SCIENTIFIC-LINUX-ERRATA Archives

December 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Critical: php on SL5.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 11 Dec 2013 15:58:50 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (83 lines) 
Synopsis:          Critical: php security update
Advisory ID:       SLSA-2013:1814-1
Issue Date:        2013-12-11
CVE Numbers:       CVE-2012-2688
                   CVE-2011-1398
                   CVE-2013-1643
                   CVE-2013-6420
--

A memory corruption flaw was found in the way the openssl_x509_parse()
function of the PHP openssl extension parsed X.509 certificates. A remote
attacker could use this flaw to provide a malicious self-signed
certificate or a certificate signed by a trusted authority to a PHP
application using the aforementioned function, causing the application to
crash or, possibly, allow the attacker to execute arbitrary code with the
privileges of the user running the PHP interpreter. (CVE-2013-6420)

It was found that PHP did not check for carriage returns in HTTP headers,
allowing intended HTTP response splitting protections to be bypassed.
Depending on the web browser the victim is using, a remote attacker could
use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)

An integer signedness issue, leading to a heap-based buffer underflow, was
found in the PHP scandir() function. If a remote attacker could upload an
excessively large number of files to a directory the scandir() function
runs on, it could cause the PHP interpreter to crash or, possibly, execute
arbitrary code. (CVE-2012-2688)

It was found that the PHP SOAP parser allowed the expansion of external
XML entities during SOAP message parsing. A remote attacker could possibly
use this flaw to read arbitrary files that are accessible to a PHP
application using a SOAP extension. (CVE-2013-1643)

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
--

SL5
  x86_64
    php-5.1.6-43.el5_10.x86_64.rpm
    php-bcmath-5.1.6-43.el5_10.x86_64.rpm
    php-cli-5.1.6-43.el5_10.x86_64.rpm
    php-common-5.1.6-43.el5_10.x86_64.rpm
    php-dba-5.1.6-43.el5_10.x86_64.rpm
    php-debuginfo-5.1.6-43.el5_10.x86_64.rpm
    php-devel-5.1.6-43.el5_10.x86_64.rpm
    php-gd-5.1.6-43.el5_10.x86_64.rpm
    php-imap-5.1.6-43.el5_10.x86_64.rpm
    php-ldap-5.1.6-43.el5_10.x86_64.rpm
    php-mbstring-5.1.6-43.el5_10.x86_64.rpm
    php-mysql-5.1.6-43.el5_10.x86_64.rpm
    php-ncurses-5.1.6-43.el5_10.x86_64.rpm
    php-odbc-5.1.6-43.el5_10.x86_64.rpm
    php-pdo-5.1.6-43.el5_10.x86_64.rpm
    php-pgsql-5.1.6-43.el5_10.x86_64.rpm
    php-snmp-5.1.6-43.el5_10.x86_64.rpm
    php-soap-5.1.6-43.el5_10.x86_64.rpm
    php-xml-5.1.6-43.el5_10.x86_64.rpm
    php-xmlrpc-5.1.6-43.el5_10.x86_64.rpm
  i386
    php-5.1.6-43.el5_10.i386.rpm
    php-bcmath-5.1.6-43.el5_10.i386.rpm
    php-cli-5.1.6-43.el5_10.i386.rpm
    php-common-5.1.6-43.el5_10.i386.rpm
    php-dba-5.1.6-43.el5_10.i386.rpm
    php-debuginfo-5.1.6-43.el5_10.i386.rpm
    php-devel-5.1.6-43.el5_10.i386.rpm
    php-gd-5.1.6-43.el5_10.i386.rpm
    php-imap-5.1.6-43.el5_10.i386.rpm
    php-ldap-5.1.6-43.el5_10.i386.rpm
    php-mbstring-5.1.6-43.el5_10.i386.rpm
    php-mysql-5.1.6-43.el5_10.i386.rpm
    php-ncurses-5.1.6-43.el5_10.i386.rpm
    php-odbc-5.1.6-43.el5_10.i386.rpm
    php-pdo-5.1.6-43.el5_10.i386.rpm
    php-pgsql-5.1.6-43.el5_10.i386.rpm
    php-snmp-5.1.6-43.el5_10.i386.rpm
    php-soap-5.1.6-43.el5_10.i386.rpm
    php-xml-5.1.6-43.el5_10.i386.rpm
    php-xmlrpc-5.1.6-43.el5_10.i386.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2