Oval Definition:oval:com.redhat.rhsa:def:20141824
Revision Date:2014-11-06Version:637
Title:RHSA-2014:1824: php security update (Important)
Description:PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

  • A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670)

  • A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626)

  • An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669)

    All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2014-3669
    CVE-2014-3670
    CVE-2014-8626
    RHSA-2014:1824
    RHSA-2014:1824-00
    RHSA-2014:1824-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • php is earlier than 0:5.1.6-45.el5_11
  • AND php is signed with Red Hat redhatrelease2 key
  • php-bcmath is earlier than 0:5.1.6-45.el5_11
  • AND php-bcmath is signed with Red Hat redhatrelease2 key
  • php-cli is earlier than 0:5.1.6-45.el5_11
  • AND php-cli is signed with Red Hat redhatrelease2 key
  • php-common is earlier than 0:5.1.6-45.el5_11
  • AND php-common is signed with Red Hat redhatrelease2 key
  • php-dba is earlier than 0:5.1.6-45.el5_11
  • AND php-dba is signed with Red Hat redhatrelease2 key
  • php-devel is earlier than 0:5.1.6-45.el5_11
  • AND php-devel is signed with Red Hat redhatrelease2 key
  • php-gd is earlier than 0:5.1.6-45.el5_11
  • AND php-gd is signed with Red Hat redhatrelease2 key
  • php-imap is earlier than 0:5.1.6-45.el5_11
  • AND php-imap is signed with Red Hat redhatrelease2 key
  • php-ldap is earlier than 0:5.1.6-45.el5_11
  • AND php-ldap is signed with Red Hat redhatrelease2 key
  • php-mbstring is earlier than 0:5.1.6-45.el5_11
  • AND php-mbstring is signed with Red Hat redhatrelease2 key
  • php-mysql is earlier than 0:5.1.6-45.el5_11
  • AND php-mysql is signed with Red Hat redhatrelease2 key
  • php-ncurses is earlier than 0:5.1.6-45.el5_11
  • AND php-ncurses is signed with Red Hat redhatrelease2 key
  • php-odbc is earlier than 0:5.1.6-45.el5_11
  • AND php-odbc is signed with Red Hat redhatrelease2 key
  • php-pdo is earlier than 0:5.1.6-45.el5_11
  • AND php-pdo is signed with Red Hat redhatrelease2 key
  • php-pgsql is earlier than 0:5.1.6-45.el5_11
  • AND php-pgsql is signed with Red Hat redhatrelease2 key
  • php-snmp is earlier than 0:5.1.6-45.el5_11
  • AND php-snmp is signed with Red Hat redhatrelease2 key
  • php-soap is earlier than 0:5.1.6-45.el5_11
  • AND php-soap is signed with Red Hat redhatrelease2 key
  • php-xml is earlier than 0:5.1.6-45.el5_11
  • AND php-xml is signed with Red Hat redhatrelease2 key
  • php-xmlrpc is earlier than 0:5.1.6-45.el5_11
  • AND php-xmlrpc is signed with Red Hat redhatrelease2 key
    • BACK