Oval Definition:oval:org.mitre.oval:def:21094
Revision Date:2014-06-30Version:67
Title:RHSA-2013:1814: php security update (Critical)
Description:The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2013:1814
CVE-2011-1398
CVE-2012-2688
CVE-2013-1643
CVE-2013-6420
RHSA-2013:1814-00
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Product(s):php
Definition Synopsis
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • php-common is earlier than 0:5.1.6-43.el5_10
  • OR php-odbc is earlier than 0:5.1.6-43.el5_10
  • OR php-snmp is earlier than 0:5.1.6-43.el5_10
  • OR php-mysql is earlier than 0:5.1.6-43.el5_10
  • OR php-dba is earlier than 0:5.1.6-43.el5_10
  • OR php-devel is earlier than 0:5.1.6-43.el5_10
  • OR php-gd is earlier than 0:5.1.6-43.el5_10
  • OR php-bcmath is earlier than 0:5.1.6-43.el5_10
  • OR php-xmlrpc is earlier than 0:5.1.6-43.el5_10
  • OR php-ncurses is earlier than 0:5.1.6-43.el5_10
  • OR php-pgsql is earlier than 0:5.1.6-43.el5_10
  • OR php-cli is earlier than 0:5.1.6-43.el5_10
  • OR php is earlier than 0:5.1.6-43.el5_10
  • OR php-imap is earlier than 0:5.1.6-43.el5_10
  • OR php-pdo is earlier than 0:5.1.6-43.el5_10
  • OR php-mbstring is earlier than 0:5.1.6-43.el5_10
  • OR php-xml is earlier than 0:5.1.6-43.el5_10
  • OR php-ldap is earlier than 0:5.1.6-43.el5_10
  • OR php-soap is earlier than 0:5.1.6-43.el5_10
    • BACK