php: code execution [LWN.net]

Package(s):

php

CVE #(s):

CVE-2013-4113

Created:

July 15, 2013

Updated:

July 23, 2013

Description:

From the Red Hat advisory:

A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter.

Alerts:

Red Hat	RHSA-2013:1049-01	2013-07-12
Red Hat	RHSA-2013:1050-01	2013-07-12
CentOS	CESA-2013:1049	2013-07-12
CentOS	CESA-2013:1049	2013-07-12
CentOS	CESA-2013:1050	2013-07-12
Mandriva	MDVSA-2013:195	2013-07-15
Oracle	ELSA-2013-1049	2013-07-12
Oracle	ELSA-2013-1049	2013-07-13
Oracle	ELSA-2013-1050	2013-07-13
Scientific Linux	SL-php-20130712	2013-07-12
Scientific Linux	SL-php5-20130712	2013-07-12
Red Hat	RHSA-2013:1061-01	2013-07-15
Red Hat	RHSA-2013:1063-01	2013-07-15
Red Hat	RHSA-2013:1062-01	2013-07-15
Ubuntu	USN-1905-1	2013-07-16
Slackware	SSA:2013-197-01	2013-07-16
Debian	DSA-2723-1	2013-07-17
Fedora	FEDORA-2013-12977	2013-07-18
Mageia	MGASA-2013-0216	2013-07-18
Fedora	FEDORA-2013-12315	2013-07-23
Fedora	FEDORA-2013-12354	2013-07-23
Oracle	ELSA-2013-1063	2013-07-22
openSUSE	openSUSE-SU-2013:1249-1	2013-07-24
SUSE	SUSE-SU-2013:1285-1	2013-08-01
SUSE	SUSE-SU-2013:1315-1	2013-08-09
SUSE	SUSE-SU-2013:1316-1	2013-08-09
SUSE	SUSE-SU-2013:1285-2	2013-08-09
SUSE	SUSE-SU-2013:1317-1	2013-08-09
SUSE	SUSE-SU-2013:1351-1	2013-08-16
Oracle	ELSA-2013-1307	2013-10-02

(Log in to post comments)