Mandriva Linux Security Advisory 2015-080 - Multiple vulnerabilities have been discovered and corrected in php.
c10e025ba97f4a2c50f16a7bf42fdd55255bca05fae063bbdc4d60c7452dc956Gentoo Linux Security Advisory 201503-8 - Vulnerabilities in file could allow a context-dependent attack to create a Denial of Service condition. Versions less than 5.22 are affected.
ead380517caeb1d470c125f906392d70fc04b69f3f20901f9d95e08e43889470Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.
362757b3bfd3a6b631b51131cc90b35f3677fc1a047df1d9dd2a1a227704367bRed Hat Security Advisory 2014-1606-02 - The "file" command is used to identify a particular file according to the type of data contained in the file. The command can identify various file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file.
abe0ed469d7ae83d0ad40aebd791f00a02439feaa1060a6f6cfecd1c3806dafeApple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.
4e7c77251432e1559177fbfc860df8439663744f27a763ac3194f1ebdf0e44e0Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.
603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1Red Hat Security Advisory 2014-1012-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. Two denial of service flaws were found in the way the File Information extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.
75d69ed5db0c26d8fff244ccb4d6071a528c9b06c9770c22a68c4d391a8305a7FreeBSD Security Advisory - The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. A malicious input file could trigger infinite recursion in libmagic(3). A specifically crafted Portable Executable (PE) can trigger out-of-bounds read.
55cc6eeed758a444fa53fb8b127508d97e88a58406f30d111d81e9ff1df57c77Debian Linux Security Advisory 2943-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
14ceb25eecc0ebf2b0e99e958e18bd4f806ab39310e6a3cccdc09f253ced106dUbuntu Security Notice 2163-1 - It was discovered that PHP's embedded libmagic library incorrectly handled PE executables. An attacker could use this issue to cause PHP to crash, resulting in a denial of service.
0d091488d02a2ca4f7952cb6422ce82ecaf309d9b79a81b19e91969a3b2faf20Ubuntu Security Notice 2162-1 - It was discovered that file incorrectly handled PE executable files. An attacker could use this issue to cause file to crash, resulting in a denial of service.
b4dd95e2b702ef1f1d6c8585d60662427e21c67c1030d55acf046c239cb3f865Mandriva Linux Security Advisory 2014-059 - Multiple vulnerabilities has been discovered and corrected in php. The updated php packages have been upgraded to the 5.5.10 version which is not vulnerable to these issues. The php-xdebug packages has been upgraded to the latest 2.2.4 version that resolves numerous upstream bugs. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.10.
95c04b7ba4395c3bf7ec869d0de9031560db76b9670d4e9962e9d49806fd0456Mandriva Linux Security Advisory 2014-051 - It was discovered that file before 5.17 contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. Additionally, other well-crafted files might result in long computation times and overlong results. A flaw was found in the way the file utility determined the type of Portable Executable format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code. A memory leak in file has also been fixed. The affected packages have been upgraded to the 5.12 version and patched to correct these flaws.
279824ee2cc767c988c6f20272e49c97a4ed11a71b33721f4a621432894306b0Debian Linux Security Advisory 2873-1 - Several vulnerabilities have been found in file, a file type classification tool.
c2bf451d0b46c8fcb229f218a01ef4754b2b29f78fd5d1334ba90adc167e6302
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed