Oval Definition:oval:org.mitre.oval:def:23947
Revision Date:2014-07-21Version:14
Title:ELSA-2014:0311: php security update (Critical)
Description:Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2006-7243
CVE-2009-0689
ELSA-2014:0311-00
Platform(s):Oracle Linux 5
Product(s):php
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • php-devel is earlier than 0:5.1.6-44.el5_10
  • OR php-xmlrpc is earlier than 0:5.1.6-44.el5_10
  • OR php-bcmath is earlier than 0:5.1.6-44.el5_10
  • OR php-cli is earlier than 0:5.1.6-44.el5_10
  • OR php-gd is earlier than 0:5.1.6-44.el5_10
  • OR php-xml is earlier than 0:5.1.6-44.el5_10
  • OR php-mbstring is earlier than 0:5.1.6-44.el5_10
  • OR php is earlier than 0:5.1.6-44.el5_10
  • OR php-pdo is earlier than 0:5.1.6-44.el5_10
  • OR php-imap is earlier than 0:5.1.6-44.el5_10
  • OR php-pgsql is earlier than 0:5.1.6-44.el5_10
  • OR php-ldap is earlier than 0:5.1.6-44.el5_10
  • OR php-soap is earlier than 0:5.1.6-44.el5_10
  • OR php-ncurses is earlier than 0:5.1.6-44.el5_10
  • OR php-common is earlier than 0:5.1.6-44.el5_10
  • OR php-snmp is earlier than 0:5.1.6-44.el5_10
  • OR php-dba is earlier than 0:5.1.6-44.el5_10
  • OR php-odbc is earlier than 0:5.1.6-44.el5_10
  • OR php-mysql is earlier than 0:5.1.6-44.el5_10
    • BACK