Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
91
security advisorydenial of servicesecurity issueGentoo: GLSA-202210-28 Low: exif Denial of Service Affecting Users
A vulnerability has been discovered in exif which could result in denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: exif: Denial of Service Date: October 31, 2022 Bugs: #783522 ID: 202210-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been discovered in exif which could result in denial of service. Background ========= libexif is a library for parsing, editing and saving Exif metadata from images. exif is a small command line interface for libexif. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/exif < 0.6.22 > = 0.6.22 Description ========== There is a bug in exif's XML output format which can result in a null pointer dereference when outputting crafted JPEG EXIF data. Impact ===== A crafted JPEG image can trigger a denial of service in the form of a null pointer dereference. Workaround ========= There is no known workaround at this time. Resolution ========= All exif users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/exif-0.6.22" References ========= [ 1 ] CVE-2021-27815 https://nvd.nist.gov/vuln/detail/CVE-2021-27815 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-28 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Oct 30, 2022
•Low
Gentoo
203
security advisorysecurity updatesecurity issueMageia 7 And 8: MGASA-2021-0252 Critical Exif DoS Advisory
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash. (CVE-2021-27815). . MGASA-2021-0252 - Updated exif packages fix a security vulnerability Publication date: 13 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0252.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-27815 NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash. (CVE-2021-27815). References: - https://bugs.mageia.org/show_bug.cgi?id=29038 - https://lists.fedoraproject.org/archives/list/
Jun 13, 2021
•Critical
Mageia
89
security advisorymoderateupdateFedora 34 FEDORA-2021-b2bd2b1d13 Moderate DoS Fix for exif
0.6.22, patch for CVE-2021-27815.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-b2bd2b1d13 2021-05-20 01:09:12.598757 --------------------------------------------------------------------------------Name : exif Product : Fedora 34 Version : 0.6.22 Release : 1.fc34 URL : Summary : Utility to show EXIF information hidden in JPEG files Description : Small command-line utility to show EXIF information hidden in JPEG files. --------------------------------------------------------------------------------Update Information: 0.6.22, patch for CVE-2021-27815. --------------------------------------------------------------------------------ChangeLog: * Mon May 10 2021 Gwyn Ciesla - 0.6.22-1 - 0.6.22, patch for CVE-2021-27815. --------------------------------------------------------------------------------References: [ 1 ] Bug #1958808 - CVE-2021-27815 exif: libexif: NULL Pointer Deference may lead to DoS by uploading a malicious JPEG file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958808 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-b2bd2b1d13' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 19, 2021
•Important
Fedora
89
security advisoryupdatecriticalFedora 32: FEDORA-2021-477809f45f Critical: exif DoS Issue
0.6.22, patch for CVE-2021-27815.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-477809f45f 2021-05-19 01:36:41.182504 --------------------------------------------------------------------------------Name : exif Product : Fedora 32 Version : 0.6.22 Release : 1.fc32 URL : https://libexif.sourceforge.net/ Summary : Utility to show EXIF information hidden in JPEG files Description : Small command-line utility to show EXIF information hidden in JPEG files. --------------------------------------------------------------------------------Update Information: 0.6.22, patch for CVE-2021-27815. --------------------------------------------------------------------------------ChangeLog: * Mon May 10 2021 Gwyn Ciesla - 0.6.22-1 - 0.6.22, patch for CVE-2021-27815. * Tue Jan 26 2021 Fedora Release Engineering - 0.6.21-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering - 0.6.21-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 13 2020 Tom Stellard - 0.6.21-18 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro --------------------------------------------------------------------------------References: [ 1 ] Bug #1958808 - CVE-2021-27815 exif: libexif: NULL Pointer Deference may lead to DoS by uploading a malicious JPEG file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958808 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-477809f45f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 18, 2021
•Critical
Fedora
89
security advisoryFedoraDoSFedora 33: 2021-04f7b000fa Critical: exif DoS Security Patch
0.6.22, patch for CVE-2021-27815.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-04f7b000fa 2021-05-19 01:30:18.295577 --------------------------------------------------------------------------------Name : exif Product : Fedora 33 Version : 0.6.22 Release : 1.fc33 URL : Summary : Utility to show EXIF information hidden in JPEG files Description : Small command-line utility to show EXIF information hidden in JPEG files. --------------------------------------------------------------------------------Update Information: 0.6.22, patch for CVE-2021-27815. --------------------------------------------------------------------------------ChangeLog: * Mon May 10 2021 Gwyn Ciesla - 0.6.22-1 - 0.6.22, patch for CVE-2021-27815. * Tue Jan 26 2021 Fedora Release Engineering - 0.6.21-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1958808 - CVE-2021-27815 exif: libexif: NULL Pointer Deference may lead to DoS by uploading a malicious JPEG file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958808 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-04f7b000fa' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 18, 2021
•Critical
Fedora
98
security advisorybuffer overflowred hatRed Hat: RHSA-2014:1824-01 Important: PHP Security Update
Updated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2014:1824-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:1824.html Issue date: 2014-11-06 CVE Names: CVE-2014-3669 CVE-2014-3670 CVE-2014-8626 ==================================================================== 1. Summary: Updated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted inputprocessed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1154500 - CVE-2014-3669 php: integer overflow in unserialize() 1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail() 1155607 - CVE-2014-8626 php: xmlrpc ISO8601 date format parsing buffer overflow 6. Package List: RHEL Desktop Workstation (v. 5client): Source: php-5.1.6-45.el5_11.src.rpm i386: php-5.1.6-45.el5_11.i386.rpm php-bcmath-5.1.6-45.el5_11.i386.rpm php-cli-5.1.6-45.el5_11.i386.rpm php-common-5.1.6-45.el5_11.i386.rpm php-dba-5.1.6-45.el5_11.i386.rpm php-debuginfo-5.1.6-45.el5_11.i386.rpm php-devel-5.1.6-45.el5_11.i386.rpm php-gd-5.1.6-45.el5_11.i386.rpm php-imap-5.1.6-45.el5_11.i386.rpm php-ldap-5.1.6-45.el5_11.i386.rpm php-mbstring-5.1.6-45.el5_11.i386.rpm php-mysql-5.1.6-45.el5_11.i386.rpm php-ncurses-5.1.6-45.el5_11.i386.rpm php-odbc-5.1.6-45.el5_11.i386.rpm php-pdo-5.1.6-45.el5_11.i386.rpm php-pgsql-5.1.6-45.el5_11.i386.rpm php-snmp-5.1.6-45.el5_11.i386.rpm php-soap-5.1.6-45.el5_11.i386.rpm php-xml-5.1.6-45.el5_11.i386.rpm php-xmlrpc-5.1.6-45.el5_11.i386.rpm x86_64: php-5.1.6-45.el5_11.x86_64.rpm php-bcmath-5.1.6-45.el5_11.x86_64.rpm php-cli-5.1.6-45.el5_11.x86_64.rpm php-common-5.1.6-45.el5_11.x86_64.rpm php-dba-5.1.6-45.el5_11.x86_64.rpm php-debuginfo-5.1.6-45.el5_11.x86_64.rpm php-devel-5.1.6-45.el5_11.x86_64.rpm php-gd-5.1.6-45.el5_11.x86_64.rpm php-imap-5.1.6-45.el5_11.x86_64.rpm php-ldap-5.1.6-45.el5_11.x86_64.rpm php-mbstring-5.1.6-45.el5_11.x86_64.rpm php-mysql-5.1.6-45.el5_11.x86_64.rpm php-ncurses-5.1.6-45.el5_11.x86_64.rpm php-odbc-5.1.6-45.el5_11.x86_64.rpm php-pdo-5.1.6-45.el5_11.x86_64.rpm php-pgsql-5.1.6-45.el5_11.x86_64.rpm php-snmp-5.1.6-45.el5_11.x86_64.rpm php-soap-5.1.6-45.el5_11.x86_64.rpm php-xml-5.1.6-45.el5_11.x86_64.rpm php-xmlrpc-5.1.6-45.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: php-5.1.6-45.el5_11.src.rpm i386: php-5.1.6-45.el5_11.i386.rpm php-bcmath-5.1.6-45.el5_11.i386.rpm php-cli-5.1.6-45.el5_11.i386.rpm php-common-5.1.6-45.el5_11.i386.rpm php-dba-5.1.6-45.el5_11.i386.rpm php-debuginfo-5.1.6-45.el5_11.i386.rpm php-devel-5.1.6-45.el5_11.i386.rpm php-gd-5.1.6-45.el5_11.i386.rpm php-imap-5.1.6-45.el5_11.i386.rpm php-ldap-5.1.6-45.el5_11.i386.rpm php-mbstring-5.1.6-45.el5_11.i386.rpm php-mysql-5.1.6-45.el5_11.i386.rpm php-ncurses-5.1.6-45.el5_11.i386.rpm php-odbc-5.1.6-45.el5_11.i386.rpm php-pdo-5.1.6-45.el5_11.i386.rpm php-pgsql-5.1.6-45.el5_11.i386.rpm php-snmp-5.1.6-45.el5_11.i386.rpm php-soap-5.1.6-45.el5_11.i386.rpm php-xml-5.1.6-45.el5_11.i386.rpm php-xmlrpc-5.1.6-45.el5_11.i386.rpm ia64: php-5.1.6-45.el5_11.ia64.rpm php-bcmath-5.1.6-45.el5_11.ia64.rpm php-cli-5.1.6-45.el5_11.ia64.rpm php-common-5.1.6-45.el5_11.ia64.rpm php-dba-5.1.6-45.el5_11.ia64.rpm php-debuginfo-5.1.6-45.el5_11.ia64.rpm php-devel-5.1.6-45.el5_11.ia64.rpm php-gd-5.1.6-45.el5_11.ia64.rpm php-imap-5.1.6-45.el5_11.ia64.rpm php-ldap-5.1.6-45.el5_11.ia64.rpm php-mbstring-5.1.6-45.el5_11.ia64.rpm php-mysql-5.1.6-45.el5_11.ia64.rpm php-ncurses-5.1.6-45.el5_11.ia64.rpm php-odbc-5.1.6-45.el5_11.ia64.rpm php-pdo-5.1.6-45.el5_11.ia64.rpm php-pgsql-5.1.6-45.el5_11.ia64.rpm php-snmp-5.1.6-45.el5_11.ia64.rpm php-soap-5.1.6-45.el5_11.ia64.rpm php-xml-5.1.6-45.el5_11.ia64.rpm php-xmlrpc-5.1.6-45.el5_11.ia64.rpm ppc: php-5.1.6-45.el5_11.ppc.rpm php-bcmath-5.1.6-45.el5_11.ppc.rpm php-cli-5.1.6-45.el5_11.ppc.rpm php-common-5.1.6-45.el5_11.ppc.rpm php-dba-5.1.6-45.el5_11.ppc.rpm php-debuginfo-5.1.6-45.el5_11.ppc.rpm php-devel-5.1.6-45.el5_11.ppc.rpm php-gd-5.1.6-45.el5_11.ppc.rpm php-imap-5.1.6-45.el5_11.ppc.rpm php-ldap-5.1.6-45.el5_11.ppc.rpm php-mbstring-5.1.6-45.el5_11.ppc.rpm php-mysql-5.1.6-45.el5_11.ppc.rpm php-ncurses-5.1.6-45.el5_11.ppc.rpm php-odbc-5.1.6-45.el5_11.ppc.rpm php-pdo-5.1.6-45.el5_11.ppc.rpm php-pgsql-5.1.6-45.el5_11.ppc.rpm php-snmp-5.1.6-45.el5_11.ppc.rpm php-soap-5.1.6-45.el5_11.ppc.rpm php-xml-5.1.6-45.el5_11.ppc.rpm php-xmlrpc-5.1.6-45.el5_11.ppc.rpm s390x: php-5.1.6-45.el5_11.s390x.rpm php-bcmath-5.1.6-45.el5_11.s390x.rpm php-cli-5.1.6-45.el5_11.s390x.rpm php-common-5.1.6-45.el5_11.s390x.rpm php-dba-5.1.6-45.el5_11.s390x.rpm php-debuginfo-5.1.6-45.el5_11.s390x.rpm php-devel-5.1.6-45.el5_11.s390x.rpm php-gd-5.1.6-45.el5_11.s390x.rpm php-imap-5.1.6-45.el5_11.s390x.rpm php-ldap-5.1.6-45.el5_11.s390x.rpm php-mbstring-5.1.6-45.el5_11.s390x.rpm php-mysql-5.1.6-45.el5_11.s390x.rpm php-ncurses-5.1.6-45.el5_11.s390x.rpm php-odbc-5.1.6-45.el5_11.s390x.rpm php-pdo-5.1.6-45.el5_11.s390x.rpm php-pgsql-5.1.6-45.el5_11.s390x.rpm php-snmp-5.1.6-45.el5_11.s390x.rpm php-soap-5.1.6-45.el5_11.s390x.rpm php-xml-5.1.6-45.el5_11.s390x.rpm php-xmlrpc-5.1.6-45.el5_11.s390x.rpm x86_64: php-5.1.6-45.el5_11.x86_64.rpm php-bcmath-5.1.6-45.el5_11.x86_64.rpm php-cli-5.1.6-45.el5_11.x86_64.rpm php-common-5.1.6-45.el5_11.x86_64.rpm php-dba-5.1.6-45.el5_11.x86_64.rpm php-debuginfo-5.1.6-45.el5_11.x86_64.rpm php-devel-5.1.6-45.el5_11.x86_64.rpm php-gd-5.1.6-45.el5_11.x86_64.rpm php-imap-5.1.6-45.el5_11.x86_64.rpm php-ldap-5.1.6-45.el5_11.x86_64.rpm php-mbstring-5.1.6-45.el5_11.x86_64.rpm php-mysql-5.1.6-45.el5_11.x86_64.rpm php-ncurses-5.1.6-45.el5_11.x86_64.rpm php-odbc-5.1.6-45.el5_11.x86_64.rpm php-pdo-5.1.6-45.el5_11.x86_64.rpm php-pgsql-5.1.6-45.el5_11.x86_64.rpm php-snmp-5.1.6-45.el5_11.x86_64.rpm php-soap-5.1.6-45.el5_11.x86_64.rpm php-xml-5.1.6-45.el5_11.x86_64.rpm php-xmlrpc-5.1.6-45.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-3669 https://access.redhat.com/security/cve/CVE-2014-3670 https://access.redhat.com/security/cve/CVE-2014-8626 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUW69BXlSAg2UNWIIRApE2AJ9YPbx4drW+sJev92Qi3hHcRrehPwCfRmDT nocFezwvXgNrR+GDI9aBi8s=lIGO -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 06, 2014
•Important
Red Hat
91
security advisoryGentoocode executionGentoo: GLSA-201401-10 Moderate: libexif Arbitrary Code Execution
Multiple vulnerabilities have been found in libexif and exif, some of which may allow execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libexif, exif: Multiple vulnerabilities Date: January 19, 2014 Bugs: #426366 ID: 201401-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in libexif and exif, some of which may allow execution of arbitrary code. Background ========= libexif is a library for parsing, editing and saving Exif metadata from images. exif is a small command line interface for libexif. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libexif < 0.6.21 > = 0.6.21 2 media-gfx/exif < 0.6.21 > = 0.6.21 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in libexif and exif. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could entice a user to open a specially crafted image file using exif or an application linked against libexif, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All libexif users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/libexif-0.6.21" Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. All exif users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/exif-0.6.21" References ========= [ 1 ] CVE-2012-2812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2812 [ 2 ] CVE-2012-2813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2813 [ 3 ] CVE-2012-2814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2814 [ 4 ] CVE-2012-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2836 [ 5 ] CVE-2012-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2837 [ 6 ] CVE-2012-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2840 [ 7 ] CVE-2012-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2841 [ 8 ] CVE-2012-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2845 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201401-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 19, 2014
Gentoo
89
security advisorymoderateFedoraFedora Core 2 PHP 4.3.10-2.4 Moderate: Unserializer and Exif Parsing Fixes
This update includes the latest release of PHP 4.3, including fixes for security issues in the unserializer (CVE CAN-2004-1019), exif image parsing (CVE CAN-2004-1065), and form upload parsing (CVE CAN-2004-0958 and CAN-2004-0959).. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2004-567 2004-12-21 ---------------------------------------------------------------------Product : Fedora Core 2 Name : php Version : 4.3.10 Release : 2.4 Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. ---------------------------------------------------------------------Update Information: This update includes the latest release of PHP 4.3, including fixes for security issues in the unserializer (CVE CAN-2004-1019), exif image parsing (CVE CAN-2004-1065), and form upload parsing (CVE CAN-2004-0958 and CAN-2004-0959). ---------------------------------------------------------------------* Tue Dec 21 2004 Joe Orton 4.3.10-2.4 - update to 4.3.10 (#134973, #134976, #135631): * security fixes for CAN-2004-0958, CAN-2004-0959 * unserializer integer overflows, CAN-2004-1019 * exif image parsing overflow, CAN-2004-1065 - revert use of RTLD_GLOBAL in dlopen() calls (#127518) - add another FD_SETSIZE workaround (#125258) - revert upstream default php.ini changes since 4.3.8 - add libgd namespace fixes(#124530) ---------------------------------------------------------------------This update can be downloaded from: 38edfb5c4e7d80e48cad36edf9e913eb SRPMS/php-4.3.10-2.4.src.rpm a22bafc119a7797734e229822b06547e x86_64/php-4.3.10-2.4.x86_64.rpm 27783eff866e3bfdc21c7fd55f1ee074 x86_64/php-devel-4.3.10-2.4.x86_64.rpm 3a39de1daf5968d95fd448c9a8e828ac x86_64/php-pear-4.3.10-2.4.x86_64.rpm 57d065191d398e2bf5e7f120edb16b1a x86_64/php-imap-4.3.10-2.4.x86_64.rpm 455727fdab0cc5e663e17e49798390d7 x86_64/php-ldap-4.3.10-2.4.x86_64.rpm 92058f2eb9e69e7bcea782bd192b62d2 x86_64/php-mysql-4.3.10-2.4.x86_64.rpm b51a9e94030e181f818a9ffa13f9750e x86_64/php-pgsql-4.3.10-2.4.x86_64.rpm fe0955c89ccde1a7ea7262f63b1e19d1 x86_64/php-odbc-4.3.10-2.4.x86_64.rpm 534bee14e259752b34205f69fe1154fe x86_64/php-snmp-4.3.10-2.4.x86_64.rpm 2c8ce07785064953a6601ab87250db6a x86_64/php-domxml-4.3.10-2.4.x86_64.rpm da393f75760e8ffbf6112bfb71927c9f x86_64/php-xmlrpc-4.3.10-2.4.x86_64.rpm 66a25b26811a0283501bec4dda66025b x86_64/php-mbstring-4.3.10-2.4.x86_64.rpm 2d5a82279db93b080afef08cce548af8 x86_64/debug/php-debuginfo-4.3.10-2.4.x86_64.rpm 1b3ceb6fb4bb0bbd05c92aec1efad13a i386/php-4.3.10-2.4.i386.rpm 8f9685a4e87435eae2543ab0e70ae956 i386/php-devel-4.3.10-2.4.i386.rpm 56893f09067be4bab725e8b8de72f6b5 i386/php-pear-4.3.10-2.4.i386.rpm bed7a3018a037c024c35fc448ff426b9 i386/php-imap-4.3.10-2.4.i386.rpm 8ccab4ad5130bcb5718d8e449e712524 i386/php-ldap-4.3.10-2.4.i386.rpm 9a9b97820a029f693a6a14a83e017116 i386/php-mysql-4.3.10-2.4.i386.rpm 071e96181e24fca3a38b2a680cf1d5c0 i386/php-pgsql-4.3.10-2.4.i386.rpm 47d4beeb30cd032904341bbad9e9158f i386/php-odbc-4.3.10-2.4.i386.rpm 39cedd45d34ad1b2d85902169bed5b29 i386/php-snmp-4.3.10-2.4.i386.rpm 79f5b45c4176d46004c9118d459c83ae i386/php-domxml-4.3.10-2.4.i386.rpm f53752308cc7058ec829a21ebb9ea7d3 i386/php-xmlrpc-4.3.10-2.4.i386.rpm e151913faeecbeaf4e6549e03151e644 i386/php-mbstring-4.3.10-2.4.i386.rpm 63020b5ede3e55d1aeaf48365e2be374 i386/debug/php-debuginfo-4.3.10-2.4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- . Critical fixes for PHP 4.3 addressing unserializer and exif parsing vulnerabilities. Essential security update for Fedora Core.. Fedora PHP Update, PHP Security Fixes, Fedora Core Updates. . Severity: Important. LinuxSecurity.com Team
Dec 22, 2004
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!