Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Scientific Linux: SLSA-2014:1768-1 Important: php53 Buffer Overflow

Calendar Nov 03, 2014 User Avatar LinuxSecurity Advisories
2 - 4 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory buffer overflow php important update scientific linux
Important: php53 security update 
Date: Mon, 3 Nov 2014 17:52:55 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: php53 on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: php53 security update
Advisory ID: SLSA-2014:1768-1
Issue Date: 2014-10-30
CVE Numbers: CVE-2014-3669
 CVE-2014-3670
 CVE-2014-3668
 CVE-2014-3710
--

A buffer overflow flaw was found in the Exif extension. A specially
crafted JPEG or TIFF file could cause a PHP application using the
exif_thumbnail() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2014-3670)

An integer overflow flaw was found in the way custom objects were
unserialized. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash. (CVE-2014-3669)

An out-of-bounds read flaw was found in the way the File Information
(fileinfo) extension parsed Executable and Linkable Format (ELF) files. A
remote attacker could use this flaw to crash a PHP application using
fileinfo via a specially crafted ELF file. (CVE-2014-3710)

An out of bounds read flaw was found in the way the xmlrpc extension
parsed dates in the ISO 8601 format. A specially crafted XML-RPC request
or response could possibly cause a PHP application to crash.
(CVE-2014-3668)

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
--

SL5
 x86_64
 php53-5.3.3-26.el5_11.x86_64.rpm
 php53-bcmath-5.3.3-26.el5_11.x86_64.rpm
 php53-cli-5.3.3-26.el5_11.x86_64.rpm
 php53-common-5.3.3-26.el5_11.x86_64.rpm
 php53-dba-5.3.3-26.el5_11.x86_64.rpm
 php53-debuginfo-5.3.3-26.el5_11.x86_64.rpm
 php53-devel-5.3.3-26.el5_11.x86_64.rpm
 php53-gd-5.3.3-26.el5_11.x86_64.rpm
 php53-imap-5.3.3-26.el5_11.x86_64.rpm
 php53-intl-5.3.3-26.el5_11.x86_64.rpm
 php53-ldap-5.3.3-26.el5_11.x86_64.rpm
 php53-mbstring-5.3.3-26.el5_11.x86_64.rpm
 php53-mysql-5.3.3-26.el5_11.x86_64.rpm
 php53-odbc-5.3.3-26.el5_11.x86_64.rpm
 php53-pdo-5.3.3-26.el5_11.x86_64.rpm
 php53-pgsql-5.3.3-26.el5_11.x86_64.rpm
 php53-process-5.3.3-26.el5_11.x86_64.rpm
 php53-pspell-5.3.3-26.el5_11.x86_64.rpm
 php53-snmp-5.3.3-26.el5_11.x86_64.rpm
 php53-soap-5.3.3-26.el5_11.x86_64.rpm
 php53-xml-5.3.3-26.el5_11.x86_64.rpm
 php53-xmlrpc-5.3.3-26.el5_11.x86_64.rpm
 i386
 php53-5.3.3-26.el5_11.i386.rpm
 php53-bcmath-5.3.3-26.el5_11.i386.rpm
 php53-cli-5.3.3-26.el5_11.i386.rpm
 php53-common-5.3.3-26.el5_11.i386.rpm
 php53-dba-5.3.3-26.el5_11.i386.rpm
 php53-debuginfo-5.3.3-26.el5_11.i386.rpm
 php53-devel-5.3.3-26.el5_11.i386.rpm
 php53-gd-5.3.3-26.el5_11.i386.rpm
 php53-imap-5.3.3-26.el5_11.i386.rpm
 php53-intl-5.3.3-26.el5_11.i386.rpm
 php53-ldap-5.3.3-26.el5_11.i386.rpm
 php53-mbstring-5.3.3-26.el5_11.i386.rpm
 php53-mysql-5.3.3-26.el5_11.i386.rpm
 php53-odbc-5.3.3-26.el5_11.i386.rpm
 php53-pdo-5.3.3-26.el5_11.i386.rpm
 php53-pgsql-5.3.3-26.el5_11.i386.rpm
 php53-process-5.3.3-26.el5_11.i386.rpm
 php53-pspell-5.3.3-26.el5_11.i386.rpm
 php53-snmp-5.3.3-26.el5_11.i386.rpm
 php53-soap-5.3.3-26.el5_11.i386.rpm
 php53-xml-5.3.3-26.el5_11.i386.rpm
 php53-xmlrpc-5.3.3-26.el5_11.i386.rpm

- Scientific Linux Development Team
Your message here