Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Scientific Linux: SLSA-2014:1824-1 Important: php Buffer Overflow Issues

Calendar Nov 06, 2014 User Avatar LinuxSecurity Advisories
2 - 4 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory buffer overflow php update integer overflow xmlrpc Scientific Linux
Important: php security update 
Date: Thu, 6 Nov 2014 19:19:40 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: php on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: php security update
Advisory ID: SLSA-2014:1824-1
Issue Date: 2014-11-06
CVE Numbers: CVE-2014-3669
 CVE-2014-3670
 CVE-2014-8626
--

A buffer overflow flaw was found in the Exif extension. A specially
crafted JPEG or TIFF file could cause a PHP application using the
exif_thumbnail() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2014-3670)

A stack-based buffer overflow flaw was found in the way the xmlrpc
extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC
request or response could possibly cause a PHP application to crash.
(CVE-2014-8626)

An integer overflow flaw was found in the way custom objects were
unserialized. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash. (CVE-2014-3669)

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
--

SL5
 x86_64
 php-5.1.6-45.el5_11.x86_64.rpm
 php-bcmath-5.1.6-45.el5_11.x86_64.rpm
 php-cli-5.1.6-45.el5_11.x86_64.rpm
 php-common-5.1.6-45.el5_11.x86_64.rpm
 php-dba-5.1.6-45.el5_11.x86_64.rpm
 php-debuginfo-5.1.6-45.el5_11.x86_64.rpm
 php-devel-5.1.6-45.el5_11.x86_64.rpm
 php-gd-5.1.6-45.el5_11.x86_64.rpm
 php-imap-5.1.6-45.el5_11.x86_64.rpm
 php-ldap-5.1.6-45.el5_11.x86_64.rpm
 php-mbstring-5.1.6-45.el5_11.x86_64.rpm
 php-mysql-5.1.6-45.el5_11.x86_64.rpm
 php-ncurses-5.1.6-45.el5_11.x86_64.rpm
 php-odbc-5.1.6-45.el5_11.x86_64.rpm
 php-pdo-5.1.6-45.el5_11.x86_64.rpm
 php-pgsql-5.1.6-45.el5_11.x86_64.rpm
 php-snmp-5.1.6-45.el5_11.x86_64.rpm
 php-soap-5.1.6-45.el5_11.x86_64.rpm
 php-xml-5.1.6-45.el5_11.x86_64.rpm
 php-xmlrpc-5.1.6-45.el5_11.x86_64.rpm
 i386
 php-5.1.6-45.el5_11.i386.rpm
 php-bcmath-5.1.6-45.el5_11.i386.rpm
 php-cli-5.1.6-45.el5_11.i386.rpm
 php-common-5.1.6-45.el5_11.i386.rpm
 php-dba-5.1.6-45.el5_11.i386.rpm
 php-debuginfo-5.1.6-45.el5_11.i386.rpm
 php-devel-5.1.6-45.el5_11.i386.rpm
 php-gd-5.1.6-45.el5_11.i386.rpm
 php-imap-5.1.6-45.el5_11.i386.rpm
 php-ldap-5.1.6-45.el5_11.i386.rpm
 php-mbstring-5.1.6-45.el5_11.i386.rpm
 php-mysql-5.1.6-45.el5_11.i386.rpm
 php-ncurses-5.1.6-45.el5_11.i386.rpm
 php-odbc-5.1.6-45.el5_11.i386.rpm
 php-pdo-5.1.6-45.el5_11.i386.rpm
 php-pgsql-5.1.6-45.el5_11.i386.rpm
 php-snmp-5.1.6-45.el5_11.i386.rpm
 php-soap-5.1.6-45.el5_11.i386.rpm
 php-xml-5.1.6-45.el5_11.i386.rpm
 php-xmlrpc-5.1.6-45.el5_11.i386.rpm

- Scientific Linux Development Team
Your message here