Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Slackware 14.0 Security Advisory: 2013-197-01 Critical PHP DoS Fix

slackware
Calendar Grey July 16, 2013
Dist Slackware Esm H88
Enhance PHP libraries in Slackware to remediate a serious Denial of Service vulnerability through XML parsing hierarchy.
New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.0 ChangeLog: patches/packages/php-5.4.17-i486-1_slack14.0.txz: Upgraded. This update fixes an issue where XML in PHP does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. For more information, see: https://www.cve.org/CVERecord?id=CVE-2013-4113 (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical fix package upgrade Slackware Denial of Service PHP

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.27-i486-1_slack12.1.tgz
Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.27-i486-1_slack12.2.tgz
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware 13.1:
Updated package for Slackware x86_64 13.1:
Updated package for Slackware 13.37:
Updated package for Slackware x86_64 13.37:
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 12.1 package: 085d55c6b01cc65cfbf28e3bc4859886 php-5.3.27-i486-1_slack12.1.tgz
Slackware 12.2 package: a39f1e4919283763ea7f96ab76d97e74 php-5.3.27-i486-1_slack12.2.tgz
Slackware 13.0 package: 526f7e5fbc91eb9c77846a7665ff7952 php-5.3.27-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 9c9f30b0faefd03b1f4e5a5ee1cf0c98 php-5.3.27-x86_64-1_slack13.0.txz
Slackware 13.1 package: 4410fafd158d51e135a063a23a4eb7a9 php-5.3.27-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 8b76077d090702bb4acbde69d22e30ce php-5.3.27-x86_64-1_slack13.1.txz
Slackware 13.37 package: aa950c3641ae93a80c3a555176c222be php-5.3.27-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 6959e80fbc2332e73962dbcfbc6d11b0 php-5.3.27-x86_64-1_slack13.37.txz
Slackware 14.0 package: e08e5d2c7a0911e65d13acbd03c10136 php-5.4.17-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 1270cada2c7bfc4af7743f489683d8c8 php-5.4.17-x86_64-1_slack14.0.txz
Slackware -current package: fa8047a34a388ecfc2ffecae9c700a90 n/php-5.4.17-i486-1.txz
Slackware x86_64 -current package: 9439336bfb58b642306ed3c2246e3dae n/php-5.4.17-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical fix package upgrade Slackware Denial of Service PHP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg php-5.4.17-i486-1_slack14.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start

Related News

Your message here