Stay Secure with the Latest Linux Advisories

security advisorybuffer overflowsoftware update

SUSE: 2014:0873-2 Critical Update: PHP5 Buffer Overflow Security Patch

An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. It includes one version update. It includes one version update.. SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0873-2 Rating: important References: #837746 #854880 #868624 #882992 Cross-References: CVE-2013-4248 CVE-2013-6420 CVE-2014-2497 CVE-2014-4049 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: PHP5 has been updated to fix four security vulnerabilities: * Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049) * Heap based buffer overflow in time handling in openssl_x509_parse (CVE-2013-6420) * Man in the Middle attack in the the openssl_x509_parse due to lack of \0 handling (CVE-2013-4248) * NULL pointer dereference in GD XPM decoder (CVE-2014-2497) Security Issues: * CVE-2014-4049 * CVE-2013-6420 * CVE-2013-4248 * CVE-2014-2497 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-apache2-mod_php5-9420 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.54.1 php5-5.2.14-0.7.30.54.1 php5-bcmath-5.2.14-0.7.30.54.1 php5-bz2-5.2.14-0.7.30.54.1 php5-calendar-5.2.14-0.7.30.54.1 php5-ctype-5.2.14-0.7.30.54.1 php5-curl-5.2.14-0.7.30.54.1 php5-dba-5.2.14-0.7.30.54.1 php5-dbase-5.2.14-0.7.30.54.1 php5-dom-5.2.14-0.7.30.54.1 php5-exif-5.2.14-0.7.30.54.1 php5-fastcgi-5.2.14-0.7.30.54.1 php5-ftp-5.2.14-0.7.30.54.1 php5-gd-5.2.14-0.7.30.54.1 php5-gettext-5.2.14-0.7.30.54.1 php5-gmp-5.2.14-0.7.30.54.1 php5-hash-5.2.14-0.7.30.54.1 php5-iconv-5.2.14-0.7.30.54.1 php5-json-5.2.14-0.7.30.54.1 php5-ldap-5.2.14-0.7.30.54.1 php5-mbstring-5.2.14-0.7.30.54.1 php5-mcrypt-5.2.14-0.7.30.54.1 php5-mysql-5.2.14-0.7.30.54.1 php5-odbc-5.2.14-0.7.30.54.1 php5-openssl-5.2.14-0.7.30.54.1 php5-pcntl-5.2.14-0.7.30.54.1 php5-pdo-5.2.14-0.7.30.54.1 php5-pear-5.2.14-0.7.30.54.1 php5-pgsql-5.2.14-0.7.30.54.1 php5-pspell-5.2.14-0.7.30.54.1 php5-shmop-5.2.14-0.7.30.54.1 php5-snmp-5.2.14-0.7.30.54.1 php5-soap-5.2.14-0.7.30.54.1 php5-suhosin-5.2.14-0.7.30.54.1 php5-sysvmsg-5.2.14-0.7.30.54.1 php5-sysvsem-5.2.14-0.7.30.54.1 php5-sysvshm-5.2.14-0.7.30.54.1 php5-tokenizer-5.2.14-0.7.30.54.1 php5-wddx-5.2.14-0.7.30.54.1 php5-xmlreader-5.2.14-0.7.30.54.1 php5-xmlrpc-5.2.14-0.7.30.54.1 php5-xmlwriter-5.2.14-0.7.30.54.1 php5-xsl-5.2.14-0.7.30.54.1 php5-zip-5.2.14-0.7.30.54.1 php5-zlib-5.2.14-0.7.30.54.1 References: https://www.suse.com/security/cve/CVE-2013-4248.html https://www.suse.com/security/cve/CVE-2013-6420.html https://www.suse.com/security/cve/CVE-2014-2497.html https://www.suse.com/security/cve/CVE-2014-4049.html https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://login.microfocus.com/nidp/app/login?sid=0 https://scc.suse.com:443/patches/ . PHP5 security patch from SUSE addresses critical flaws impactingreliability and efficiency. Ensure you update your systems promptly!. SUSE PHP5 Security Update, Buffer Overflow Fix, Crucial System Patching. . Severity: Important. LinuxSecurity.com Team

Jul 07, 2014 •Important SuSE