Date:         Thu, 6 Nov 2014 19:19:40 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Security ERRATA Important: php on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis:          Important: php security update
Advisory ID:       SLSA-2014:1824-1
Issue Date:        2014-11-06
CVE Numbers:       CVE-2014-3669
                   CVE-2014-3670
                   CVE-2014-8626
--

A buffer overflow flaw was found in the Exif extension. A specially
crafted JPEG or TIFF file could cause a PHP application using the
exif_thumbnail() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2014-3670)

A stack-based buffer overflow flaw was found in the way the xmlrpc
extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC
request or response could possibly cause a PHP application to crash.
(CVE-2014-8626)

An integer overflow flaw was found in the way custom objects were
unserialized. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash. (CVE-2014-3669)

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
--

SL5
  x86_64
    php-5.1.6-45.el5_11.x86_64.rpm
    php-bcmath-5.1.6-45.el5_11.x86_64.rpm
    php-cli-5.1.6-45.el5_11.x86_64.rpm
    php-common-5.1.6-45.el5_11.x86_64.rpm
    php-dba-5.1.6-45.el5_11.x86_64.rpm
    php-debuginfo-5.1.6-45.el5_11.x86_64.rpm
    php-devel-5.1.6-45.el5_11.x86_64.rpm
    php-gd-5.1.6-45.el5_11.x86_64.rpm
    php-imap-5.1.6-45.el5_11.x86_64.rpm
    php-ldap-5.1.6-45.el5_11.x86_64.rpm
    php-mbstring-5.1.6-45.el5_11.x86_64.rpm
    php-mysql-5.1.6-45.el5_11.x86_64.rpm
    php-ncurses-5.1.6-45.el5_11.x86_64.rpm
    php-odbc-5.1.6-45.el5_11.x86_64.rpm
    php-pdo-5.1.6-45.el5_11.x86_64.rpm
    php-pgsql-5.1.6-45.el5_11.x86_64.rpm
    php-snmp-5.1.6-45.el5_11.x86_64.rpm
    php-soap-5.1.6-45.el5_11.x86_64.rpm
    php-xml-5.1.6-45.el5_11.x86_64.rpm
    php-xmlrpc-5.1.6-45.el5_11.x86_64.rpm
  i386
    php-5.1.6-45.el5_11.i386.rpm
    php-bcmath-5.1.6-45.el5_11.i386.rpm
    php-cli-5.1.6-45.el5_11.i386.rpm
    php-common-5.1.6-45.el5_11.i386.rpm
    php-dba-5.1.6-45.el5_11.i386.rpm
    php-debuginfo-5.1.6-45.el5_11.i386.rpm
    php-devel-5.1.6-45.el5_11.i386.rpm
    php-gd-5.1.6-45.el5_11.i386.rpm
    php-imap-5.1.6-45.el5_11.i386.rpm
    php-ldap-5.1.6-45.el5_11.i386.rpm
    php-mbstring-5.1.6-45.el5_11.i386.rpm
    php-mysql-5.1.6-45.el5_11.i386.rpm
    php-ncurses-5.1.6-45.el5_11.i386.rpm
    php-odbc-5.1.6-45.el5_11.i386.rpm
    php-pdo-5.1.6-45.el5_11.i386.rpm
    php-pgsql-5.1.6-45.el5_11.i386.rpm
    php-snmp-5.1.6-45.el5_11.i386.rpm
    php-soap-5.1.6-45.el5_11.i386.rpm
    php-xml-5.1.6-45.el5_11.i386.rpm
    php-xmlrpc-5.1.6-45.el5_11.i386.rpm

- Scientific Linux Development Team

SciLinux: CVE-2014-3669 Important: php SL5.x i386/x86_64

Important: php security update

Summary

Important: php security update



Security Fixes

Severity
Advisory ID: SLSA-2014:1824-1
Issued Date: : 2014-11-06
CVE Numbers: CVE-2014-3669
CVE-2014-3670
CVE-2014-8626

Related News