.6-43.el5_10.i386.rpm
 php-dba-5.1.6-43.el5_10.i386.rpm
 php-debuginfo-5.1.6-43.el5_10.i386.rpm
 php-devel-5.1.6-43.el5_10.i386.rpm
 php-gd-5.1.6-43.el5_10.i386.rpm
 php-imap-5.1.6-43.el5_10.i386.rpm
 php-ldap-5.1.6-43.el5_10.i386.rpm
 php-mbstring-5.1.6-43.el5_10.i386.rpm
 php-mysql-5.1.6-43.el5_10.i386.rpm
 php-ncurses-5.1.6-43.el5_10.i386.rpm
 php-odbc-5.1.6-43.el5_10.i386.rpm
 php-pdo-5.1.6-43.el5_10.i386.rpm
 php-pgsql-5.1.6-43.el5_10.i386.rpm
 php-snmp-5.1.6-43.el5_10.i386.rpm
 php-soap-5.1.6-43.el5_10.i386.rpm
 php-xml-5.1.6-43.el5_10.i386.rpm
 php-xmlrpc-5.1.6-43.el5_10.i386.rpm

- Scientific Linux Development Team