Mandriva Linux Security Advisory 2015-080 - Multiple vulnerabilities have been discovered and corrected in php.
c10e025ba97f4a2c50f16a7bf42fdd55255bca05fae063bbdc4d60c7452dc956Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.
362757b3bfd3a6b631b51131cc90b35f3677fc1a047df1d9dd2a1a227704367bRed Hat Security Advisory 2014-1606-02 - The "file" command is used to identify a particular file according to the type of data contained in the file. The command can identify various file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file.
abe0ed469d7ae83d0ad40aebd791f00a02439feaa1060a6f6cfecd1c3806dafeApple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.
4e7c77251432e1559177fbfc860df8439663744f27a763ac3194f1ebdf0e44e0Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.
603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1Red Hat Security Advisory 2014-1012-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. Two denial of service flaws were found in the way the File Information extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.
75d69ed5db0c26d8fff244ccb4d6071a528c9b06c9770c22a68c4d391a8305a7FreeBSD Security Advisory - The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. A malicious input file could trigger infinite recursion in libmagic(3). A specifically crafted Portable Executable (PE) can trigger out-of-bounds read.
55cc6eeed758a444fa53fb8b127508d97e88a58406f30d111d81e9ff1df57c77Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
0bb971d1fe276939429c0efeedf4fb567d9869a86ce545903ed51c3087b43ab6Mandriva Linux Security Advisory 2014-059 - Multiple vulnerabilities has been discovered and corrected in php. The updated php packages have been upgraded to the 5.5.10 version which is not vulnerable to these issues. The php-xdebug packages has been upgraded to the latest 2.2.4 version that resolves numerous upstream bugs. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.10.
95c04b7ba4395c3bf7ec869d0de9031560db76b9670d4e9962e9d49806fd0456Gentoo Linux Security Advisory 201403-3 - A vulnerability in file could result in Denial of Service. Versions less than 5.17 are affected.
7238fceca009d282fe24eef40c5d8ba46f30cc8ead687650a72876e6c883ae2dMandriva Linux Security Advisory 2014-051 - It was discovered that file before 5.17 contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. Additionally, other well-crafted files might result in long computation times and overlong results. A flaw was found in the way the file utility determined the type of Portable Executable format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code. A memory leak in file has also been fixed. The affected packages have been upgraded to the 5.12 version and patched to correct these flaws.
279824ee2cc767c988c6f20272e49c97a4ed11a71b33721f4a621432894306b0Debian Linux Security Advisory 2868-1 - It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results.
16d86ac3902e25715484eb1f631a6288c8a627b11fbb80a7d56c3e4c0d3132f8Ubuntu Security Notice 2126-1 - Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. It was discovered that PHP incorrectly handled certain values when using the imagecrop function. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.
9a5ab283b9e55f400a4b88d11cf1323ae8f64e35c58bab2a1495db996de123ceUbuntu Security Notice 2123-1 - It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Bernd Melchers discovered that file incorrectly handled indirect offset values. An attacker could use this issue to cause file to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.
c15cd48bc8b2799f13c365755252a2482623291ddeebb7c5be3f90af4ec34e10Debian Linux Security Advisory 2861-1 - It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results.
ba2d4742d86e1523c1ae2d5dddb4735ff294e3ccbb690646000820894c4b5493
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed