Mandriva Linux Security Advisory 2015-080 - Multiple vulnerabilities have been discovered and corrected in php.
c10e025ba97f4a2c50f16a7bf42fdd55255bca05fae063bbdc4d60c7452dc956Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.
362757b3bfd3a6b631b51131cc90b35f3677fc1a047df1d9dd2a1a227704367bApple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.
4e7c77251432e1559177fbfc860df8439663744f27a763ac3194f1ebdf0e44e0Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.
603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1Gentoo Linux Security Advisory 201408-8 - A vulnerability in file could result in Denial of Service. Versions less than 5.15 are affected.
0142ad27148e5ac6699d382c815155e6f2bc50d4ef090fea10e1dcdb1eff30b8Red Hat Security Advisory 2014-1013-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU. Multiple denial of service flaws were found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file.
5865809d0cc205eb897e11d94093aa0f109e69c05fcb2d9fc3a008f62752e332Ubuntu Security Notice 2278-1 - Mike Frysinger discovered that the file awk script detector used multiple wildcard with unlimited repetitions. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. Francisco Alonso discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Various other issues were also addressed.
fd91d89c0e0f45a391afcd59751756bc137092d30677dcd44fab7511dbf1a997FreeBSD Security Advisory - The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. A malicious input file could trigger infinite recursion in libmagic(3). A specifically crafted Portable Executable (PE) can trigger out-of-bounds read.
55cc6eeed758a444fa53fb8b127508d97e88a58406f30d111d81e9ff1df57c77Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
c688410c854937e1a43a107261fcbb759d55218a6cd9f726b13c94f1a629dc79Mandriva Linux Security Advisory 2014-075 - The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. The updated php packages have been upgraded to the 5.5.11 version which is not vulnerable to this issue. Also, the timezonedb PHP PECL module has been updated to the latest 2014.2 version. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.11.
fb595704bf1a5db31728a370c03ddaa66c97a87c0e1c5e51815a3c50c8d74b66Mandriva Linux Security Advisory 2014-073 - The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
3a942a72f3bb0e2d469def4623994ff2661f53ca7af93d0cf0a7bda17e0e2da7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed