Red Hat Security Advisory: php55-php security update
🔗 CVE IDs covered (21)
📋 Description
CVE-2014-0207 — file: cdf_read_short_sector insufficient boundary check CVE-2014-0237 — file: cdf_unpack_summary_info() excessive looping DoS CVE-2014-0238 — file: CDF property info parsing nelements infinite loop CVE-2014-2497 — gd: NULL pointer dereference in gdImageCreateFromXpm() CVE-2014-3478 — file: mconvert incorrect handling of truncated pascal string size CVE-2014-3479 — file: cdf_check_stream_offset insufficient boundary check CVE-2014-3480 — file: cdf_count_chain insufficient boundary check CVE-2014-3487 — file: cdf_read_property_info insufficient boundary check CVE-2014-3515 — php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw CVE-2014-3538 — file: unrestricted regular expression matching CVE-2014-3587 — file: incomplete fix for CVE-2012-1571 in cdf_read_property_info CVE-2014-3597 — php: multiple buffer over-reads in php_parserr CVE-2014-3668 — php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() CVE-2014-3669 — php: integer overflow in unserialize() CVE-2014-3670 — php: heap corruption issue in exif_thumbnail() CVE-2014-3710 — file: out-of-bounds read in elf note headers CVE-2014-4049 — php: heap-based buffer overflow in DNS TXT record parsing CVE-2014-4670 — php: SPL Iterators use-after-free CVE-2014-4698 — php: ArrayIterator use-after-free due to object change during sorting CVE-2014-4721 — php: type confusion issue in phpinfo() leading to information leak CVE-2014-5120 — php: gd extension NUL byte injection in file names
🔗 References (24)
- selfhttps://access.redhat.com/errata/RHSA-2014:1766
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1076676
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1091842
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1098155
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1098193
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1098222
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1104858
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1104863
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1104869
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1107544
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1108447
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1112154
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1116662
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1120259
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1120266
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1128587
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1132589
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1132793
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1154500
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1154502
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1154503
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1155071
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1766.json