SciLinux: CVE-2014-3669 Important: php SL5.x i386/x86_64
Summary
Important: php security update
Date: Thu, 6 Nov 2014 19:19:40 +0000 Reply-To: scientific-linux-users@listserv.fnal.gov Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Important: php on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: php security update Advisory ID: SLSA-2014:1824-1 Issue Date: 2014-11-06 CVE Numbers: CVE-2014-3669 CVE-2014-3670 CVE-2014-8626 -- A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) After installing the updated packages, the httpd daemon must be restarted for the update to take effect. -- SL5 x86_64 php-5.1.6-45.el5_11.x86_64.rpm php-bcmath-5.1.6-45.el5_11.x86_64.rpm php-cli-5.1.6-45.el5_11.x86_64.rpm php-common-5.1.6-45.el5_11.x86_64.rpm php-dba-5.1.6-45.el5_11.x86_64.rpm php-debuginfo-5.1.6-45.el5_11.x86_64.rpm php-devel-5.1.6-45.el5_11.x86_64.rpm php-gd-5.1.6-45.el5_11.x86_64.rpm php-imap-5.1.6-45.el5_11.x86_64.rpm php-ldap-5.1.6-45.el5_11.x86_64.rpm php-mbstring-5.1.6-45.el5_11.x86_64.rpm php-mysql-5.1.6-45.el5_11.x86_64.rpm php-ncurses-5.1.6-45.el5_11.x86_64.rpm php-odbc-5.1.6-45.el5_11.x86_64.rpm php-pdo-5.1.6-45.el5_11.x86_64.rpm php-pgsql-5.1.6-45.el5_11.x86_64.rpm php-snmp-5.1.6-45.el5_11.x86_64.rpm php-soap-5.1.6-45.el5_11.x86_64.rpm php-xml-5.1.6-45.el5_11.x86_64.rpm php-xmlrpc-5.1.6-45.el5_11.x86_64.rpm i386 php-5.1.6-45.el5_11.i386.rpm php-bcmath-5.1.6-45.el5_11.i386.rpm php-cli-5.1.6-45.el5_11.i386.rpm php-common-5.1.6-45.el5_11.i386.rpm php-dba-5.1.6-45.el5_11.i386.rpm php-debuginfo-5.1.6-45.el5_11.i386.rpm php-devel-5.1.6-45.el5_11.i386.rpm php-gd-5.1.6-45.el5_11.i386.rpm php-imap-5.1.6-45.el5_11.i386.rpm php-ldap-5.1.6-45.el5_11.i386.rpm php-mbstring-5.1.6-45.el5_11.i386.rpm php-mysql-5.1.6-45.el5_11.i386.rpm php-ncurses-5.1.6-45.el5_11.i386.rpm php-odbc-5.1.6-45.el5_11.i386.rpm php-pdo-5.1.6-45.el5_11.i386.rpm php-pgsql-5.1.6-45.el5_11.i386.rpm php-snmp-5.1.6-45.el5_11.i386.rpm php-soap-5.1.6-45.el5_11.i386.rpm php-xml-5.1.6-45.el5_11.i386.rpm php-xmlrpc-5.1.6-45.el5_11.i386.rpm - Scientific Linux Development Team
Important: php security update