Date: Mon, 3 Nov 2014 17:52:55 +0000
Reply-To: scientific-linux-users@listserv.fnal.gov
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Subject: Security ERRATA Important: php53 on SL5.x i386/x86_64
MIME-Version: 1.0
Synopsis: Important: php53 security update
Advisory ID: SLSA-2014:1768-1
Issue Date: 2014-10-30
CVE Numbers: CVE-2014-3669
CVE-2014-3670
CVE-2014-3668
CVE-2014-3710
--
A buffer overflow flaw was found in the Exif extension. A specially
crafted JPEG or TIFF file could cause a PHP application using the
exif_thumbnail() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2014-3670)
An integer overflow flaw was found in the way custom objects were
unserialized. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash. (CVE-2014-3669)
An out-of-bounds read flaw was found in the way the File Information
(fileinfo) extension parsed Executable and Linkable Format (ELF) files. A
remote attacker could use this flaw to crash a PHP application using
fileinfo via a specially crafted ELF file. (CVE-2014-3710)
An out of bounds read flaw was found in the way the xmlrpc extension
parsed dates in the ISO 8601 format. A specially crafted XML-RPC request
or response could possibly cause a PHP application to crash.
(CVE-2014-3668)
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
--
SL5
x86_64
php53-5.3.3-26.el5_11.x86_64.rpm
php53-bcmath-5.3.3-26.el5_11.x86_64.rpm
php53-cli-5.3.3-26.el5_11.x86_64.rpm
php53-common-5.3.3-26.el5_11.x86_64.rpm
php53-dba-5.3.3-26.el5_11.x86_64.rpm
php53-debuginfo-5.3.3-26.el5_11.x86_64.rpm
php53-devel-5.3.3-26.el5_11.x86_64.rpm
php53-gd-5.3.3-26.el5_11.x86_64.rpm
php53-imap-5.3.3-26.el5_11.x86_64.rpm
php53-intl-5.3.3-26.el5_11.x86_64.rpm
php53-ldap-5.3.3-26.el5_11.x86_64.rpm
php53-mbstring-5.3.3-26.el5_11.x86_64.rpm
php53-mysql-5.3.3-26.el5_11.x86_64.rpm
php53-odbc-5.3.3-26.el5_11.x86_64.rpm
php53-pdo-5.3.3-26.el5_11.x86_64.rpm
php53-pgsql-5.3.3-26.el5_11.x86_64.rpm
php53-process-5.3.3-26.el5_11.x86_64.rpm
php53-pspell-5.3.3-26.el5_11.x86_64.rpm
php53-snmp-5.3.3-26.el5_11.x86_64.rpm
php53-soap-5.3.3-26.el5_11.x86_64.rpm
php53-xml-5.3.3-26.el5_11.x86_64.rpm
php53-xmlrpc-5.3.3-26.el5_11.x86_64.rpm
i386
php53-5.3.3-26.el5_11.i386.rpm
php53-bcmath-5.3.3-26.el5_11.i386.rpm
php53-cli-5.3.3-26.el5_11.i386.rpm
php53-common-5.3.3-26.el5_11.i386.rpm
php53-dba-5.3.3-26.el5_11.i386.rpm
php53-debuginfo-5.3.3-26.el5_11.i386.rpm
php53-devel-5.3.3-26.el5_11.i386.rpm
php53-gd-5.3.3-26.el5_11.i386.rpm
php53-imap-5.3.3-26.el5_11.i386.rpm
php53-intl-5.3.3-26.el5_11.i386.rpm
php53-ldap-5.3.3-26.el5_11.i386.rpm
php53-mbstring-5.3.3-26.el5_11.i386.rpm
php53-mysql-5.3.3-26.el5_11.i386.rpm
php53-odbc-5.3.3-26.el5_11.i386.rpm
php53-pdo-5.3.3-26.el5_11.i386.rpm
php53-pgsql-5.3.3-26.el5_11.i386.rpm
php53-process-5.3.3-26.el5_11.i386.rpm
php53-pspell-5.3.3-26.el5_11.i386.rpm
php53-snmp-5.3.3-26.el5_11.i386.rpm
php53-soap-5.3.3-26.el5_11.i386.rpm
php53-xml-5.3.3-26.el5_11.i386.rpm
php53-xmlrpc-5.3.3-26.el5_11.i386.rpm
- Scientific Linux Development Team
SciLinux: CVE-2014-3669 Important: php53 SL5.x i386/x86_64
Important: php53 security update
Summary
Important: php53 security update
Security Fixes
Severity
Advisory ID: SLSA-2014:1768-1
Issued Date: : 2014-10-30
CVE Numbers: CVE-2014-3669
CVE-2014-3670
CVE-2014-3668
News
HOWTOs
Features
About Us
Powered By
