Details of VAR-201312-0207

ID

VAR-201312-0207

CVE

CVE-2013-6420

TITLE

PHP of ext/openssl/openssl.c Inside asn1_time_to_time_t Vulnerability in arbitrary code execution in function

Trust: 0.8

sources: JVNDB: JVNDB-2013-005585

DESCRIPTION

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability is caused by the openssl_x509_parse() function not correctly parsing the notBefore and notAfter timestamps in the X.509 certificate. The following versions are affected: PHP prior to 5.3.28, 5.4.x prior to 5.4.23, 5.5.x prior to 5.5.7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:014 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : php Date : January 21, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in php: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2013-4248). Additionally, the PECL packages which requires so has been rebuilt for php-5.5.8 and some has been upgraded to their latest versions. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php53 and php security update Advisory ID: RHSA-2013:1813-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1813.html Issue date: 2013-12-11 CVE Names: CVE-2013-6420 ===================================================================== 1. Summary: Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php53 and php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php53-5.3.3-22.el5_10.src.rpm i386: php53-5.3.3-22.el5_10.i386.rpm php53-bcmath-5.3.3-22.el5_10.i386.rpm php53-cli-5.3.3-22.el5_10.i386.rpm php53-common-5.3.3-22.el5_10.i386.rpm php53-dba-5.3.3-22.el5_10.i386.rpm php53-debuginfo-5.3.3-22.el5_10.i386.rpm php53-devel-5.3.3-22.el5_10.i386.rpm php53-gd-5.3.3-22.el5_10.i386.rpm php53-imap-5.3.3-22.el5_10.i386.rpm php53-intl-5.3.3-22.el5_10.i386.rpm php53-ldap-5.3.3-22.el5_10.i386.rpm php53-mbstring-5.3.3-22.el5_10.i386.rpm php53-mysql-5.3.3-22.el5_10.i386.rpm php53-odbc-5.3.3-22.el5_10.i386.rpm php53-pdo-5.3.3-22.el5_10.i386.rpm php53-pgsql-5.3.3-22.el5_10.i386.rpm php53-process-5.3.3-22.el5_10.i386.rpm php53-pspell-5.3.3-22.el5_10.i386.rpm php53-snmp-5.3.3-22.el5_10.i386.rpm php53-soap-5.3.3-22.el5_10.i386.rpm php53-xml-5.3.3-22.el5_10.i386.rpm php53-xmlrpc-5.3.3-22.el5_10.i386.rpm x86_64: php53-5.3.3-22.el5_10.x86_64.rpm php53-bcmath-5.3.3-22.el5_10.x86_64.rpm php53-cli-5.3.3-22.el5_10.x86_64.rpm php53-common-5.3.3-22.el5_10.x86_64.rpm php53-dba-5.3.3-22.el5_10.x86_64.rpm php53-debuginfo-5.3.3-22.el5_10.x86_64.rpm php53-devel-5.3.3-22.el5_10.x86_64.rpm php53-gd-5.3.3-22.el5_10.x86_64.rpm php53-imap-5.3.3-22.el5_10.x86_64.rpm php53-intl-5.3.3-22.el5_10.x86_64.rpm php53-ldap-5.3.3-22.el5_10.x86_64.rpm php53-mbstring-5.3.3-22.el5_10.x86_64.rpm php53-mysql-5.3.3-22.el5_10.x86_64.rpm php53-odbc-5.3.3-22.el5_10.x86_64.rpm php53-pdo-5.3.3-22.el5_10.x86_64.rpm php53-pgsql-5.3.3-22.el5_10.x86_64.rpm php53-process-5.3.3-22.el5_10.x86_64.rpm php53-pspell-5.3.3-22.el5_10.x86_64.rpm php53-snmp-5.3.3-22.el5_10.x86_64.rpm php53-soap-5.3.3-22.el5_10.x86_64.rpm php53-xml-5.3.3-22.el5_10.x86_64.rpm php53-xmlrpc-5.3.3-22.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php53-5.3.3-22.el5_10.src.rpm i386: php53-5.3.3-22.el5_10.i386.rpm php53-bcmath-5.3.3-22.el5_10.i386.rpm php53-cli-5.3.3-22.el5_10.i386.rpm php53-common-5.3.3-22.el5_10.i386.rpm php53-dba-5.3.3-22.el5_10.i386.rpm php53-debuginfo-5.3.3-22.el5_10.i386.rpm php53-devel-5.3.3-22.el5_10.i386.rpm php53-gd-5.3.3-22.el5_10.i386.rpm php53-imap-5.3.3-22.el5_10.i386.rpm php53-intl-5.3.3-22.el5_10.i386.rpm php53-ldap-5.3.3-22.el5_10.i386.rpm php53-mbstring-5.3.3-22.el5_10.i386.rpm php53-mysql-5.3.3-22.el5_10.i386.rpm php53-odbc-5.3.3-22.el5_10.i386.rpm php53-pdo-5.3.3-22.el5_10.i386.rpm php53-pgsql-5.3.3-22.el5_10.i386.rpm php53-process-5.3.3-22.el5_10.i386.rpm php53-pspell-5.3.3-22.el5_10.i386.rpm php53-snmp-5.3.3-22.el5_10.i386.rpm php53-soap-5.3.3-22.el5_10.i386.rpm php53-xml-5.3.3-22.el5_10.i386.rpm php53-xmlrpc-5.3.3-22.el5_10.i386.rpm ia64: php53-5.3.3-22.el5_10.ia64.rpm php53-bcmath-5.3.3-22.el5_10.ia64.rpm php53-cli-5.3.3-22.el5_10.ia64.rpm php53-common-5.3.3-22.el5_10.ia64.rpm php53-dba-5.3.3-22.el5_10.ia64.rpm php53-debuginfo-5.3.3-22.el5_10.ia64.rpm php53-devel-5.3.3-22.el5_10.ia64.rpm php53-gd-5.3.3-22.el5_10.ia64.rpm php53-imap-5.3.3-22.el5_10.ia64.rpm php53-intl-5.3.3-22.el5_10.ia64.rpm php53-ldap-5.3.3-22.el5_10.ia64.rpm php53-mbstring-5.3.3-22.el5_10.ia64.rpm php53-mysql-5.3.3-22.el5_10.ia64.rpm php53-odbc-5.3.3-22.el5_10.ia64.rpm php53-pdo-5.3.3-22.el5_10.ia64.rpm php53-pgsql-5.3.3-22.el5_10.ia64.rpm php53-process-5.3.3-22.el5_10.ia64.rpm php53-pspell-5.3.3-22.el5_10.ia64.rpm php53-snmp-5.3.3-22.el5_10.ia64.rpm php53-soap-5.3.3-22.el5_10.ia64.rpm php53-xml-5.3.3-22.el5_10.ia64.rpm php53-xmlrpc-5.3.3-22.el5_10.ia64.rpm ppc: php53-5.3.3-22.el5_10.ppc.rpm php53-bcmath-5.3.3-22.el5_10.ppc.rpm php53-cli-5.3.3-22.el5_10.ppc.rpm php53-common-5.3.3-22.el5_10.ppc.rpm php53-dba-5.3.3-22.el5_10.ppc.rpm php53-debuginfo-5.3.3-22.el5_10.ppc.rpm php53-devel-5.3.3-22.el5_10.ppc.rpm php53-gd-5.3.3-22.el5_10.ppc.rpm php53-imap-5.3.3-22.el5_10.ppc.rpm php53-intl-5.3.3-22.el5_10.ppc.rpm php53-ldap-5.3.3-22.el5_10.ppc.rpm php53-mbstring-5.3.3-22.el5_10.ppc.rpm php53-mysql-5.3.3-22.el5_10.ppc.rpm php53-odbc-5.3.3-22.el5_10.ppc.rpm php53-pdo-5.3.3-22.el5_10.ppc.rpm php53-pgsql-5.3.3-22.el5_10.ppc.rpm php53-process-5.3.3-22.el5_10.ppc.rpm php53-pspell-5.3.3-22.el5_10.ppc.rpm php53-snmp-5.3.3-22.el5_10.ppc.rpm php53-soap-5.3.3-22.el5_10.ppc.rpm php53-xml-5.3.3-22.el5_10.ppc.rpm php53-xmlrpc-5.3.3-22.el5_10.ppc.rpm s390x: php53-5.3.3-22.el5_10.s390x.rpm php53-bcmath-5.3.3-22.el5_10.s390x.rpm php53-cli-5.3.3-22.el5_10.s390x.rpm php53-common-5.3.3-22.el5_10.s390x.rpm php53-dba-5.3.3-22.el5_10.s390x.rpm php53-debuginfo-5.3.3-22.el5_10.s390x.rpm php53-devel-5.3.3-22.el5_10.s390x.rpm php53-gd-5.3.3-22.el5_10.s390x.rpm php53-imap-5.3.3-22.el5_10.s390x.rpm php53-intl-5.3.3-22.el5_10.s390x.rpm php53-ldap-5.3.3-22.el5_10.s390x.rpm php53-mbstring-5.3.3-22.el5_10.s390x.rpm php53-mysql-5.3.3-22.el5_10.s390x.rpm php53-odbc-5.3.3-22.el5_10.s390x.rpm php53-pdo-5.3.3-22.el5_10.s390x.rpm php53-pgsql-5.3.3-22.el5_10.s390x.rpm php53-process-5.3.3-22.el5_10.s390x.rpm php53-pspell-5.3.3-22.el5_10.s390x.rpm php53-snmp-5.3.3-22.el5_10.s390x.rpm php53-soap-5.3.3-22.el5_10.s390x.rpm php53-xml-5.3.3-22.el5_10.s390x.rpm php53-xmlrpc-5.3.3-22.el5_10.s390x.rpm x86_64: php53-5.3.3-22.el5_10.x86_64.rpm php53-bcmath-5.3.3-22.el5_10.x86_64.rpm php53-cli-5.3.3-22.el5_10.x86_64.rpm php53-common-5.3.3-22.el5_10.x86_64.rpm php53-dba-5.3.3-22.el5_10.x86_64.rpm php53-debuginfo-5.3.3-22.el5_10.x86_64.rpm php53-devel-5.3.3-22.el5_10.x86_64.rpm php53-gd-5.3.3-22.el5_10.x86_64.rpm php53-imap-5.3.3-22.el5_10.x86_64.rpm php53-intl-5.3.3-22.el5_10.x86_64.rpm php53-ldap-5.3.3-22.el5_10.x86_64.rpm php53-mbstring-5.3.3-22.el5_10.x86_64.rpm php53-mysql-5.3.3-22.el5_10.x86_64.rpm php53-odbc-5.3.3-22.el5_10.x86_64.rpm php53-pdo-5.3.3-22.el5_10.x86_64.rpm php53-pgsql-5.3.3-22.el5_10.x86_64.rpm php53-process-5.3.3-22.el5_10.x86_64.rpm php53-pspell-5.3.3-22.el5_10.x86_64.rpm php53-snmp-5.3.3-22.el5_10.x86_64.rpm php53-soap-5.3.3-22.el5_10.x86_64.rpm php53-xml-5.3.3-22.el5_10.x86_64.rpm php53-xmlrpc-5.3.3-22.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-5.3.3-27.el6_5.i686.rpm php-bcmath-5.3.3-27.el6_5.i686.rpm php-cli-5.3.3-27.el6_5.i686.rpm php-common-5.3.3-27.el6_5.i686.rpm php-dba-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-devel-5.3.3-27.el6_5.i686.rpm php-embedded-5.3.3-27.el6_5.i686.rpm php-enchant-5.3.3-27.el6_5.i686.rpm php-fpm-5.3.3-27.el6_5.i686.rpm php-gd-5.3.3-27.el6_5.i686.rpm php-imap-5.3.3-27.el6_5.i686.rpm php-intl-5.3.3-27.el6_5.i686.rpm php-ldap-5.3.3-27.el6_5.i686.rpm php-mbstring-5.3.3-27.el6_5.i686.rpm php-mysql-5.3.3-27.el6_5.i686.rpm php-odbc-5.3.3-27.el6_5.i686.rpm php-pdo-5.3.3-27.el6_5.i686.rpm php-pgsql-5.3.3-27.el6_5.i686.rpm php-process-5.3.3-27.el6_5.i686.rpm php-pspell-5.3.3-27.el6_5.i686.rpm php-recode-5.3.3-27.el6_5.i686.rpm php-snmp-5.3.3-27.el6_5.i686.rpm php-soap-5.3.3-27.el6_5.i686.rpm php-tidy-5.3.3-27.el6_5.i686.rpm php-xml-5.3.3-27.el6_5.i686.rpm php-xmlrpc-5.3.3-27.el6_5.i686.rpm php-zts-5.3.3-27.el6_5.i686.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm x86_64: php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-5.3.3-27.el6_5.i686.rpm php-cli-5.3.3-27.el6_5.i686.rpm php-common-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-gd-5.3.3-27.el6_5.i686.rpm php-ldap-5.3.3-27.el6_5.i686.rpm php-mysql-5.3.3-27.el6_5.i686.rpm php-odbc-5.3.3-27.el6_5.i686.rpm php-pdo-5.3.3-27.el6_5.i686.rpm php-pgsql-5.3.3-27.el6_5.i686.rpm php-soap-5.3.3-27.el6_5.i686.rpm php-xml-5.3.3-27.el6_5.i686.rpm php-xmlrpc-5.3.3-27.el6_5.i686.rpm ppc64: php-5.3.3-27.el6_5.ppc64.rpm php-cli-5.3.3-27.el6_5.ppc64.rpm php-common-5.3.3-27.el6_5.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.ppc64.rpm php-gd-5.3.3-27.el6_5.ppc64.rpm php-ldap-5.3.3-27.el6_5.ppc64.rpm php-mysql-5.3.3-27.el6_5.ppc64.rpm php-odbc-5.3.3-27.el6_5.ppc64.rpm php-pdo-5.3.3-27.el6_5.ppc64.rpm php-pgsql-5.3.3-27.el6_5.ppc64.rpm php-soap-5.3.3-27.el6_5.ppc64.rpm php-xml-5.3.3-27.el6_5.ppc64.rpm php-xmlrpc-5.3.3-27.el6_5.ppc64.rpm s390x: php-5.3.3-27.el6_5.s390x.rpm php-cli-5.3.3-27.el6_5.s390x.rpm php-common-5.3.3-27.el6_5.s390x.rpm php-debuginfo-5.3.3-27.el6_5.s390x.rpm php-gd-5.3.3-27.el6_5.s390x.rpm php-ldap-5.3.3-27.el6_5.s390x.rpm php-mysql-5.3.3-27.el6_5.s390x.rpm php-odbc-5.3.3-27.el6_5.s390x.rpm php-pdo-5.3.3-27.el6_5.s390x.rpm php-pgsql-5.3.3-27.el6_5.s390x.rpm php-soap-5.3.3-27.el6_5.s390x.rpm php-xml-5.3.3-27.el6_5.s390x.rpm php-xmlrpc-5.3.3-27.el6_5.s390x.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-bcmath-5.3.3-27.el6_5.i686.rpm php-dba-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-devel-5.3.3-27.el6_5.i686.rpm php-embedded-5.3.3-27.el6_5.i686.rpm php-enchant-5.3.3-27.el6_5.i686.rpm php-fpm-5.3.3-27.el6_5.i686.rpm php-imap-5.3.3-27.el6_5.i686.rpm php-intl-5.3.3-27.el6_5.i686.rpm php-mbstring-5.3.3-27.el6_5.i686.rpm php-process-5.3.3-27.el6_5.i686.rpm php-pspell-5.3.3-27.el6_5.i686.rpm php-recode-5.3.3-27.el6_5.i686.rpm php-snmp-5.3.3-27.el6_5.i686.rpm php-tidy-5.3.3-27.el6_5.i686.rpm php-zts-5.3.3-27.el6_5.i686.rpm ppc64: php-bcmath-5.3.3-27.el6_5.ppc64.rpm php-dba-5.3.3-27.el6_5.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.ppc64.rpm php-devel-5.3.3-27.el6_5.ppc64.rpm php-embedded-5.3.3-27.el6_5.ppc64.rpm php-enchant-5.3.3-27.el6_5.ppc64.rpm php-fpm-5.3.3-27.el6_5.ppc64.rpm php-imap-5.3.3-27.el6_5.ppc64.rpm php-intl-5.3.3-27.el6_5.ppc64.rpm php-mbstring-5.3.3-27.el6_5.ppc64.rpm php-process-5.3.3-27.el6_5.ppc64.rpm php-pspell-5.3.3-27.el6_5.ppc64.rpm php-recode-5.3.3-27.el6_5.ppc64.rpm php-snmp-5.3.3-27.el6_5.ppc64.rpm php-tidy-5.3.3-27.el6_5.ppc64.rpm php-zts-5.3.3-27.el6_5.ppc64.rpm s390x: php-bcmath-5.3.3-27.el6_5.s390x.rpm php-dba-5.3.3-27.el6_5.s390x.rpm php-debuginfo-5.3.3-27.el6_5.s390x.rpm php-devel-5.3.3-27.el6_5.s390x.rpm php-embedded-5.3.3-27.el6_5.s390x.rpm php-enchant-5.3.3-27.el6_5.s390x.rpm php-fpm-5.3.3-27.el6_5.s390x.rpm php-imap-5.3.3-27.el6_5.s390x.rpm php-intl-5.3.3-27.el6_5.s390x.rpm php-mbstring-5.3.3-27.el6_5.s390x.rpm php-process-5.3.3-27.el6_5.s390x.rpm php-pspell-5.3.3-27.el6_5.s390x.rpm php-recode-5.3.3-27.el6_5.s390x.rpm php-snmp-5.3.3-27.el6_5.s390x.rpm php-tidy-5.3.3-27.el6_5.s390x.rpm php-zts-5.3.3-27.el6_5.s390x.rpm x86_64: php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-5.3.3-27.el6_5.i686.rpm php-cli-5.3.3-27.el6_5.i686.rpm php-common-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-gd-5.3.3-27.el6_5.i686.rpm php-ldap-5.3.3-27.el6_5.i686.rpm php-mysql-5.3.3-27.el6_5.i686.rpm php-odbc-5.3.3-27.el6_5.i686.rpm php-pdo-5.3.3-27.el6_5.i686.rpm php-pgsql-5.3.3-27.el6_5.i686.rpm php-soap-5.3.3-27.el6_5.i686.rpm php-xml-5.3.3-27.el6_5.i686.rpm php-xmlrpc-5.3.3-27.el6_5.i686.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-bcmath-5.3.3-27.el6_5.i686.rpm php-dba-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-devel-5.3.3-27.el6_5.i686.rpm php-embedded-5.3.3-27.el6_5.i686.rpm php-enchant-5.3.3-27.el6_5.i686.rpm php-fpm-5.3.3-27.el6_5.i686.rpm php-imap-5.3.3-27.el6_5.i686.rpm php-intl-5.3.3-27.el6_5.i686.rpm php-mbstring-5.3.3-27.el6_5.i686.rpm php-process-5.3.3-27.el6_5.i686.rpm php-pspell-5.3.3-27.el6_5.i686.rpm php-recode-5.3.3-27.el6_5.i686.rpm php-snmp-5.3.3-27.el6_5.i686.rpm php-tidy-5.3.3-27.el6_5.i686.rpm php-zts-5.3.3-27.el6_5.i686.rpm x86_64: php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6420.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSp/kuXlSAg2UNWIIRAsN9AJsFWuIF8JEVoF1Y/goPkg1yI/+3IACePCiV 2CQU+cEMP+4u5wqoYxKwBKs= =Wg9C -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2055-1 December 12, 2013 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in PHP. (CVE-2013-6420) It was discovered that PHP incorrectly handled DateInterval objects. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2013-6712) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.1 php5-cgi 5.5.3+dfsg-1ubuntu2.1 php5-cli 5.5.3+dfsg-1ubuntu2.1 Ubuntu 13.04: libapache2-mod-php5 5.4.9-4ubuntu2.4 php5-cgi 5.4.9-4ubuntu2.4 php5-cli 5.4.9-4ubuntu2.4 Ubuntu 12.10: libapache2-mod-php5 5.4.6-1ubuntu1.5 php5-cgi 5.4.6-1ubuntu1.5 php5-cli 5.4.6-1ubuntu1.5 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.9 php5-cgi 5.3.10-1ubuntu3.9 php5-cli 5.3.10-1ubuntu3.9 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.22 php5-cgi 5.3.2-1ubuntu4.22 php5-cli 5.3.2-1ubuntu4.22 In general, a standard system update will make all the necessary changes. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.24-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.24-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.24-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.24-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.24-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.24-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.24-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 1c864df50286602ccb2d3efbabb9d7ec php-5.4.24-i486-1_slack14.0.txz Slackware x86_64 14.0 package: cc0f365855b83708c82a84ea44a4ad21 php-5.4.24-x86_64-1_slack14.0.txz Slackware 14.1 package: 1091912280ef2fbe271da2aa304dba36 php-5.4.24-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 22b91ef0428a15b3124c5b4fb911b1bc php-5.4.24-x86_64-1_slack14.1.txz Slackware -current package: f306c21609d14c7380295d63054d8f46 n/php-5.4.24-i486-1.txz Slackware x86_64 -current package: 3cb4ff4fdaba44aa5ed3a946adbe9c9f n/php-5.4.24-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.4.24-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001 OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses the following: Apache Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.26. CVE-ID CVE-2013-1862 CVE-2013-1896 App Sandbox Available for: OS X Mountain Lion v10.8.5 Impact: The App Sandbox may be bypassed Description: The LaunchServices interface for launching an application allowed sandboxed apps to specify the list of arguments passed to the new process. A compromised sandboxed application could abuse this to bypass the sandbox. This issue was addressed by preventing sandboxed applications from specifying arguments. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2013-5179 : Friedrich Graeter of The Soulmen GbR ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of handling of Type 1 fonts. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1254 : Felix Groebert of the Google Security Team ATS Available for: OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: A memory corruption issue existed in the handling of Mach messages passed to ATS. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1262 : Meder Kydyraliev of the Google Security Team ATS Available for: OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: An arbitrary free issue existed in the handling of Mach messages passed to ATS. This issue was addressed through additional validation of Mach messages. CVE-ID CVE-2014-1255 : Meder Kydyraliev of the Google Security Team ATS Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: A buffer overflow issue existed in the handling of Mach messages passed to ATS. This issue was addressed by additional bounds checking. CVE-ID CVE-2014-1256 : Meder Kydyraliev of the Google Security Team Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Root certificates have been updated Description: The set of system root certificates has been updated. The complete list of recognized system roots may be viewed via the Keychain Access application. CFNetwork Cookies Available for: OS X Mountain Lion v10.8.5 Impact: Session cookies may persist even after resetting Safari Description: Resetting Safari did not always delete session cookies until Safari was closed. This issue was addressed through improved handling of session cookies. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreAnimation's handling of images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1258 : Karl Smith of NCC Group CoreText Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in CoreText in the handling of Unicode fonts. This issue is addressed through improved bounds checking. CVE-ID CVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs curl Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: When using curl to connect to an HTTPS URL containing an IP address, the IP address was not validated against the certificate. This issue does not affect systems prior to OS X Mavericks v10.9. CVE-ID CVE-2014-1263 : Roland Moriz of Moriz GmbH Data Security Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. CVE-ID CVE-2014-1266 Date and Time Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: An unprivileged user may change the system clock Description: This update changes the behavior of the systemsetup command to require administrator privileges to change the system clock. CVE-ID CVE-2014-1265 File Bookmark Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a file with a maliciously crafted name may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of file names. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1259 Finder Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Accessing a file's ACL via Finder may lead to other users gaining unauthorized access to files Description: Accessing a file's ACL via Finder may corrupt the ACLs on the file. This issue was addressed through improved handling of ACLs. CVE-ID CVE-2014-1264 ImageIO Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a maliciously crafted JPEG file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in libjpeg's handling of JPEG markers, resulting in the disclosure of memory contents. This issue was addressed by better JPEG handling. CVE-ID CVE-2013-6629 : Michal Zalewski IOSerialFamily Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. This issue does not affect systems running OS X Mavericks v10.9 or later. CVE-ID CVE-2013-5139 : @dent1zt LaunchServices Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: A file could show the wrong extension Description: An issue existed in the handling of certain unicode characters that could allow filenames to show incorrect extensions. The issue was addressed by filtering unsafe unicode characters from display in filenames. This issue does not affect systems running OS X Mavericks v10.9 or later. CVE-ID CVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre of Intego NVIDIA Drivers Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Executing a malicious application could result in arbitrary code execution within the graphics card Description: An issue existed that allowed writes to some trusted memory on the graphics card. This issue was addressed by removing the ability of the host to write to that memory. CVE-ID CVE-2013-5986 : Marcin Kościelnicki from the X.Org Foundation Nouveau project CVE-2013-5987 : Marcin Kościelnicki from the X.Org Foundation Nouveau project PHP Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP, the most serious of which may have led to arbitrary code execution. These issues were addressed by updating PHP to version 5.4.22 on OS X Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion. CVE-ID CVE-2013-4073 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420 QuickLook Available for: OS X Mountain Lion v10.8.5 Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may have led to an unexpected application termination or arbitrary code execution. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2014-1260 : Felix Groebert of the Google Security Team QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Downloading a maliciously crafted Microsoft Word document may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in QuickLook's handling of Microsoft Word documents. This issue was addressed through improved memory management. CVE-ID CVE-2014-1252 : Felix Groebert of the Google Security Team QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ftab' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1246 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ldat' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1248 : Jason Kratzer working with iDefense VCP QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PSD images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1249 : dragonltx of Tencent Security Team QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of 'ttfo' elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1250 : Jason Kratzer working with iDefense VCP QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of 'stsz' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative Secure Transport Available for: OS X Mountain Lion v10.8.5 Impact: An attacker may be able to decrypt data protected by SSL Description: There were known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode. To address these issues for applications using Secure Transport, the 1-byte fragment mitigation was enabled by default for this configuration. CVE-ID CVE-2011-3389 : Juliano Rizzo and Thai Duong OS X Mavericks v10.9.2 includes the content of Safari 7.0.2. OS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn mlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6 U0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb OlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ 3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8 C6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY Y7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O t2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX iB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ q5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv kBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI aiYIh+SzR0rBdMZRgyzv =+DAJ -----END PGP SIGNATURE----- . (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. Bugs fixed (https://bugzilla.redhat.com/): 828051 - CVE-2012-2688 php: Integer Signedness issues in _php_stream_scandir 853329 - CVE-2011-1398 PHP: sapi_header_op() %0D sequence handling security bypass 918187 - CVE-2013-1643 php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6

Trust: 2.52

sources: NVD: CVE-2013-6420 // JVNDB: JVNDB-2013-005585 // VULHUB: VHN-66422 // PACKETSTORM: 124882 // PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 124776 // PACKETSTORM: 125427 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389

AFFECTED PRODUCTS

vendor:	php	model:	php	scope:	eq	version:	5.5.4	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.6	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.2	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.1	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.5	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.3	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.5.0	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.4.21	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.22	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.15	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.13	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.10	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.4	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.19	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.25	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.9.1	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.22	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.2	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.11	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.17	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.0	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.16	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.17	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.20	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.12	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.14	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.18	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.23	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.16	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.10	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.18	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.4	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.9	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.9	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.19	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.14	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.12	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.8	Trust: 1.0
vendor:	php	model:	php	scope:	lte	version:	5.3.27	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.7	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.5	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.6	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.11	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.2	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.15	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.20	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.7	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	11.4	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.0	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.1	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.21	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.24	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.3	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.13	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.1	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.2	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.8	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.3.26	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.3	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.4.6	Trust: 1.0
vendor:	the php group	model:	php	scope:	eq	version:	5.4.23	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.8.5	Trust: 0.8
vendor:	the php group	model:	php	scope:	lt	version:	5.5.x	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.9.1	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.7.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.9	Trust: 0.8
vendor:	the php group	model:	php	scope:	eq	version:	5.5.7	Trust: 0.8
vendor:	the php group	model:	php	scope:	lt	version:	5.4.x	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.7.5	Trust: 0.8

sources: JVNDB: JVNDB-2013-005585 // CNNVD: CNNVD-201312-348 // NVD: CVE-2013-6420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6420
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-6420
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201312-348
value:	HIGH
Trust: 0.6
VULHUB:	VHN-66422
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-6420
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66422
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66422 // JVNDB: JVNDB-2013-005585 // CNNVD: CNNVD-201312-348 // NVD: CVE-2013-6420

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-66422 // JVNDB: JVNDB-2013-005585 // NVD: CVE-2013-6420

THREAT TYPE

remote

Trust: 1.2

sources: PACKETSTORM: 124882 // PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389 // CNNVD: CNNVD-201312-348

TYPE

arbitrary

Trust: 0.6

sources: PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005585

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-66422

PATCH

title:	APPLE-SA-2014-02-25-1	url:	http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html	Trust: 0.8
title:	HT6150	url:	http://support.apple.com/kb/HT6150	Trust: 0.8
title:	HT6150	url:	http://support.apple.com/kb/HT6150?viewlocale=ja_JP	Trust: 0.8
title:	InterWorx Version 5.0.14 Released on Beta Channel!	url:	http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!	Trust: 0.8
title:	Bug 1036830	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1036830	Trust: 0.8
title:	Multiple Buffer Errors vulnerabilities in PHP	url:	https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in1	Trust: 0.8
title:	Fix CVE-2013-6420 - memory corruption in openssl_x509_parse	url:	http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415	Trust: 0.8
title:	PHP 5 ChangeLog	url:	http://www.php.net/ChangeLog-5.php	Trust: 0.8
title:	php-5.5.7	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47192	Trust: 0.6
title:	php-5.4.23	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47191	Trust: 0.6
title:	php-5.3.28	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47190	Trust: 0.6

sources: JVNDB: JVNDB-2013-005585 // CNNVD: CNNVD-201312-348

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6420	Trust: 3.4
db:	SECTRACK	id:	1029472	Trust: 1.1
db:	SECUNIA	id:	59652	Trust: 1.1
db:	BID	id:	64225	Trust: 1.1
db:	JVN	id:	JVNVU95868425	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-005585	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-348	Trust: 0.7
db:	SECUNIA	id:	56071	Trust: 0.6
db:	SECUNIA	id:	56055	Trust: 0.6
db:	SECUNIA	id:	56070	Trust: 0.6
db:	PACKETSTORM	id:	124391	Trust: 0.2
db:	PACKETSTORM	id:	124776	Trust: 0.2
db:	PACKETSTORM	id:	124389	Trust: 0.2
db:	PACKETSTORM	id:	124383	Trust: 0.2
db:	PACKETSTORM	id:	124384	Trust: 0.2
db:	PACKETSTORM	id:	124407	Trust: 0.2
db:	PACKETSTORM	id:	124532	Trust: 0.1
db:	PACKETSTORM	id:	124390	Trust: 0.1
db:	PACKETSTORM	id:	124436	Trust: 0.1
db:	PACKETSTORM	id:	124406	Trust: 0.1
db:	SEEBUG	id:	SSVID-83792	Trust: 0.1
db:	EXPLOIT-DB	id:	30395	Trust: 0.1
db:	VULHUB	id:	VHN-66422	Trust: 0.1
db:	PACKETSTORM	id:	124882	Trust: 0.1
db:	PACKETSTORM	id:	125427	Trust: 0.1
db:	PACKETSTORM	id:	124382	Trust: 0.1

sources: VULHUB: VHN-66422 // JVNDB: JVNDB-2013-005585 // PACKETSTORM: 124882 // PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 124776 // PACKETSTORM: 125427 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389 // CNNVD: CNNVD-201312-348 // NVD: CVE-2013-6420

REFERENCES

url:	https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html	Trust: 2.5
url:	http://www.php.net/changelog-5.php	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1036830	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2013-1813.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2013-1815.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2013-1825.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2013-1826.html	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-2055-1	Trust: 1.2
url:	http://www.securityfocus.com/bid/64225	Trust: 1.1
url:	http://forums.interworx.com/threads/8000-interworx-version-5-0-14-released-on-beta-channel%21	Trust: 1.1
url:	http://support.apple.com/kb/ht6150	Trust: 1.1
url:	http://www.debian.org/security/2013/dsa-2816	Trust: 1.1
url:	https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04463322	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2013-1824.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1029472	Trust: 1.1
url:	http://secunia.com/advisories/59652	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6420	Trust: 1.0
url:	http://git.php.net/?p=php-src.git%3ba=commit%3bh=c1224573c773b6845e83505f717fbf820fc18415	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6420	Trust: 0.9
url:	http://jvn.jp/vu/jvnvu95868425/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6420	Trust: 0.8
url:	http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415	Trust: 0.7
url:	http://secunia.com/advisories/56055	Trust: 0.6
url:	http://secunia.com/advisories/56070	Trust: 0.6
url:	http://secunia.com/advisories/56071	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.5
url:	https://access.redhat.com/site/articles/11258	Trust: 0.5
url:	https://www.redhat.com/security/data/cve/cve-2013-6420.html	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6712	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4248	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4248	Trust: 0.1
url:	http://www.php.net/changelog-5.php#5.5.8	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6712	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.4.9-4ubuntu2.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.22	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.9	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.5	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1255	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6629	Trust: 0.1
url:	http://support.apple.com/kb/ht1222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5179	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1250	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1245	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1259	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5987	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1254	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1256	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1258	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1249	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1248	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1247	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3389	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4073	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5139	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1261	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1896	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1260	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1246	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1862	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1257	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5986	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4113	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1252	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-2688	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2011-1398.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1643	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-1398	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2013-1814.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2012-2688.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-1643.html	Trust: 0.1

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389

SOURCES

db:	VULHUB	id:	VHN-66422
db:	JVNDB	id:	JVNDB-2013-005585
db:	PACKETSTORM	id:	124882
db:	PACKETSTORM	id:	124383
db:	PACKETSTORM	id:	124384
db:	PACKETSTORM	id:	124407
db:	PACKETSTORM	id:	124776
db:	PACKETSTORM	id:	125427
db:	PACKETSTORM	id:	124382
db:	PACKETSTORM	id:	124391
db:	PACKETSTORM	id:	124389
db:	CNNVD	id:	CNNVD-201312-348
db:	NVD	id:	CVE-2013-6420

LAST UPDATE DATE

2025-01-03T20:24:10.132000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66422	date:	2018-10-30T00:00:00
db:	JVNDB	id:	JVNDB-2013-005585	date:	2015-08-10T00:00:00
db:	CNNVD	id:	CNNVD-201312-348	date:	2013-12-18T00:00:00
db:	NVD	id:	CVE-2013-6420	date:	2024-11-21T01:59:11.413

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66422	date:	2013-12-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-005585	date:	2013-12-18T00:00:00
db:	PACKETSTORM	id:	124882	date:	2014-01-22T01:55:34
db:	PACKETSTORM	id:	124383	date:	2013-12-11T06:56:18
db:	PACKETSTORM	id:	124384	date:	2013-12-11T06:56:45
db:	PACKETSTORM	id:	124407	date:	2013-12-14T00:04:46
db:	PACKETSTORM	id:	124776	date:	2014-01-14T14:44:00
db:	PACKETSTORM	id:	125427	date:	2014-02-26T22:21:07
db:	PACKETSTORM	id:	124382	date:	2013-12-11T06:56:03
db:	PACKETSTORM	id:	124391	date:	2013-12-12T04:29:50
db:	PACKETSTORM	id:	124389	date:	2013-12-12T04:29:33
db:	CNNVD	id:	CNNVD-201312-348	date:	2013-12-18T00:00:00
db:	NVD	id:	CVE-2013-6420	date:	2013-12-17T04:46:45.877