User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0283 (php)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0283: Updated php packages fix multiple vulnerabilities
Date:  Wed, 9 Jul 2014 00:29:33 +0200
Message-ID:  <20140708222933.E8F3859BE2@valstar.mageia.org>

MGASA-2014-0283 - Updated php packages fix multiple vulnerabilities Publication date: 08 Jul 2014 URL: http://advisories.mageia.org/MGASA-2014-0283.html Type: security Affected Mageia releases: 3 CVE: CVE-2014-0207, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4049, CVE-2014-4721 Description: Updated php packages fix security vulnerabilities: The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types (CVE-2014-3515). It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query (CVE-2014-4049). A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478). Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487). PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to this issue. It has been updated to versions 5.4.30 and 5.5.14, which fix this issue and several other bugs. Also, PHP contains a bundled copy of the GD image library, and has been patched to correct an issue in the imagecreatefromxpm function which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file (CVE-2014-2497). The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory (CVE-2014-4721). Additionally, php-apc has been rebuilt against the updated php packages. References: - http://www.php.net/archive/2014.php#id2014-06-26-1 - http://www.php.net/ChangeLog-5.php#5.4.30 - https://bugs.mageia.org/show_bug.cgi?id=13532 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721 SRPMS: - 3/core/php-5.4.30-1.mga3 - 3/core/php-apc-3.1.14-7.10.mga3 - 3/core/php-gd-bundled-5.4.30-1.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds