Details of VAR-201311-0379

ID

VAR-201311-0379

CVE

CVE-2013-6712

TITLE

PHP of ext/date/lib/parse_iso_intervals.c of scan Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005322

DESCRIPTION

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. PHP is prone to a denial-of-service vulnerability due to a heap-based buffer over-read error. Successful exploits will allow attackers to cause a denial of service condition. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in the 'scan' function in the ext/date/lib/parse_iso_intervals.c file in PHP 5.5.6 and earlier versions. The vulnerability is caused by the program not properly restricting the creation of DateInterval objects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: August 29, 2014 Bugs: #459904, #472204, #472558, #474656, #476570, #481004, #483212, #485252, #492784, #493982, #501312, #503630, #503670, #505172, #505712, #509132, #512288, #512492, #513032, #516994, #519932, #520134, #520438 ID: 201408-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.5.16 >= 5.5.16 *>= 5.4.32 *>= 5.3.29 Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.16" All PHP 5.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.32" All PHP 5.3 users should upgrade to the latest version. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively. # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29" References ========== [ 1 ] CVE-2011-4718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718 [ 2 ] CVE-2013-1635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635 [ 3 ] CVE-2013-1643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643 [ 4 ] CVE-2013-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824 [ 5 ] CVE-2013-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110 [ 6 ] CVE-2013-3735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735 [ 7 ] CVE-2013-4113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113 [ 8 ] CVE-2013-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248 [ 9 ] CVE-2013-4635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635 [ 10 ] CVE-2013-4636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636 [ 11 ] CVE-2013-6420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420 [ 12 ] CVE-2013-6712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712 [ 13 ] CVE-2013-7226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226 [ 14 ] CVE-2013-7327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327 [ 15 ] CVE-2013-7345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345 [ 16 ] CVE-2014-0185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185 [ 17 ] CVE-2014-0237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237 [ 18 ] CVE-2014-0238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238 [ 19 ] CVE-2014-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943 [ 20 ] CVE-2014-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270 [ 21 ] CVE-2014-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497 [ 22 ] CVE-2014-3597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597 [ 23 ] CVE-2014-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981 [ 24 ] CVE-2014-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049 [ 25 ] CVE-2014-4670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670 [ 26 ] CVE-2014-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Additionally, the PECL packages which requires so has been rebuilt for php-5.5.8 and some has been upgraded to their latest versions. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712 http://www.php.net/ChangeLog-5.php#5.5.8 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 6cbe3c3e54feb911f830a84798cba59b mbs1/x86_64/apache-mod_php-5.5.8-1.mbs1.x86_64.rpm a10aeb6dd4d85ab4c45b7acb3a080bf1 mbs1/x86_64/lib64json2-0.11-1.mbs1.x86_64.rpm e661a00b2ea0b360f73c32c633a5665b mbs1/x86_64/lib64json-devel-0.11-1.mbs1.x86_64.rpm b7938d352e62b7679b55c874e06fbe33 mbs1/x86_64/lib64mbfl1-1.2.0-1.mbs1.x86_64.rpm 9b84b48d9b2a18e048e1c40c786fc3d5 mbs1/x86_64/lib64mbfl-devel-1.2.0-1.mbs1.x86_64.rpm 7d4766a2eb0dd7048917eec2e1f9461f mbs1/x86_64/lib64php5_common5-5.5.8-1.mbs1.x86_64.rpm a6a17628ec5c2528b42d0308b44b8602 mbs1/x86_64/php-amf-0.9.2-10.1.mbs1.x86_64.rpm f47775a96d510872e93af788c942eb0d mbs1/x86_64/php-apacheaccessor-1.0.1-1.mbs1.x86_64.rpm 61c55f41ddc362a27b0d622fd72f832b mbs1/x86_64/php-apc-3.1.15-1.2.mbs1.x86_64.rpm 23e851dddb7a7e036eab0bbe753d22fc mbs1/x86_64/php-apc-admin-3.1.15-1.2.mbs1.x86_64.rpm 59f6774136e76c82ea13566c73ff5579 mbs1/x86_64/php-apm-1.1.0-1RC2.mbs1.x86_64.rpm 41f2071c87dc54edd1b35eb3b050523d mbs1/x86_64/php-archive-0.2-22.1.mbs1.x86_64.rpm 6eea5350fd29e56ab3c6530fd4a8eb2d mbs1/x86_64/php-auth_nds-2.2.6-28.1.mbs1.x86_64.rpm 09769fd2f27af4498679488463d4f0d0 mbs1/x86_64/php-bbcode-1.0.3-0.0.b1.5.mbs1.x86_64.rpm 046aade243a8dfbb4ae5235333404450 mbs1/x86_64/php-bcmath-5.5.8-1.mbs1.x86_64.rpm d41522e2a71180202c9ea965ab8bb87d mbs1/x86_64/php-bcompiler-1.0.2-3.1.mbs1.x86_64.rpm 22108d55173d81e808601cac8da19528 mbs1/x86_64/php-bitset-2.0-1.mbs1.x86_64.rpm 60a5774e783dc9410a3abecd25567242 mbs1/x86_64/php-bloomy-0.1.0-11.1.mbs1.x86_64.rpm bf678b9a204be1b978643122de681fa8 mbs1/x86_64/php-braille-0.1.1-1.mbs1.x86_64.rpm bb70b7e885f18b80db1ee6738ce3be50 mbs1/x86_64/php-bz2-5.5.8-1.mbs1.x86_64.rpm 6d44169948606477f69f70f7ad578f53 mbs1/x86_64/php-cairo-0.3.2-1.mbs1.x86_64.rpm 163f88e5a8527945410c21717dc0c523 mbs1/x86_64/php-cairo_wrapper-0.2.4-12.1.mbs1.x86_64.rpm bbfb9602746185c2ccee545bda5cea1b mbs1/x86_64/php-calendar-5.5.8-1.mbs1.x86_64.rpm 6cd3f73d40196e91b3d5b0d115fd2781 mbs1/x86_64/php-cgi-5.5.8-1.mbs1.x86_64.rpm 303f2b6bd21379576c64e9babe78b5a4 mbs1/x86_64/php-cli-5.5.8-1.mbs1.x86_64.rpm 1b986fc42ec86b34203557515332cbcb mbs1/x86_64/php-courierauth-0.1.0-26.1.mbs1.x86_64.rpm a451399cac0d1eb96c02b82c3682bacb mbs1/x86_64/php-ctype-5.5.8-1.mbs1.x86_64.rpm fff5e8e41e8d91ba8f45dc2c2e09de3e mbs1/x86_64/php-curl-5.5.8-1.mbs1.x86_64.rpm 9d8d29b7e05ecdb5b209c5f3e9ea11ef mbs1/x86_64/php-cyrus-1.0-30.1.mbs1.x86_64.rpm be02c96797fe3505035103a28a646650 mbs1/x86_64/php-dav-1.2-4.1.mbs1.x86_64.rpm b1d13d3740cd6d6c80b4ea9f6deccb1f mbs1/x86_64/php-dba-5.5.8-1.mbs1.x86_64.rpm 0c1f23ac85aa3da6731cb50877f4933e mbs1/x86_64/php-dbase-5.0.1-3.1.mbs1.x86_64.rpm 90a56987be11920d4bd5e435e92dd07e mbs1/x86_64/php-dbx-1.1.2-3.1.mbs1.x86_64.rpm f2924a0354eb16c217b5f7ae073df1e7 mbs1/x86_64/php-devel-5.5.8-1.mbs1.x86_64.rpm 92a8332882a805d53823f0c950de0d95 mbs1/x86_64/php-dio-0.0.7-1.mbs1.x86_64.rpm 18e14cc713ce4e782d3378a6b50739d7 mbs1/x86_64/php-doc-5.5.8-1.mbs1.noarch.rpm 19fe234353968902a9095dac4fd4914b mbs1/x86_64/php-dom-5.5.8-1.mbs1.x86_64.rpm 3f86006633057b7819cb7ff0109d8bc3 mbs1/x86_64/php-doublemetaphone-1.0.0-1.mbs1.x86_64.rpm 1c9d18a83bb590cc398de98529619fbe mbs1/x86_64/php-drizzle-0.4.2-8.1.mbs1.x86_64.rpm 681f9d0f04e86b10bcdab85e8ab46646 mbs1/x86_64/php-enchant-5.5.8-1.mbs1.x86_64.rpm 86a0fd5715e93fe2ad3af8af9c762f5e mbs1/x86_64/php-event-1.8.1-1.mbs1.x86_64.rpm e885e3a1aa38a84f3a91a2f3adfdd9ed mbs1/x86_64/php-exif-5.5.8-1.mbs1.x86_64.rpm 28cbec3693e2ec299ae14f4d3aee2bab mbs1/x86_64/php-expect-0.3.1-3.1.mbs1.x86_64.rpm 1f6e495022af41702d958c5e4c5a7a0c mbs1/x86_64/php-fam-5.0.1-21.1.mbs1.x86_64.rpm dcc659581a3370b6152a0be1c3d4330a mbs1/x86_64/php-fileinfo-5.5.8-1.mbs1.x86_64.rpm 51361ea120255c19051acce2f7c52373 mbs1/x86_64/php-filepro-5.1.6-31.1.mbs1.x86_64.rpm 57ffefd27baab8189b77ec065f6c25fb mbs1/x86_64/php-filter-5.5.8-1.mbs1.x86_64.rpm 40ef3b1acf64c3dbbec30ed053faf91d mbs1/x86_64/php-fpm-5.5.8-1.mbs1.x86_64.rpm 585a27ca37d6e425e33ebffda8d4a3c5 mbs1/x86_64/php-ftp-5.5.8-1.mbs1.x86_64.rpm f7e17547d06d727435d842566711bd1f mbs1/x86_64/php-gd-5.5.8-1.mbs1.x86_64.rpm 424413861017a0d960ec25799f7e6d96 mbs1/x86_64/php-gender-1.0.0-1.mbs1.x86_64.rpm 326ce65eb182fa95338b4950bf2902d8 mbs1/x86_64/php-geoip-1.0.8-3.1.mbs1.x86_64.rpm e8e5d68ccd220fa1411538c887a9b033 mbs1/x86_64/php-gettext-5.5.8-1.mbs1.x86_64.rpm e52ebf9fbb468cc480ff89b16746ac32 mbs1/x86_64/php-gmp-5.5.8-1.mbs1.x86_64.rpm 705599e093ed673401b92dcc55d7f7af mbs1/x86_64/php-gnupg-1.3.2-8.1.mbs1.x86_64.rpm e3acb8961bcb47b82eae4f2d1f0a5533 mbs1/x86_64/php-gnutls-0.3-0.rc1.25.mbs1.x86_64.rpm 63cace0435e5165bb99868f0b77fd0fb mbs1/x86_64/php-gtk2-2.0.3-0.git20130225.1.1.mbs1.x86_64.rpm d24ba27252b2d03b1ac45de414ace8f4 mbs1/x86_64/php-haru-1.0.4-1.mbs1.x86_64.rpm 69dcad6cd94a553145fc7170eb92b9ab mbs1/x86_64/php-hash-5.5.8-1.mbs1.x86_64.rpm 011ee7e7c17f420f6fdddb73f07e2689 mbs1/x86_64/php-hidef-0.1.13-1.mbs1.x86_64.rpm 5be11ca2acde72985150182165690a1e mbs1/x86_64/php-htscanner-1.0.1-1.mbs1.x86_64.rpm 1ef360e88e9e53f426b6128b352d4498 mbs1/x86_64/php-iconv-5.5.8-1.mbs1.x86_64.rpm 241adb52708e8152bbd264477d2c6685 mbs1/x86_64/php-id3-0.2-33.1.mbs1.x86_64.rpm 18a9444caba90afd57ac9d349de79592 mbs1/x86_64/php-imagick-3.1.2-1.mbs1.x86_64.rpm fb435f0e0c06838e6ba4b8e55edb65da mbs1/x86_64/php-imap-5.5.8-1.mbs1.x86_64.rpm e3d4b8b1a34ee2fff2514799d39d6c83 mbs1/x86_64/php-inclued-0.1.3-1.mbs1.x86_64.rpm 9a62365f025a6cd92a5649800f94e392 mbs1/x86_64/php-ini-5.5.8-1.mbs1.x86_64.rpm cc0fa3dfabc021d0a6f97de624c72451 mbs1/x86_64/php-inotify-0.1.6-1.mbs1.x86_64.rpm f7c954f5f7a8c3497244dab0ac9cc874 mbs1/x86_64/php-intl-5.5.8-1.mbs1.x86_64.rpm 72104e0ea01d0b8d7025ae3de961d950 mbs1/x86_64/php-json-5.5.8-1.mbs1.x86_64.rpm 788d244d7832eca94dc694ec2642c24b mbs1/x86_64/php-ldap-5.5.8-1.mbs1.x86_64.rpm ef1754adb00601ab1c4c29bb1fd1ef59 mbs1/x86_64/php-libevent-0.1.0-1.mbs1.x86_64.rpm b300a580ba667f6898875fc41d19116f mbs1/x86_64/php-mbstring-5.5.8-1.mbs1.x86_64.rpm bb5fecd25651248b7d4731b1aea2b31e mbs1/x86_64/php-mcrypt-5.5.8-1.mbs1.x86_64.rpm 299d7d44e160c8b4e5b7f30644c65a67 mbs1/x86_64/php-mcve-7.0.3-11.1.mbs1.x86_64.rpm db5be0ea33960859e4f31dc1d8e6c5af mbs1/x86_64/php-memcache-3.0.8-1.mbs1.x86_64.rpm bc238ba372583c19c57f658ff4225518 mbs1/x86_64/php-memcached-2.1.0-1.mbs1.x86_64.rpm fbd5ebb29764a11aa742e77fde63ec03 mbs1/x86_64/php-mnogosearch-1.96-35.1.mbs1.x86_64.rpm 2c0d85ca48d9b1f22f0f8445364f97e5 mbs1/x86_64/php-mongo-1.4.5-1.mbs1.x86_64.rpm a87d1de22d52d2e51bb3977a87afb715 mbs1/x86_64/php-mssql-5.5.8-1.mbs1.x86_64.rpm c2c1b538550758102b8b456a0db9c18f mbs1/x86_64/php-mysql-5.5.8-1.mbs1.x86_64.rpm c09aef537da221b4eebbaad7a893e195 mbs1/x86_64/php-mysqli-5.5.8-1.mbs1.x86_64.rpm f50cb148d81ecf786c80661e19714893 mbs1/x86_64/php-mysqlnd-5.5.8-1.mbs1.x86_64.rpm 25ca5ff7bb6a4bb39e17bef527a4daec mbs1/x86_64/php-newt-1.2.8-1.mbs1.x86_64.rpm 823b8d9b36c8b34b5f80f3f478d5be7d mbs1/x86_64/php-odbc-5.5.8-1.mbs1.x86_64.rpm 821f30096996e971be059dcc617beeb4 mbs1/x86_64/php-oggvorbis-0.2-33.1.mbs1.x86_64.rpm ec2c830033979609b85d19722079ad45 mbs1/x86_64/php-opcache-5.5.8-1.mbs1.x86_64.rpm 0e66afe941f83d77128a0326fea38368 mbs1/x86_64/php-openssl-5.5.8-1.mbs1.x86_64.rpm e8b0808df1e75e9eee987d1c38d0de41 mbs1/x86_64/php-pam-1.0.3-10.1.mbs1.x86_64.rpm c9772947df6039925dc89ed495c5eea0 mbs1/x86_64/php-pcntl-5.5.8-1.mbs1.x86_64.rpm 2d6f78b753dce6b022f0f495e5894bfe mbs1/x86_64/php-pdo-5.5.8-1.mbs1.x86_64.rpm 27dd4d459d9c50a3fa5ee81d988e6c4e mbs1/x86_64/php-pdo_dblib-5.5.8-1.mbs1.x86_64.rpm 060ad327a9a83ef417f9b0bdd60b7529 mbs1/x86_64/php-pdo_mysql-5.5.8-1.mbs1.x86_64.rpm f42d6c75dcd550e902bdda0672407f17 mbs1/x86_64/php-pdo_odbc-5.5.8-1.mbs1.x86_64.rpm 0e3764c821f508322e40a779a6694d36 mbs1/x86_64/php-pdo_pgsql-5.5.8-1.mbs1.x86_64.rpm af7cc29beea4f7a1aa87f81cc0f42e4d mbs1/x86_64/php-pdo_sqlite-5.5.8-1.mbs1.x86_64.rpm 6dc688c04f4a9617f5d9f179d5bffad3 mbs1/x86_64/php-pgsql-5.5.8-1.mbs1.x86_64.rpm e9e88947d413f78a0de370b45cd1e581 mbs1/x86_64/php-phar-5.5.8-1.mbs1.x86_64.rpm c4cbe315a3897b156de8d8b1ebee2454 mbs1/x86_64/php-posix-5.5.8-1.mbs1.x86_64.rpm a22a1d86311d97a6e74f41d4c5cee58a mbs1/x86_64/php-proctitle-0.1.2-1.mbs1.x86_64.rpm 1a642e05f7e4acbc0574700d39277f68 mbs1/x86_64/php-radius-1.2.7-1.1.mbs1.x86_64.rpm 364d5f30ed13942441cc6728af41f3ce mbs1/x86_64/php-readline-5.5.8-1.mbs1.x86_64.rpm 8e09378518bf4efca20b146d2ad3ae18 mbs1/x86_64/php-recode-5.5.8-1.mbs1.x86_64.rpm aca1fc497f23bebd1b261a91b4453c83 mbs1/x86_64/php-rrdtool-0-35.1.mbs1.x86_64.rpm b7ff902ed02d70049b9fdfa86c82c2bd mbs1/x86_64/php-sasl-0.1.0-36.1.mbs1.x86_64.rpm f28d198a8148aa993accca677f3921ce mbs1/x86_64/php-session-5.5.8-1.mbs1.x86_64.rpm 9ac8db465023197ca4a3f3358865d6c4 mbs1/x86_64/php-shmop-5.5.8-1.mbs1.x86_64.rpm 994c1f4ef6fdbb46a1217a0b4679b540 mbs1/x86_64/php-snmp-5.5.8-1.mbs1.x86_64.rpm 122de98493f51dad25fad1bd6490b14d mbs1/x86_64/php-soap-5.5.8-1.mbs1.x86_64.rpm 26cb96e64938013375ff2720787dbce3 mbs1/x86_64/php-sockets-5.5.8-1.mbs1.x86_64.rpm c03f6d3524750a11a26984a5680b6e31 mbs1/x86_64/php-sqlite-1.0.3-1.mbs1.x86_64.rpm cf9b1e1845c4df39e65c721b5ebe1ecd mbs1/x86_64/php-sqlite3-5.5.8-1.mbs1.x86_64.rpm 3692df1b43da42070fb2245ba85736d7 mbs1/x86_64/php-ssh2-0.12-1.mbs1.x86_64.rpm 46b107eaf4753b6f3e5b1d1c01014ac4 mbs1/x86_64/php-suhosin-0.9.33-7.2.mbs1.x86_64.rpm 648fa01ef7b191c206881bc81fc91cae mbs1/x86_64/php-svn-1.0.2-1.mbs1.x86_64.rpm 4f76f8fdc2c3b96130b50693f44fb82d mbs1/x86_64/php-swish-0.5.0-1.mbs1.x86_64.rpm dcda9398908f302d916e16ac23edc864 mbs1/x86_64/php-sybase_ct-5.5.8-1.mbs1.x86_64.rpm 05c262004a13838b354818605091d375 mbs1/x86_64/php-syck-0.9.3-17.1.mbs1.x86_64.rpm 911002b84d2ccf6632ab78148eeaa836 mbs1/x86_64/php-sysvmsg-5.5.8-1.mbs1.x86_64.rpm 64ee1ae53811450f47ced3dfc180cd3b mbs1/x86_64/php-sysvsem-5.5.8-1.mbs1.x86_64.rpm 8822eff6601523af2aec8a4b40278d5c mbs1/x86_64/php-sysvshm-5.5.8-1.mbs1.x86_64.rpm cb7122e7b2b81860304578978b20fae4 mbs1/x86_64/php-tcpwrap-1.1.3-18.1.mbs1.x86_64.rpm dd20d26681b253ca10d226b576cd9da7 mbs1/x86_64/php-tdb-1.0.0-18.1.mbs1.x86_64.rpm 89ca00e2d6b8a0655161caf3d975a29c mbs1/x86_64/php-tidy-5.5.8-1.mbs1.x86_64.rpm 63e583090b7d6e86679d9cf4dadd13b8 mbs1/x86_64/php-timezonedb-2013.9-1.1.mbs1.x86_64.rpm 51abf076f5d22b0393f94d74bf384502 mbs1/x86_64/php-tk-0.1.1-29.1.mbs1.x86_64.rpm a2a8c303e251afdfd6b6eb84307f95cd mbs1/x86_64/php-tokenizer-5.5.8-1.mbs1.x86_64.rpm 2d6a9a2ee9034ca19c81914f10dbaaf1 mbs1/x86_64/php-txforward-1.0.7-3.1.mbs1.x86_64.rpm a91cc0a9f98d6be93242c761722c3363 mbs1/x86_64/php-uploadprogress-1.0.3.1-3.1.mbs1.x86_64.rpm 4cad056354849adc02de0899481f2c0e mbs1/x86_64/php-uuid-1.0.3-1.mbs1.x86_64.rpm 269b8bdd1a21e7f7688a60cb6d4e66c9 mbs1/x86_64/php-wbxml-1.0.3-14.1.mbs1.x86_64.rpm 3c324e3865d37e40e0c44d703e6af971 mbs1/x86_64/php-wddx-5.5.8-1.mbs1.x86_64.rpm 272928a998127f03fa7b466bdae5625b mbs1/x86_64/php-xattr-1.2.0-1.mbs1.x86_64.rpm 1a36dc739e5b59e1a7234c20252bb30c mbs1/x86_64/php-xdiff-1.5.2-1.mbs1.x86_64.rpm e21b93c47fc09d426b1e9873d922c9b6 mbs1/x86_64/php-xml-5.5.8-1.mbs1.x86_64.rpm 18b1f4b35359ef4803840b6a59023662 mbs1/x86_64/php-xmlreader-5.5.8-1.mbs1.x86_64.rpm 32cac8722f385bd6c889c7998708f896 mbs1/x86_64/php-xmlrpc-5.5.8-1.mbs1.x86_64.rpm 17741808a8ab423b918e15d791a470a0 mbs1/x86_64/php-xmlwriter-5.5.8-1.mbs1.x86_64.rpm c4ca4a667ea3d67c2a5f41be43e275ef mbs1/x86_64/php-xsl-5.5.8-1.mbs1.x86_64.rpm 26c7a4cb6e3a349f184cb151b3e66bbe mbs1/x86_64/php-xslcache-0.7.2-1.mbs1.x86_64.rpm 2ec0a54234ba1f9408a1dfc312ce15bb mbs1/x86_64/php-yaml-1.1.1-1.mbs1.x86_64.rpm d8d867f694f761e0c1fbb42f37671246 mbs1/x86_64/php-yaz-1.1.6-1.mbs1.x86_64.rpm d3a22538565c0e70823ab006a918b599 mbs1/x86_64/php-yp-5.2.3-25.1.mbs1.x86_64.rpm e8a6f6b750a57d30cab05f43ed0d2826 mbs1/x86_64/php-zip-5.5.8-1.mbs1.x86_64.rpm 85fc2115c2d73651c13b7e7d579035c2 mbs1/x86_64/php-zlib-5.5.8-1.mbs1.x86_64.rpm dffedeb2bc9dbcf09a08c5b8ee085241 mbs1/SRPMS/json-c-0.11-1.mbs1.src.rpm af6e8a771ad6e82cc4890d017a282a54 mbs1/SRPMS/libmbfl-1.2.0-1.mbs1.src.rpm 208cadf784cf7e5d87473a66b1ad9dec mbs1/SRPMS/php-5.5.8-1.mbs1.src.rpm 569fe67ccfe844b44d66cd5801c87029 mbs1/SRPMS/php-amf-0.9.2-10.1.mbs1.src.rpm 18c40965301ed883fdc24604257cd1e5 mbs1/SRPMS/php-apacheaccessor-1.0.1-1.mbs1.src.rpm f7450092f00a1271e4c767317739caf9 mbs1/SRPMS/php-apc-3.1.15-1.2.mbs1.src.rpm 05ac57db5fca564a1056dfbaffb98a5e mbs1/SRPMS/php-apm-1.1.0-1RC2.mbs1.src.rpm 92d6548693ee63aa19a50bf8662db4b1 mbs1/SRPMS/php-archive-0.2-22.1.mbs1.src.rpm 937fe1748c3a85337d74d9d25a5f64b2 mbs1/SRPMS/php-auth_nds-2.2.6-28.1.mbs1.src.rpm 73b13a0ed1ef4c11411c8482d924346a mbs1/SRPMS/php-bbcode-1.0.3-0.0.b1.5.mbs1.src.rpm 2e6d69003f3b782b4dd304a7fb7838d6 mbs1/SRPMS/php-bcompiler-1.0.2-3.1.mbs1.src.rpm 0514e5ace4b598d1f2f380eee232d906 mbs1/SRPMS/php-bitset-2.0-1.mbs1.src.rpm f681295764f84a253a17a6f8f0de66f3 mbs1/SRPMS/php-bloomy-0.1.0-11.1.mbs1.src.rpm f099bc978799afff5ed4ab35cde70633 mbs1/SRPMS/php-braille-0.1.1-1.mbs1.src.rpm 522cd2c8a16f78acdc7dc5f80fff34e4 mbs1/SRPMS/php-cairo-0.3.2-1.mbs1.src.rpm 56436636c2f04d70a96d6cb571abcf03 mbs1/SRPMS/php-cairo_wrapper-0.2.4-12.1.mbs1.src.rpm 16e205bc0339a90acb9560df409be2f7 mbs1/SRPMS/php-courierauth-0.1.0-26.1.mbs1.src.rpm fc4f8967c11cc4b2080193ea11439f10 mbs1/SRPMS/php-cyrus-1.0-30.1.mbs1.src.rpm 028cd11a27d1caf3fa0bfb7ccba72dff mbs1/SRPMS/php-dav-1.2-4.1.mbs1.src.rpm 6e7fa7b114c2262288d12b16b67f9398 mbs1/SRPMS/php-dbase-5.0.1-3.1.mbs1.src.rpm f5a32e8c86e6d8a37ea49f6edcc8f2eb mbs1/SRPMS/php-dbx-1.1.2-3.1.mbs1.src.rpm 28361b8014ef86de714370ed2f9c8523 mbs1/SRPMS/php-dio-0.0.7-1.mbs1.src.rpm 46cd6b2052a284a5e4b6cd2e9ce0f35b mbs1/SRPMS/php-doublemetaphone-1.0.0-1.mbs1.src.rpm 216f54099506165d92e2fa5eb5fa895b mbs1/SRPMS/php-drizzle-0.4.2-8.1.mbs1.src.rpm 8103618186a8263b5aa140ac2604a377 mbs1/SRPMS/php-event-1.8.1-1.mbs1.src.rpm 117870df2707a9f7f743e0d5e006f01c mbs1/SRPMS/php-expect-0.3.1-3.1.mbs1.src.rpm 1e9571e84f5c216436346ba4f0ef7e01 mbs1/SRPMS/php-fam-5.0.1-21.1.mbs1.src.rpm 12ab1fab99d150362d41a2462432616f mbs1/SRPMS/php-filepro-5.1.6-31.1.mbs1.src.rpm b8f3eeac43f32ffab74d3a6a2e1a95a9 mbs1/SRPMS/php-gender-1.0.0-1.mbs1.src.rpm f4b01e4ea76567f29b6302a94de0187e mbs1/SRPMS/php-geoip-1.0.8-3.1.mbs1.src.rpm ad38f3ef3e39a2cc1ff974fb6fee5f27 mbs1/SRPMS/php-gnupg-1.3.2-8.1.mbs1.src.rpm 7993893485eed60a687dd9072e58ceb7 mbs1/SRPMS/php-gnutls-0.3-0.rc1.25.mbs1.src.rpm 93667de0345b12d30fd9a90850ccfa64 mbs1/SRPMS/php-gtk2-2.0.3-0.git20130225.1.1.mbs1.src.rpm 05bf2145f513bfa34f36e60032d752c1 mbs1/SRPMS/php-haru-1.0.4-1.mbs1.src.rpm efc0bfbf4490ea6bf61464fcc397661e mbs1/SRPMS/php-hidef-0.1.13-1.mbs1.src.rpm 4c4dcf9335bab8530c2b5a8f5d07fdf5 mbs1/SRPMS/php-htscanner-1.0.1-1.mbs1.src.rpm 4d39a950797e8df46762c5c73e170179 mbs1/SRPMS/php-id3-0.2-33.1.mbs1.src.rpm 1a756001cd773cdc7ca5f797e7171660 mbs1/SRPMS/php-imagick-3.1.2-1.mbs1.src.rpm 7fd6af5d9de5290b131e9624ec67b6bc mbs1/SRPMS/php-inclued-0.1.3-1.mbs1.src.rpm 57ca03ec85af8be4d4db50843d7adeb4 mbs1/SRPMS/php-inotify-0.1.6-1.mbs1.src.rpm 58c4db8af664a6790e382575b8b39151 mbs1/SRPMS/php-libevent-0.1.0-1.mbs1.src.rpm fde733df58d1daf042d0948be090e961 mbs1/SRPMS/php-mcve-7.0.3-11.1.mbs1.src.rpm 9340b22c4c7b2c5071c197c8fe22aa02 mbs1/SRPMS/php-memcache-3.0.8-1.mbs1.src.rpm a9c5cbd1eeab91714ec8ce69106e1a20 mbs1/SRPMS/php-memcached-2.1.0-1.mbs1.src.rpm 6cd241db51c9f1e51bc81e2dfecb485b mbs1/SRPMS/php-mnogosearch-1.96-35.1.mbs1.src.rpm 98d85dfb93b0a0c269a9a2d3f6f0eede mbs1/SRPMS/php-mongo-1.4.5-1.mbs1.src.rpm 2524e31d5a61e1352dce360526149544 mbs1/SRPMS/php-newt-1.2.8-1.mbs1.src.rpm b117d574a2eb07efbeef7e68eb3dbf38 mbs1/SRPMS/php-oggvorbis-0.2-33.1.mbs1.src.rpm 25eef544c81b44775441da1a9d4a5f8e mbs1/SRPMS/php-pam-1.0.3-10.1.mbs1.src.rpm e4812e2fb71334c1470855047d33ff92 mbs1/SRPMS/php-proctitle-0.1.2-1.mbs1.src.rpm b34e461b5688ed89bcde35f46d34615a mbs1/SRPMS/php-radius-1.2.7-1.1.mbs1.src.rpm 40dbef246efb480f12286479828f0172 mbs1/SRPMS/php-rrdtool-0-35.1.mbs1.src.rpm 60701f0629317b0bec9f1bdd43354e19 mbs1/SRPMS/php-sasl-0.1.0-36.1.mbs1.src.rpm 5a75e8c81e606385c707b714b6282e5a mbs1/SRPMS/php-sqlite-1.0.3-1.mbs1.src.rpm ca0c2cf7daea363b6dbe0b1ef89982c1 mbs1/SRPMS/php-ssh2-0.12-1.mbs1.src.rpm 2df05fb13a6318aa63d52b58018aaac9 mbs1/SRPMS/php-suhosin-0.9.33-7.2.mbs1.src.rpm 9a9ab66c2049d3b901a1a29cb41866fc mbs1/SRPMS/php-svn-1.0.2-1.mbs1.src.rpm 62182c75a65d16872febeb225d345f40 mbs1/SRPMS/php-swish-0.5.0-1.mbs1.src.rpm fdb525c5d728fb5058edc0bde32f8207 mbs1/SRPMS/php-syck-0.9.3-17.1.mbs1.src.rpm fdc70578239b8ad71a29d2164346b2e3 mbs1/SRPMS/php-tcpwrap-1.1.3-18.1.mbs1.src.rpm 7eca5e164fe2c13313d24fa2d9192b2f mbs1/SRPMS/php-tdb-1.0.0-18.1.mbs1.src.rpm d9b8b9498a693a047250431b387d1a38 mbs1/SRPMS/php-timezonedb-2013.9-1.1.mbs1.src.rpm 05f98d011308f8e5b93678bc6f8131de mbs1/SRPMS/php-tk-0.1.1-29.1.mbs1.src.rpm cf608a75bbbaea51c1ce0b04719ce746 mbs1/SRPMS/php-txforward-1.0.7-3.1.mbs1.src.rpm 4a1bae8e064b076164b81d5e79bd5e4b mbs1/SRPMS/php-uploadprogress-1.0.3.1-3.1.mbs1.src.rpm 23a9cf1fa7db9dc8843c9262795a1eb1 mbs1/SRPMS/php-uuid-1.0.3-1.mbs1.src.rpm f1c54907e7c544dfd95764da8175f749 mbs1/SRPMS/php-wbxml-1.0.3-14.1.mbs1.src.rpm 2c57275de2451e91cbfc271ae14595dc mbs1/SRPMS/php-xattr-1.2.0-1.mbs1.src.rpm 82d034516dcfe4fbaf68640ccd017a1f mbs1/SRPMS/php-xdiff-1.5.2-1.mbs1.src.rpm c19da5f5199dbc4d58a2c1d9b7de5bff mbs1/SRPMS/php-xslcache-0.7.2-1.mbs1.src.rpm b05fbb9a7a6ca882fcb7ed4cab1c3886 mbs1/SRPMS/php-yaml-1.1.1-1.mbs1.src.rpm b2859baaf205be29a938df103529659d mbs1/SRPMS/php-yaz-1.1.6-1.mbs1.src.rpm 8544a9059f4099bc17bdd31cb2218aee mbs1/SRPMS/php-yp-5.2.3-25.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. ============================================================================ Ubuntu Security Notice USN-2055-1 December 12, 2013 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in PHP. (CVE-2013-6420) It was discovered that PHP incorrectly handled DateInterval objects. (CVE-2013-6712) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.1 php5-cgi 5.5.3+dfsg-1ubuntu2.1 php5-cli 5.5.3+dfsg-1ubuntu2.1 Ubuntu 13.04: libapache2-mod-php5 5.4.9-4ubuntu2.4 php5-cgi 5.4.9-4ubuntu2.4 php5-cli 5.4.9-4ubuntu2.4 Ubuntu 12.10: libapache2-mod-php5 5.4.6-1ubuntu1.5 php5-cgi 5.4.6-1ubuntu1.5 php5-cli 5.4.6-1ubuntu1.5 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.9 php5-cgi 5.3.10-1ubuntu3.9 php5-cli 5.3.10-1ubuntu3.9 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.22 php5-cgi 5.3.2-1ubuntu4.22 php5-cli 5.3.2-1ubuntu4.22 In general, a standard system update will make all the necessary changes. Release Date: 2014-09-30 Last Updated: 2014-09-30 Potential Security Impact: Cross-site scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking. References: CVE-2013-4545 Unauthorized modification CVE-2013-6420 (SSRT101447) Unauthorized disclosure of information CVE-2013-6422 Unauthorized disclosure of information CVE-2013-6712 (SSRT101447) Denial of Service (DoS) CVE-2014-2640 (SSRT101633, SSRT101438) Cross-site Scripting (XSS) CVE-2014-2641 (SSRT101438) Cross-site Request Forgery (CSRF) CVE-2014-2642 (SSRT101701) Clickjacking SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) for Linux and Windows prior to version 7.4 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-4545 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-6420 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-6422 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2013-6712 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-2640 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-2641 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2014-2642 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH) for Linux and Windows: http://h18013.www1.hp.com/products/servers/management/agents/ HISTORY Version:1 (rev.1) - 30 September 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php53 and php security update Advisory ID: RHSA-2014:1012-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1012.html Issue date: 2014-08-06 CVE Names: CVE-2012-1571 CVE-2013-6712 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3479 CVE-2014-3480 CVE-2014-3515 CVE-2014-4049 CVE-2014-4721 ===================================================================== 1. Summary: Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way the File Information (fileinfo) extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issues were discovered by Francisco Alonso of Red Hat Product Security. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 805197 - CVE-2012-1571 file: out of bounds read in CDF parser 1035670 - CVE-2013-6712 php: heap-based buffer over-read in DateInterval 1065836 - CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules 1072220 - CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file 1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop 1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS 1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check 1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check 1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing 1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw 1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak 6. Package List: Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: php53-5.3.3-23.el5_10.src.rpm i386: php53-5.3.3-23.el5_10.i386.rpm php53-bcmath-5.3.3-23.el5_10.i386.rpm php53-cli-5.3.3-23.el5_10.i386.rpm php53-common-5.3.3-23.el5_10.i386.rpm php53-dba-5.3.3-23.el5_10.i386.rpm php53-debuginfo-5.3.3-23.el5_10.i386.rpm php53-devel-5.3.3-23.el5_10.i386.rpm php53-gd-5.3.3-23.el5_10.i386.rpm php53-imap-5.3.3-23.el5_10.i386.rpm php53-intl-5.3.3-23.el5_10.i386.rpm php53-ldap-5.3.3-23.el5_10.i386.rpm php53-mbstring-5.3.3-23.el5_10.i386.rpm php53-mysql-5.3.3-23.el5_10.i386.rpm php53-odbc-5.3.3-23.el5_10.i386.rpm php53-pdo-5.3.3-23.el5_10.i386.rpm php53-pgsql-5.3.3-23.el5_10.i386.rpm php53-process-5.3.3-23.el5_10.i386.rpm php53-pspell-5.3.3-23.el5_10.i386.rpm php53-snmp-5.3.3-23.el5_10.i386.rpm php53-soap-5.3.3-23.el5_10.i386.rpm php53-xml-5.3.3-23.el5_10.i386.rpm php53-xmlrpc-5.3.3-23.el5_10.i386.rpm x86_64: php53-5.3.3-23.el5_10.x86_64.rpm php53-bcmath-5.3.3-23.el5_10.x86_64.rpm php53-cli-5.3.3-23.el5_10.x86_64.rpm php53-common-5.3.3-23.el5_10.x86_64.rpm php53-dba-5.3.3-23.el5_10.x86_64.rpm php53-debuginfo-5.3.3-23.el5_10.x86_64.rpm php53-devel-5.3.3-23.el5_10.x86_64.rpm php53-gd-5.3.3-23.el5_10.x86_64.rpm php53-imap-5.3.3-23.el5_10.x86_64.rpm php53-intl-5.3.3-23.el5_10.x86_64.rpm php53-ldap-5.3.3-23.el5_10.x86_64.rpm php53-mbstring-5.3.3-23.el5_10.x86_64.rpm php53-mysql-5.3.3-23.el5_10.x86_64.rpm php53-odbc-5.3.3-23.el5_10.x86_64.rpm php53-pdo-5.3.3-23.el5_10.x86_64.rpm php53-pgsql-5.3.3-23.el5_10.x86_64.rpm php53-process-5.3.3-23.el5_10.x86_64.rpm php53-pspell-5.3.3-23.el5_10.x86_64.rpm php53-snmp-5.3.3-23.el5_10.x86_64.rpm php53-soap-5.3.3-23.el5_10.x86_64.rpm php53-xml-5.3.3-23.el5_10.x86_64.rpm php53-xmlrpc-5.3.3-23.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: php53-5.3.3-23.el5_10.src.rpm i386: php53-5.3.3-23.el5_10.i386.rpm php53-bcmath-5.3.3-23.el5_10.i386.rpm php53-cli-5.3.3-23.el5_10.i386.rpm php53-common-5.3.3-23.el5_10.i386.rpm php53-dba-5.3.3-23.el5_10.i386.rpm php53-debuginfo-5.3.3-23.el5_10.i386.rpm php53-devel-5.3.3-23.el5_10.i386.rpm php53-gd-5.3.3-23.el5_10.i386.rpm php53-imap-5.3.3-23.el5_10.i386.rpm php53-intl-5.3.3-23.el5_10.i386.rpm php53-ldap-5.3.3-23.el5_10.i386.rpm php53-mbstring-5.3.3-23.el5_10.i386.rpm php53-mysql-5.3.3-23.el5_10.i386.rpm php53-odbc-5.3.3-23.el5_10.i386.rpm php53-pdo-5.3.3-23.el5_10.i386.rpm php53-pgsql-5.3.3-23.el5_10.i386.rpm php53-process-5.3.3-23.el5_10.i386.rpm php53-pspell-5.3.3-23.el5_10.i386.rpm php53-snmp-5.3.3-23.el5_10.i386.rpm php53-soap-5.3.3-23.el5_10.i386.rpm php53-xml-5.3.3-23.el5_10.i386.rpm php53-xmlrpc-5.3.3-23.el5_10.i386.rpm ia64: php53-5.3.3-23.el5_10.ia64.rpm php53-bcmath-5.3.3-23.el5_10.ia64.rpm php53-cli-5.3.3-23.el5_10.ia64.rpm php53-common-5.3.3-23.el5_10.ia64.rpm php53-dba-5.3.3-23.el5_10.ia64.rpm php53-debuginfo-5.3.3-23.el5_10.ia64.rpm php53-devel-5.3.3-23.el5_10.ia64.rpm php53-gd-5.3.3-23.el5_10.ia64.rpm php53-imap-5.3.3-23.el5_10.ia64.rpm php53-intl-5.3.3-23.el5_10.ia64.rpm php53-ldap-5.3.3-23.el5_10.ia64.rpm php53-mbstring-5.3.3-23.el5_10.ia64.rpm php53-mysql-5.3.3-23.el5_10.ia64.rpm php53-odbc-5.3.3-23.el5_10.ia64.rpm php53-pdo-5.3.3-23.el5_10.ia64.rpm php53-pgsql-5.3.3-23.el5_10.ia64.rpm php53-process-5.3.3-23.el5_10.ia64.rpm php53-pspell-5.3.3-23.el5_10.ia64.rpm php53-snmp-5.3.3-23.el5_10.ia64.rpm php53-soap-5.3.3-23.el5_10.ia64.rpm php53-xml-5.3.3-23.el5_10.ia64.rpm php53-xmlrpc-5.3.3-23.el5_10.ia64.rpm ppc: php53-5.3.3-23.el5_10.ppc.rpm php53-bcmath-5.3.3-23.el5_10.ppc.rpm php53-cli-5.3.3-23.el5_10.ppc.rpm php53-common-5.3.3-23.el5_10.ppc.rpm php53-dba-5.3.3-23.el5_10.ppc.rpm php53-debuginfo-5.3.3-23.el5_10.ppc.rpm php53-devel-5.3.3-23.el5_10.ppc.rpm php53-gd-5.3.3-23.el5_10.ppc.rpm php53-imap-5.3.3-23.el5_10.ppc.rpm php53-intl-5.3.3-23.el5_10.ppc.rpm php53-ldap-5.3.3-23.el5_10.ppc.rpm php53-mbstring-5.3.3-23.el5_10.ppc.rpm php53-mysql-5.3.3-23.el5_10.ppc.rpm php53-odbc-5.3.3-23.el5_10.ppc.rpm php53-pdo-5.3.3-23.el5_10.ppc.rpm php53-pgsql-5.3.3-23.el5_10.ppc.rpm php53-process-5.3.3-23.el5_10.ppc.rpm php53-pspell-5.3.3-23.el5_10.ppc.rpm php53-snmp-5.3.3-23.el5_10.ppc.rpm php53-soap-5.3.3-23.el5_10.ppc.rpm php53-xml-5.3.3-23.el5_10.ppc.rpm php53-xmlrpc-5.3.3-23.el5_10.ppc.rpm s390x: php53-5.3.3-23.el5_10.s390x.rpm php53-bcmath-5.3.3-23.el5_10.s390x.rpm php53-cli-5.3.3-23.el5_10.s390x.rpm php53-common-5.3.3-23.el5_10.s390x.rpm php53-dba-5.3.3-23.el5_10.s390x.rpm php53-debuginfo-5.3.3-23.el5_10.s390x.rpm php53-devel-5.3.3-23.el5_10.s390x.rpm php53-gd-5.3.3-23.el5_10.s390x.rpm php53-imap-5.3.3-23.el5_10.s390x.rpm php53-intl-5.3.3-23.el5_10.s390x.rpm php53-ldap-5.3.3-23.el5_10.s390x.rpm php53-mbstring-5.3.3-23.el5_10.s390x.rpm php53-mysql-5.3.3-23.el5_10.s390x.rpm php53-odbc-5.3.3-23.el5_10.s390x.rpm php53-pdo-5.3.3-23.el5_10.s390x.rpm php53-pgsql-5.3.3-23.el5_10.s390x.rpm php53-process-5.3.3-23.el5_10.s390x.rpm php53-pspell-5.3.3-23.el5_10.s390x.rpm php53-snmp-5.3.3-23.el5_10.s390x.rpm php53-soap-5.3.3-23.el5_10.s390x.rpm php53-xml-5.3.3-23.el5_10.s390x.rpm php53-xmlrpc-5.3.3-23.el5_10.s390x.rpm x86_64: php53-5.3.3-23.el5_10.x86_64.rpm php53-bcmath-5.3.3-23.el5_10.x86_64.rpm php53-cli-5.3.3-23.el5_10.x86_64.rpm php53-common-5.3.3-23.el5_10.x86_64.rpm php53-dba-5.3.3-23.el5_10.x86_64.rpm php53-debuginfo-5.3.3-23.el5_10.x86_64.rpm php53-devel-5.3.3-23.el5_10.x86_64.rpm php53-gd-5.3.3-23.el5_10.x86_64.rpm php53-imap-5.3.3-23.el5_10.x86_64.rpm php53-intl-5.3.3-23.el5_10.x86_64.rpm php53-ldap-5.3.3-23.el5_10.x86_64.rpm php53-mbstring-5.3.3-23.el5_10.x86_64.rpm php53-mysql-5.3.3-23.el5_10.x86_64.rpm php53-odbc-5.3.3-23.el5_10.x86_64.rpm php53-pdo-5.3.3-23.el5_10.x86_64.rpm php53-pgsql-5.3.3-23.el5_10.x86_64.rpm php53-process-5.3.3-23.el5_10.x86_64.rpm php53-pspell-5.3.3-23.el5_10.x86_64.rpm php53-snmp-5.3.3-23.el5_10.x86_64.rpm php53-soap-5.3.3-23.el5_10.x86_64.rpm php53-xml-5.3.3-23.el5_10.x86_64.rpm php53-xmlrpc-5.3.3-23.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm i386: php-5.3.3-27.el6_5.1.i686.rpm php-bcmath-5.3.3-27.el6_5.1.i686.rpm php-cli-5.3.3-27.el6_5.1.i686.rpm php-common-5.3.3-27.el6_5.1.i686.rpm php-dba-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-devel-5.3.3-27.el6_5.1.i686.rpm php-embedded-5.3.3-27.el6_5.1.i686.rpm php-enchant-5.3.3-27.el6_5.1.i686.rpm php-fpm-5.3.3-27.el6_5.1.i686.rpm php-gd-5.3.3-27.el6_5.1.i686.rpm php-imap-5.3.3-27.el6_5.1.i686.rpm php-intl-5.3.3-27.el6_5.1.i686.rpm php-ldap-5.3.3-27.el6_5.1.i686.rpm php-mbstring-5.3.3-27.el6_5.1.i686.rpm php-mysql-5.3.3-27.el6_5.1.i686.rpm php-odbc-5.3.3-27.el6_5.1.i686.rpm php-pdo-5.3.3-27.el6_5.1.i686.rpm php-pgsql-5.3.3-27.el6_5.1.i686.rpm php-process-5.3.3-27.el6_5.1.i686.rpm php-pspell-5.3.3-27.el6_5.1.i686.rpm php-recode-5.3.3-27.el6_5.1.i686.rpm php-snmp-5.3.3-27.el6_5.1.i686.rpm php-soap-5.3.3-27.el6_5.1.i686.rpm php-tidy-5.3.3-27.el6_5.1.i686.rpm php-xml-5.3.3-27.el6_5.1.i686.rpm php-xmlrpc-5.3.3-27.el6_5.1.i686.rpm php-zts-5.3.3-27.el6_5.1.i686.rpm x86_64: php-5.3.3-27.el6_5.1.x86_64.rpm php-bcmath-5.3.3-27.el6_5.1.x86_64.rpm php-cli-5.3.3-27.el6_5.1.x86_64.rpm php-common-5.3.3-27.el6_5.1.x86_64.rpm php-dba-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-devel-5.3.3-27.el6_5.1.x86_64.rpm php-embedded-5.3.3-27.el6_5.1.x86_64.rpm php-enchant-5.3.3-27.el6_5.1.x86_64.rpm php-fpm-5.3.3-27.el6_5.1.x86_64.rpm php-gd-5.3.3-27.el6_5.1.x86_64.rpm php-imap-5.3.3-27.el6_5.1.x86_64.rpm php-intl-5.3.3-27.el6_5.1.x86_64.rpm php-ldap-5.3.3-27.el6_5.1.x86_64.rpm php-mbstring-5.3.3-27.el6_5.1.x86_64.rpm php-mysql-5.3.3-27.el6_5.1.x86_64.rpm php-odbc-5.3.3-27.el6_5.1.x86_64.rpm php-pdo-5.3.3-27.el6_5.1.x86_64.rpm php-pgsql-5.3.3-27.el6_5.1.x86_64.rpm php-process-5.3.3-27.el6_5.1.x86_64.rpm php-pspell-5.3.3-27.el6_5.1.x86_64.rpm php-recode-5.3.3-27.el6_5.1.x86_64.rpm php-snmp-5.3.3-27.el6_5.1.x86_64.rpm php-soap-5.3.3-27.el6_5.1.x86_64.rpm php-tidy-5.3.3-27.el6_5.1.x86_64.rpm php-xml-5.3.3-27.el6_5.1.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.1.x86_64.rpm php-zts-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm x86_64: php-cli-5.3.3-27.el6_5.1.x86_64.rpm php-common-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm x86_64: php-5.3.3-27.el6_5.1.x86_64.rpm php-bcmath-5.3.3-27.el6_5.1.x86_64.rpm php-dba-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-devel-5.3.3-27.el6_5.1.x86_64.rpm php-embedded-5.3.3-27.el6_5.1.x86_64.rpm php-enchant-5.3.3-27.el6_5.1.x86_64.rpm php-fpm-5.3.3-27.el6_5.1.x86_64.rpm php-gd-5.3.3-27.el6_5.1.x86_64.rpm php-imap-5.3.3-27.el6_5.1.x86_64.rpm php-intl-5.3.3-27.el6_5.1.x86_64.rpm php-ldap-5.3.3-27.el6_5.1.x86_64.rpm php-mbstring-5.3.3-27.el6_5.1.x86_64.rpm php-mysql-5.3.3-27.el6_5.1.x86_64.rpm php-odbc-5.3.3-27.el6_5.1.x86_64.rpm php-pdo-5.3.3-27.el6_5.1.x86_64.rpm php-pgsql-5.3.3-27.el6_5.1.x86_64.rpm php-process-5.3.3-27.el6_5.1.x86_64.rpm php-pspell-5.3.3-27.el6_5.1.x86_64.rpm php-recode-5.3.3-27.el6_5.1.x86_64.rpm php-snmp-5.3.3-27.el6_5.1.x86_64.rpm php-soap-5.3.3-27.el6_5.1.x86_64.rpm php-tidy-5.3.3-27.el6_5.1.x86_64.rpm php-xml-5.3.3-27.el6_5.1.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.1.x86_64.rpm php-zts-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm i386: php-5.3.3-27.el6_5.1.i686.rpm php-cli-5.3.3-27.el6_5.1.i686.rpm php-common-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-gd-5.3.3-27.el6_5.1.i686.rpm php-gd-5.3.3-27.el6_5.1.i686.rpm php-ldap-5.3.3-27.el6_5.1.i686.rpm php-mysql-5.3.3-27.el6_5.1.i686.rpm php-mysql-5.3.3-27.el6_5.1.i686.rpm php-odbc-5.3.3-27.el6_5.1.i686.rpm php-odbc-5.3.3-27.el6_5.1.i686.rpm php-pdo-5.3.3-27.el6_5.1.i686.rpm php-pgsql-5.3.3-27.el6_5.1.i686.rpm php-soap-5.3.3-27.el6_5.1.i686.rpm php-xml-5.3.3-27.el6_5.1.i686.rpm php-xml-5.3.3-27.el6_5.1.i686.rpm php-xmlrpc-5.3.3-27.el6_5.1.i686.rpm ppc64: php-5.3.3-27.el6_5.1.ppc64.rpm php-cli-5.3.3-27.el6_5.1.ppc64.rpm php-common-5.3.3-27.el6_5.1.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.1.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.1.ppc64.rpm php-gd-5.3.3-27.el6_5.1.ppc64.rpm php-gd-5.3.3-27.el6_5.1.ppc64.rpm php-ldap-5.3.3-27.el6_5.1.ppc64.rpm php-mysql-5.3.3-27.el6_5.1.ppc64.rpm php-mysql-5.3.3-27.el6_5.1.ppc64.rpm php-odbc-5.3.3-27.el6_5.1.ppc64.rpm php-odbc-5.3.3-27.el6_5.1.ppc64.rpm php-pdo-5.3.3-27.el6_5.1.ppc64.rpm php-pgsql-5.3.3-27.el6_5.1.ppc64.rpm php-soap-5.3.3-27.el6_5.1.ppc64.rpm php-xml-5.3.3-27.el6_5.1.ppc64.rpm php-xml-5.3.3-27.el6_5.1.ppc64.rpm php-xmlrpc-5.3.3-27.el6_5.1.ppc64.rpm s390x: php-5.3.3-27.el6_5.1.s390x.rpm php-cli-5.3.3-27.el6_5.1.s390x.rpm php-common-5.3.3-27.el6_5.1.s390x.rpm php-debuginfo-5.3.3-27.el6_5.1.s390x.rpm php-debuginfo-5.3.3-27.el6_5.1.s390x.rpm php-gd-5.3.3-27.el6_5.1.s390x.rpm php-gd-5.3.3-27.el6_5.1.s390x.rpm php-ldap-5.3.3-27.el6_5.1.s390x.rpm php-mysql-5.3.3-27.el6_5.1.s390x.rpm php-mysql-5.3.3-27.el6_5.1.s390x.rpm php-odbc-5.3.3-27.el6_5.1.s390x.rpm php-odbc-5.3.3-27.el6_5.1.s390x.rpm php-pdo-5.3.3-27.el6_5.1.s390x.rpm php-pgsql-5.3.3-27.el6_5.1.s390x.rpm php-soap-5.3.3-27.el6_5.1.s390x.rpm php-xml-5.3.3-27.el6_5.1.s390x.rpm php-xmlrpc-5.3.3-27.el6_5.1.s390x.rpm x86_64: php-5.3.3-27.el6_5.1.x86_64.rpm php-cli-5.3.3-27.el6_5.1.x86_64.rpm php-common-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-gd-5.3.3-27.el6_5.1.x86_64.rpm php-gd-5.3.3-27.el6_5.1.x86_64.rpm php-ldap-5.3.3-27.el6_5.1.x86_64.rpm php-mysql-5.3.3-27.el6_5.1.x86_64.rpm php-mysql-5.3.3-27.el6_5.1.x86_64.rpm php-odbc-5.3.3-27.el6_5.1.x86_64.rpm php-odbc-5.3.3-27.el6_5.1.x86_64.rpm php-pdo-5.3.3-27.el6_5.1.x86_64.rpm php-pgsql-5.3.3-27.el6_5.1.x86_64.rpm php-soap-5.3.3-27.el6_5.1.x86_64.rpm php-xml-5.3.3-27.el6_5.1.x86_64.rpm php-xml-5.3.3-27.el6_5.1.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm i386: php-bcmath-5.3.3-27.el6_5.1.i686.rpm php-dba-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-devel-5.3.3-27.el6_5.1.i686.rpm php-embedded-5.3.3-27.el6_5.1.i686.rpm php-enchant-5.3.3-27.el6_5.1.i686.rpm php-fpm-5.3.3-27.el6_5.1.i686.rpm php-imap-5.3.3-27.el6_5.1.i686.rpm php-intl-5.3.3-27.el6_5.1.i686.rpm php-mbstring-5.3.3-27.el6_5.1.i686.rpm php-process-5.3.3-27.el6_5.1.i686.rpm php-pspell-5.3.3-27.el6_5.1.i686.rpm php-recode-5.3.3-27.el6_5.1.i686.rpm php-snmp-5.3.3-27.el6_5.1.i686.rpm php-tidy-5.3.3-27.el6_5.1.i686.rpm php-zts-5.3.3-27.el6_5.1.i686.rpm ppc64: php-bcmath-5.3.3-27.el6_5.1.ppc64.rpm php-dba-5.3.3-27.el6_5.1.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.1.ppc64.rpm php-devel-5.3.3-27.el6_5.1.ppc64.rpm php-embedded-5.3.3-27.el6_5.1.ppc64.rpm php-enchant-5.3.3-27.el6_5.1.ppc64.rpm php-fpm-5.3.3-27.el6_5.1.ppc64.rpm php-imap-5.3.3-27.el6_5.1.ppc64.rpm php-intl-5.3.3-27.el6_5.1.ppc64.rpm php-mbstring-5.3.3-27.el6_5.1.ppc64.rpm php-process-5.3.3-27.el6_5.1.ppc64.rpm php-pspell-5.3.3-27.el6_5.1.ppc64.rpm php-recode-5.3.3-27.el6_5.1.ppc64.rpm php-snmp-5.3.3-27.el6_5.1.ppc64.rpm php-tidy-5.3.3-27.el6_5.1.ppc64.rpm php-zts-5.3.3-27.el6_5.1.ppc64.rpm s390x: php-bcmath-5.3.3-27.el6_5.1.s390x.rpm php-dba-5.3.3-27.el6_5.1.s390x.rpm php-debuginfo-5.3.3-27.el6_5.1.s390x.rpm php-devel-5.3.3-27.el6_5.1.s390x.rpm php-embedded-5.3.3-27.el6_5.1.s390x.rpm php-enchant-5.3.3-27.el6_5.1.s390x.rpm php-fpm-5.3.3-27.el6_5.1.s390x.rpm php-imap-5.3.3-27.el6_5.1.s390x.rpm php-intl-5.3.3-27.el6_5.1.s390x.rpm php-mbstring-5.3.3-27.el6_5.1.s390x.rpm php-process-5.3.3-27.el6_5.1.s390x.rpm php-pspell-5.3.3-27.el6_5.1.s390x.rpm php-recode-5.3.3-27.el6_5.1.s390x.rpm php-snmp-5.3.3-27.el6_5.1.s390x.rpm php-tidy-5.3.3-27.el6_5.1.s390x.rpm php-zts-5.3.3-27.el6_5.1.s390x.rpm x86_64: php-bcmath-5.3.3-27.el6_5.1.x86_64.rpm php-dba-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-devel-5.3.3-27.el6_5.1.x86_64.rpm php-embedded-5.3.3-27.el6_5.1.x86_64.rpm php-enchant-5.3.3-27.el6_5.1.x86_64.rpm php-fpm-5.3.3-27.el6_5.1.x86_64.rpm php-imap-5.3.3-27.el6_5.1.x86_64.rpm php-intl-5.3.3-27.el6_5.1.x86_64.rpm php-mbstring-5.3.3-27.el6_5.1.x86_64.rpm php-process-5.3.3-27.el6_5.1.x86_64.rpm php-pspell-5.3.3-27.el6_5.1.x86_64.rpm php-recode-5.3.3-27.el6_5.1.x86_64.rpm php-snmp-5.3.3-27.el6_5.1.x86_64.rpm php-tidy-5.3.3-27.el6_5.1.x86_64.rpm php-zts-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm i386: php-5.3.3-27.el6_5.1.i686.rpm php-cli-5.3.3-27.el6_5.1.i686.rpm php-common-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-gd-5.3.3-27.el6_5.1.i686.rpm php-ldap-5.3.3-27.el6_5.1.i686.rpm php-mysql-5.3.3-27.el6_5.1.i686.rpm php-odbc-5.3.3-27.el6_5.1.i686.rpm php-pdo-5.3.3-27.el6_5.1.i686.rpm php-pgsql-5.3.3-27.el6_5.1.i686.rpm php-soap-5.3.3-27.el6_5.1.i686.rpm php-xml-5.3.3-27.el6_5.1.i686.rpm php-xmlrpc-5.3.3-27.el6_5.1.i686.rpm x86_64: php-5.3.3-27.el6_5.1.x86_64.rpm php-cli-5.3.3-27.el6_5.1.x86_64.rpm php-common-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-gd-5.3.3-27.el6_5.1.x86_64.rpm php-ldap-5.3.3-27.el6_5.1.x86_64.rpm php-mysql-5.3.3-27.el6_5.1.x86_64.rpm php-odbc-5.3.3-27.el6_5.1.x86_64.rpm php-pdo-5.3.3-27.el6_5.1.x86_64.rpm php-pgsql-5.3.3-27.el6_5.1.x86_64.rpm php-soap-5.3.3-27.el6_5.1.x86_64.rpm php-xml-5.3.3-27.el6_5.1.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm i386: php-bcmath-5.3.3-27.el6_5.1.i686.rpm php-dba-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-devel-5.3.3-27.el6_5.1.i686.rpm php-embedded-5.3.3-27.el6_5.1.i686.rpm php-enchant-5.3.3-27.el6_5.1.i686.rpm php-fpm-5.3.3-27.el6_5.1.i686.rpm php-imap-5.3.3-27.el6_5.1.i686.rpm php-intl-5.3.3-27.el6_5.1.i686.rpm php-mbstring-5.3.3-27.el6_5.1.i686.rpm php-process-5.3.3-27.el6_5.1.i686.rpm php-pspell-5.3.3-27.el6_5.1.i686.rpm php-recode-5.3.3-27.el6_5.1.i686.rpm php-snmp-5.3.3-27.el6_5.1.i686.rpm php-tidy-5.3.3-27.el6_5.1.i686.rpm php-zts-5.3.3-27.el6_5.1.i686.rpm x86_64: php-bcmath-5.3.3-27.el6_5.1.x86_64.rpm php-dba-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-devel-5.3.3-27.el6_5.1.x86_64.rpm php-embedded-5.3.3-27.el6_5.1.x86_64.rpm php-enchant-5.3.3-27.el6_5.1.x86_64.rpm php-fpm-5.3.3-27.el6_5.1.x86_64.rpm php-imap-5.3.3-27.el6_5.1.x86_64.rpm php-intl-5.3.3-27.el6_5.1.x86_64.rpm php-mbstring-5.3.3-27.el6_5.1.x86_64.rpm php-process-5.3.3-27.el6_5.1.x86_64.rpm php-pspell-5.3.3-27.el6_5.1.x86_64.rpm php-recode-5.3.3-27.el6_5.1.x86_64.rpm php-snmp-5.3.3-27.el6_5.1.x86_64.rpm php-tidy-5.3.3-27.el6_5.1.x86_64.rpm php-zts-5.3.3-27.el6_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1571.html https://www.redhat.com/security/data/cve/CVE-2013-6712.html https://www.redhat.com/security/data/cve/CVE-2014-0237.html https://www.redhat.com/security/data/cve/CVE-2014-0238.html https://www.redhat.com/security/data/cve/CVE-2014-1943.html https://www.redhat.com/security/data/cve/CVE-2014-2270.html https://www.redhat.com/security/data/cve/CVE-2014-3479.html https://www.redhat.com/security/data/cve/CVE-2014-3480.html https://www.redhat.com/security/data/cve/CVE-2014-3515.html https://www.redhat.com/security/data/cve/CVE-2014-4049.html https://www.redhat.com/security/data/cve/CVE-2014-4721.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT4bujXlSAg2UNWIIRAjupAJ48N95gPfI5/pzaIYdf4przuZNdmwCgjE/L x544JALirz19qNQAHQ4sjzQ= =t3Ft -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004 OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following: Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523 ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858. CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me) CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc. Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc. Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142 LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc. ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298 OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120 QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146 UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled. OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658 OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- . The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse(). In addition, the update for Debian 7 "Wheezy" contains several bugfixes originally targeted for the upcoming Wheezy point release. For the oldstable distribution (squeeze), these problems have been fixed in version 5.3.3-7+squeeze18. For the stable distribution (wheezy), these problems have been fixed in version 5.4.4-14+deb7u7. For the unstable distribution (sid), these problems have been fixed in version 5.5.6+dfsg-2. We recommend that you upgrade your php5 packages

Trust: 2.61

sources: NVD: CVE-2013-6712 // JVNDB: JVNDB-2013-005322 // BID: 64018 // VULHUB: VHN-66714 // PACKETSTORM: 128049 // PACKETSTORM: 124882 // PACKETSTORM: 124407 // PACKETSTORM: 128505 // PACKETSTORM: 127757 // PACKETSTORM: 131359 // PACKETSTORM: 124406

AFFECTED PRODUCTS

vendor:	opensuse	model:	opensuse	scope:	eq	version:	11.4	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.2	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	5.4.24	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	5.4.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	5.5.8	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.10	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	13.10	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	5.3.29	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	10.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	13.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.2	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	the php group	model:	php	scope:	lte	version:	5.5.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.2	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.8
vendor:	novell	model:	opensuse	scope:	eq	version:	12.2	Trust: 0.6
vendor:	novell	model:	opensuse	scope:	eq	version:	11.4	Trust: 0.6
vendor:	novell	model:	opensuse	scope:	eq	version:	12.3	Trust: 0.6
vendor:	php	model:	php	scope:	eq	version:	5.5.6	Trust: 0.6
vendor:	novell	model:	opensuse	scope:	eq	version:	13.1	Trust: 0.6
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	10.04	Trust: 0.3
vendor:	suse	model:	opensuse	scope:	eq	version:	11.4	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	6	Trust: 0.3

sources: BID: 64018 // JVNDB: JVNDB-2013-005322 // CNNVD: CNNVD-201311-464 // NVD: CVE-2013-6712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6712
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6712
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201311-464
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66714
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6712
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66714
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66714 // JVNDB: JVNDB-2013-005322 // CNNVD: CNNVD-201311-464 // NVD: CVE-2013-6712

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-66714 // JVNDB: JVNDB-2013-005322 // NVD: CVE-2013-6712

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 128049 // PACKETSTORM: 124882 // PACKETSTORM: 127757 // CNNVD: CNNVD-201311-464

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201311-464

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005322

PATCH

title:	APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	Trust: 0.8
title:	HT204659	url:	http://support.apple.com/en-us/HT204659	Trust: 0.8
title:	HT204659	url:	http://support.apple.com/ja-jp/HT204659	Trust: 0.8
title:	Fixed bug #66060 (Heap buffer over-read in DateInterval)	url:	http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071	Trust: 0.8
title:	Bug #66060	url:	https://bugs.php.net/bug.php?id=66060	Trust: 0.8
title:	RHSA-2014:1765	url:	https://rhn.redhat.com/errata/RHSA-2014-1765.html	Trust: 0.8
title:	Multiple Buffer Errors vulnerabilities in PHP	url:	https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in1	Trust: 0.8
title:	ext/date/lib/parse_iso_intervals	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=46850	Trust: 0.6
title:	ext/date/lib/parse_iso_intervals	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=46849	Trust: 0.6

sources: JVNDB: JVNDB-2013-005322 // CNNVD: CNNVD-201311-464

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6712	Trust: 3.5
db:	JVN	id:	JVNVU91828320	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-005322	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-464	Trust: 0.7
db:	BID	id:	64018	Trust: 0.4
db:	PACKETSTORM	id:	128900	Trust: 0.1
db:	VULHUB	id:	VHN-66714	Trust: 0.1
db:	PACKETSTORM	id:	128049	Trust: 0.1
db:	PACKETSTORM	id:	124882	Trust: 0.1
db:	PACKETSTORM	id:	124407	Trust: 0.1
db:	PACKETSTORM	id:	128505	Trust: 0.1
db:	PACKETSTORM	id:	127757	Trust: 0.1
db:	PACKETSTORM	id:	131359	Trust: 0.1
db:	PACKETSTORM	id:	124406	Trust: 0.1

sources: VULHUB: VHN-66714 // BID: 64018 // JVNDB: JVNDB-2013-005322 // PACKETSTORM: 128049 // PACKETSTORM: 124882 // PACKETSTORM: 124407 // PACKETSTORM: 128505 // PACKETSTORM: 127757 // PACKETSTORM: 131359 // PACKETSTORM: 124406 // CNNVD: CNNVD-201311-464 // NVD: CVE-2013-6712

REFERENCES

url:	https://bugs.php.net/bug.php?id=66060	Trust: 2.0
url:	http://www.ubuntu.com/usn/usn-2055-1	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html	Trust: 1.7
url:	https://support.apple.com/ht204659	Trust: 1.7
url:	http://www.debian.org/security/2013/dsa-2816	Trust: 1.7
url:	https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04463322	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2014-1765.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html	Trust: 1.7
url:	http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071	Trust: 1.0
url:	http://git.php.net/?p=php-src.git%3ba=commit%3bh=12fe4e90be7bfa2a763197079f68f5568a14e071	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6712	Trust: 0.9
url:	http://jvn.jp/vu/jvnvu91828320/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6712	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6712	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6420	Trust: 0.5
url:	https://rhn.redhat.com/errata/rhsa-2014-1012.html	Trust: 0.4
url:	http://www.php.net/	Trust: 0.3
url:	http://www.ubuntu.com/usn/usn-2055-1/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0238	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0237	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3597	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1943	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2497	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2270	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4049	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4248	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3480	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3479	Trust: 0.2
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4670	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4635	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4636	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1635	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1943	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2110	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2497	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0185	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4113	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1635	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-7345	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5120	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-3735	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1643	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201408-11.xml	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-4718	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1824	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-7327	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2270	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7327	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3981	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1824	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0185	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6420	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0237	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3597	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4636	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-7226	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4670	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1643	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6712	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7226	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4718	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0238	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4049	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7345	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-5120	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3735	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2110	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4248	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3981	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4113	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4635	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4248	Trust: 0.1
url:	http://www.php.net/changelog-5.php#5.5.8	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6420	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.4.9-4ubuntu2.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.22	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.9	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.5	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.1
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2640	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6422	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4545	Trust: 0.1
url:	http://h18013.www1.hp.com/products/servers/management/agents/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2642	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-6712.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-3480.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-2270.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-4049.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-4721.html	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0238.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2012-1571.html	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-1943.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-3479.html	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3515	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-3515.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0237.html	Trust: 0.1
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-1571	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0118	Trust: 0.1
url:	https://www.frida.re	Trust: 0.1
url:	https://support.apple.com/en-us/ht204658	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6438	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0118	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3487	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3571	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3670	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0226	Trust: 0.1
url:	http://support.apple.com/kb/ht1222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3572	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3523	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3587	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3669	Trust: 0.1
url:	https://support.apple.com/en-	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0098	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3538	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0117	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3668	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0207	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5704	Trust: 0.1
url:	http://dtorres.me)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3570	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3478	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0231	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3569	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	http://www.debian.org/security/	Trust: 0.1

CREDITS

Oden Eriksson

Trust: 0.3

sources: BID: 64018

SOURCES

db:	VULHUB	id:	VHN-66714
db:	BID	id:	64018
db:	JVNDB	id:	JVNDB-2013-005322
db:	PACKETSTORM	id:	128049
db:	PACKETSTORM	id:	124882
db:	PACKETSTORM	id:	124407
db:	PACKETSTORM	id:	128505
db:	PACKETSTORM	id:	127757
db:	PACKETSTORM	id:	131359
db:	PACKETSTORM	id:	124406
db:	CNNVD	id:	CNNVD-201311-464
db:	NVD	id:	CVE-2013-6712

LAST UPDATE DATE

2025-01-10T21:29:04.611000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66714	date:	2018-10-30T00:00:00
db:	BID	id:	64018	date:	2015-04-16T18:05:00
db:	JVNDB	id:	JVNDB-2013-005322	date:	2015-08-03T00:00:00
db:	CNNVD	id:	CNNVD-201311-464	date:	2022-11-01T00:00:00
db:	NVD	id:	CVE-2013-6712	date:	2024-11-21T01:59:35.997

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66714	date:	2013-11-28T00:00:00
db:	BID	id:	64018	date:	2013-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-005322	date:	2013-12-02T00:00:00
db:	PACKETSTORM	id:	128049	date:	2014-08-29T22:24:02
db:	PACKETSTORM	id:	124882	date:	2014-01-22T01:55:34
db:	PACKETSTORM	id:	124407	date:	2013-12-14T00:04:46
db:	PACKETSTORM	id:	128505	date:	2014-10-01T19:15:04
db:	PACKETSTORM	id:	127757	date:	2014-08-07T06:20:07
db:	PACKETSTORM	id:	131359	date:	2015-04-09T16:30:50
db:	PACKETSTORM	id:	124406	date:	2013-12-14T00:04:19
db:	CNNVD	id:	CNNVD-201311-464	date:	2013-11-28T00:00:00
db:	NVD	id:	CVE-2013-6712	date:	2013-11-28T04:37:39.840