|
|
Log in / Subscribe / Register

Oracle alert ELSA-2014-1013 (php)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2014-1013 Moderate: Oracle Linux 7 php security	update 


Date:
    	      Wed, 06 Aug 2014 08:54:42 -0700


Message-ID:
    	      <53E24FC2.9090300@oracle.com>


Oracle Linux Security Advisory ELSA-2014-1013

https://access.redhat.com/errata/RHSA-2014:1013.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
php-5.4.16-23.el7_0.x86_64.rpm
php-bcmath-5.4.16-23.el7_0.x86_64.rpm
php-cli-5.4.16-23.el7_0.x86_64.rpm
php-common-5.4.16-23.el7_0.x86_64.rpm
php-dba-5.4.16-23.el7_0.x86_64.rpm
php-devel-5.4.16-23.el7_0.x86_64.rpm
php-embedded-5.4.16-23.el7_0.x86_64.rpm
php-enchant-5.4.16-23.el7_0.x86_64.rpm
php-fpm-5.4.16-23.el7_0.x86_64.rpm
php-gd-5.4.16-23.el7_0.x86_64.rpm
php-intl-5.4.16-23.el7_0.x86_64.rpm
php-ldap-5.4.16-23.el7_0.x86_64.rpm
php-mbstring-5.4.16-23.el7_0.x86_64.rpm
php-mysql-5.4.16-23.el7_0.x86_64.rpm
php-mysqlnd-5.4.16-23.el7_0.x86_64.rpm
php-odbc-5.4.16-23.el7_0.x86_64.rpm
php-pdo-5.4.16-23.el7_0.x86_64.rpm
php-pgsql-5.4.16-23.el7_0.x86_64.rpm
php-process-5.4.16-23.el7_0.x86_64.rpm
php-pspell-5.4.16-23.el7_0.x86_64.rpm
php-recode-5.4.16-23.el7_0.x86_64.rpm
php-snmp-5.4.16-23.el7_0.x86_64.rpm
php-soap-5.4.16-23.el7_0.x86_64.rpm
php-xml-5.4.16-23.el7_0.x86_64.rpm
php-xmlrpc-5.4.16-23.el7_0.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/php-5.4.16-23.el7...


Description of changes:

[5.4.16-23]
- fileinfo: cdf_unpack_summary_info() excessive looping
   DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
   loop. CVE-2014-0238
- fileinfo: cdf_check_stream_offset insufficient boundary
   check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check
   CVE-2014-3480
- fileinfo: cdf_read_short_sector insufficient boundary
   check. CVE-2014-0207
- fileinfo: cdf_read_property_info insufficient boundary
   check. CVE-2014-3487
- fileinfo: fix extensive backtracking CVE-2013-7345
- core: type confusion issue in phpinfo(). CVE-2014-4721
- core: fix heap-based buffer overflow in DNS TXT record
   parsing. CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage
   type confusion flaw. CVE-2014-3515



_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds