ID

VAR-201312-0207


CVE

CVE-2013-6420


TITLE

PHP of ext/openssl/openssl.c Inside asn1_time_to_time_t Vulnerability in arbitrary code execution in function

Trust: 0.8

sources: JVNDB: JVNDB-2013-005585

DESCRIPTION

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability is caused by the openssl_x509_parse() function not correctly parsing the notBefore and notAfter timestamps in the X.509 certificate. The following versions are affected: PHP prior to 5.3.28, 5.4.x prior to 5.4.23, 5.5.x prior to 5.5.7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: August 29, 2014 Bugs: #459904, #472204, #472558, #474656, #476570, #481004, #483212, #485252, #492784, #493982, #501312, #503630, #503670, #505172, #505712, #509132, #512288, #512492, #513032, #516994, #519932, #520134, #520438 ID: 201408-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.5.16 >= 5.5.16 *>= 5.4.32 *>= 5.3.29 Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.16" All PHP 5.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.32" All PHP 5.3 users should upgrade to the latest version. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively. # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29" References ========== [ 1 ] CVE-2011-4718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718 [ 2 ] CVE-2013-1635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635 [ 3 ] CVE-2013-1643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643 [ 4 ] CVE-2013-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824 [ 5 ] CVE-2013-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110 [ 6 ] CVE-2013-3735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735 [ 7 ] CVE-2013-4113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113 [ 8 ] CVE-2013-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248 [ 9 ] CVE-2013-4635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635 [ 10 ] CVE-2013-4636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636 [ 11 ] CVE-2013-6420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420 [ 12 ] CVE-2013-6712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712 [ 13 ] CVE-2013-7226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226 [ 14 ] CVE-2013-7327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327 [ 15 ] CVE-2013-7345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345 [ 16 ] CVE-2014-0185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185 [ 17 ] CVE-2014-0237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237 [ 18 ] CVE-2014-0238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238 [ 19 ] CVE-2014-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943 [ 20 ] CVE-2014-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270 [ 21 ] CVE-2014-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497 [ 22 ] CVE-2014-3597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597 [ 23 ] CVE-2014-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981 [ 24 ] CVE-2014-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049 [ 25 ] CVE-2014-4670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670 [ 26 ] CVE-2014-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . 6) - x86_64 RHEL Desktop Workstation (v. ============================================================================ Ubuntu Security Notice USN-2055-1 December 12, 2013 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in PHP. (CVE-2013-6420) It was discovered that PHP incorrectly handled DateInterval objects. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2013-6712) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.1 php5-cgi 5.5.3+dfsg-1ubuntu2.1 php5-cli 5.5.3+dfsg-1ubuntu2.1 Ubuntu 13.04: libapache2-mod-php5 5.4.9-4ubuntu2.4 php5-cgi 5.4.9-4ubuntu2.4 php5-cli 5.4.9-4ubuntu2.4 Ubuntu 12.10: libapache2-mod-php5 5.4.6-1ubuntu1.5 php5-cgi 5.4.6-1ubuntu1.5 php5-cli 5.4.6-1ubuntu1.5 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.9 php5-cgi 5.3.10-1ubuntu3.9 php5-cli 5.3.10-1ubuntu3.9 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.22 php5-cgi 5.3.2-1ubuntu4.22 php5-cli 5.3.2-1ubuntu4.22 In general, a standard system update will make all the necessary changes. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.24-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.24-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.24-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.24-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.24-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.24-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.24-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 1c864df50286602ccb2d3efbabb9d7ec php-5.4.24-i486-1_slack14.0.txz Slackware x86_64 14.0 package: cc0f365855b83708c82a84ea44a4ad21 php-5.4.24-x86_64-1_slack14.0.txz Slackware 14.1 package: 1091912280ef2fbe271da2aa304dba36 php-5.4.24-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 22b91ef0428a15b3124c5b4fb911b1bc php-5.4.24-x86_64-1_slack14.1.txz Slackware -current package: f306c21609d14c7380295d63054d8f46 n/php-5.4.24-i486-1.txz Slackware x86_64 -current package: 3cb4ff4fdaba44aa5ed3a946adbe9c9f n/php-5.4.24-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.4.24-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Additionally, some packages which requires so has been rebuilt for php-5.3.28. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFStD3fmqjQ0CJFipgRAh8xAJ0cVGBvSbuNsraVm2CUbWJ4lFAo1ACeIl4I rHF73HCt6n3ErwxSG7pRWOc= =aFB+ -----END PGP SIGNATURE----- . (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. Bugs fixed (https://bugzilla.redhat.com/): 828051 - CVE-2012-2688 php: Integer Signedness issues in _php_stream_scandir 853329 - CVE-2011-1398 PHP: sapi_header_op() %0D sequence handling security bypass 918187 - CVE-2013-1643 php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2013:1824-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1824.html Issue date: 2013-12-11 CVE Names: CVE-2013-6420 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 5.9, 6.2, 6.3, and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: php-5.1.6-23.5.el5_3.src.rpm i386: php-5.1.6-23.5.el5_3.i386.rpm php-bcmath-5.1.6-23.5.el5_3.i386.rpm php-cli-5.1.6-23.5.el5_3.i386.rpm php-common-5.1.6-23.5.el5_3.i386.rpm php-dba-5.1.6-23.5.el5_3.i386.rpm php-debuginfo-5.1.6-23.5.el5_3.i386.rpm php-devel-5.1.6-23.5.el5_3.i386.rpm php-gd-5.1.6-23.5.el5_3.i386.rpm php-imap-5.1.6-23.5.el5_3.i386.rpm php-ldap-5.1.6-23.5.el5_3.i386.rpm php-mbstring-5.1.6-23.5.el5_3.i386.rpm php-mysql-5.1.6-23.5.el5_3.i386.rpm php-ncurses-5.1.6-23.5.el5_3.i386.rpm php-odbc-5.1.6-23.5.el5_3.i386.rpm php-pdo-5.1.6-23.5.el5_3.i386.rpm php-pgsql-5.1.6-23.5.el5_3.i386.rpm php-snmp-5.1.6-23.5.el5_3.i386.rpm php-soap-5.1.6-23.5.el5_3.i386.rpm php-xml-5.1.6-23.5.el5_3.i386.rpm php-xmlrpc-5.1.6-23.5.el5_3.i386.rpm ia64: php-5.1.6-23.5.el5_3.ia64.rpm php-bcmath-5.1.6-23.5.el5_3.ia64.rpm php-cli-5.1.6-23.5.el5_3.ia64.rpm php-common-5.1.6-23.5.el5_3.ia64.rpm php-dba-5.1.6-23.5.el5_3.ia64.rpm php-debuginfo-5.1.6-23.5.el5_3.ia64.rpm php-devel-5.1.6-23.5.el5_3.ia64.rpm php-gd-5.1.6-23.5.el5_3.ia64.rpm php-imap-5.1.6-23.5.el5_3.ia64.rpm php-ldap-5.1.6-23.5.el5_3.ia64.rpm php-mbstring-5.1.6-23.5.el5_3.ia64.rpm php-mysql-5.1.6-23.5.el5_3.ia64.rpm php-ncurses-5.1.6-23.5.el5_3.ia64.rpm php-odbc-5.1.6-23.5.el5_3.ia64.rpm php-pdo-5.1.6-23.5.el5_3.ia64.rpm php-pgsql-5.1.6-23.5.el5_3.ia64.rpm php-snmp-5.1.6-23.5.el5_3.ia64.rpm php-soap-5.1.6-23.5.el5_3.ia64.rpm php-xml-5.1.6-23.5.el5_3.ia64.rpm php-xmlrpc-5.1.6-23.5.el5_3.ia64.rpm x86_64: php-5.1.6-23.5.el5_3.x86_64.rpm php-bcmath-5.1.6-23.5.el5_3.x86_64.rpm php-cli-5.1.6-23.5.el5_3.x86_64.rpm php-common-5.1.6-23.5.el5_3.x86_64.rpm php-dba-5.1.6-23.5.el5_3.x86_64.rpm php-debuginfo-5.1.6-23.5.el5_3.x86_64.rpm php-devel-5.1.6-23.5.el5_3.x86_64.rpm php-gd-5.1.6-23.5.el5_3.x86_64.rpm php-imap-5.1.6-23.5.el5_3.x86_64.rpm php-ldap-5.1.6-23.5.el5_3.x86_64.rpm php-mbstring-5.1.6-23.5.el5_3.x86_64.rpm php-mysql-5.1.6-23.5.el5_3.x86_64.rpm php-ncurses-5.1.6-23.5.el5_3.x86_64.rpm php-odbc-5.1.6-23.5.el5_3.x86_64.rpm php-pdo-5.1.6-23.5.el5_3.x86_64.rpm php-pgsql-5.1.6-23.5.el5_3.x86_64.rpm php-snmp-5.1.6-23.5.el5_3.x86_64.rpm php-soap-5.1.6-23.5.el5_3.x86_64.rpm php-xml-5.1.6-23.5.el5_3.x86_64.rpm php-xmlrpc-5.1.6-23.5.el5_3.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.6 server): Source: php-5.1.6-27.el5_6.6.src.rpm i386: php-5.1.6-27.el5_6.6.i386.rpm php-bcmath-5.1.6-27.el5_6.6.i386.rpm php-cli-5.1.6-27.el5_6.6.i386.rpm php-common-5.1.6-27.el5_6.6.i386.rpm php-dba-5.1.6-27.el5_6.6.i386.rpm php-debuginfo-5.1.6-27.el5_6.6.i386.rpm php-devel-5.1.6-27.el5_6.6.i386.rpm php-gd-5.1.6-27.el5_6.6.i386.rpm php-imap-5.1.6-27.el5_6.6.i386.rpm php-ldap-5.1.6-27.el5_6.6.i386.rpm php-mbstring-5.1.6-27.el5_6.6.i386.rpm php-mysql-5.1.6-27.el5_6.6.i386.rpm php-ncurses-5.1.6-27.el5_6.6.i386.rpm php-odbc-5.1.6-27.el5_6.6.i386.rpm php-pdo-5.1.6-27.el5_6.6.i386.rpm php-pgsql-5.1.6-27.el5_6.6.i386.rpm php-snmp-5.1.6-27.el5_6.6.i386.rpm php-soap-5.1.6-27.el5_6.6.i386.rpm php-xml-5.1.6-27.el5_6.6.i386.rpm php-xmlrpc-5.1.6-27.el5_6.6.i386.rpm ia64: php-5.1.6-27.el5_6.6.ia64.rpm php-bcmath-5.1.6-27.el5_6.6.ia64.rpm php-cli-5.1.6-27.el5_6.6.ia64.rpm php-common-5.1.6-27.el5_6.6.ia64.rpm php-dba-5.1.6-27.el5_6.6.ia64.rpm php-debuginfo-5.1.6-27.el5_6.6.ia64.rpm php-devel-5.1.6-27.el5_6.6.ia64.rpm php-gd-5.1.6-27.el5_6.6.ia64.rpm php-imap-5.1.6-27.el5_6.6.ia64.rpm php-ldap-5.1.6-27.el5_6.6.ia64.rpm php-mbstring-5.1.6-27.el5_6.6.ia64.rpm php-mysql-5.1.6-27.el5_6.6.ia64.rpm php-ncurses-5.1.6-27.el5_6.6.ia64.rpm php-odbc-5.1.6-27.el5_6.6.ia64.rpm php-pdo-5.1.6-27.el5_6.6.ia64.rpm php-pgsql-5.1.6-27.el5_6.6.ia64.rpm php-snmp-5.1.6-27.el5_6.6.ia64.rpm php-soap-5.1.6-27.el5_6.6.ia64.rpm php-xml-5.1.6-27.el5_6.6.ia64.rpm php-xmlrpc-5.1.6-27.el5_6.6.ia64.rpm ppc: php-5.1.6-27.el5_6.6.ppc.rpm php-bcmath-5.1.6-27.el5_6.6.ppc.rpm php-cli-5.1.6-27.el5_6.6.ppc.rpm php-common-5.1.6-27.el5_6.6.ppc.rpm php-dba-5.1.6-27.el5_6.6.ppc.rpm php-debuginfo-5.1.6-27.el5_6.6.ppc.rpm php-devel-5.1.6-27.el5_6.6.ppc.rpm php-gd-5.1.6-27.el5_6.6.ppc.rpm php-imap-5.1.6-27.el5_6.6.ppc.rpm php-ldap-5.1.6-27.el5_6.6.ppc.rpm php-mbstring-5.1.6-27.el5_6.6.ppc.rpm php-mysql-5.1.6-27.el5_6.6.ppc.rpm php-ncurses-5.1.6-27.el5_6.6.ppc.rpm php-odbc-5.1.6-27.el5_6.6.ppc.rpm php-pdo-5.1.6-27.el5_6.6.ppc.rpm php-pgsql-5.1.6-27.el5_6.6.ppc.rpm php-snmp-5.1.6-27.el5_6.6.ppc.rpm php-soap-5.1.6-27.el5_6.6.ppc.rpm php-xml-5.1.6-27.el5_6.6.ppc.rpm php-xmlrpc-5.1.6-27.el5_6.6.ppc.rpm s390x: php-5.1.6-27.el5_6.6.s390x.rpm php-bcmath-5.1.6-27.el5_6.6.s390x.rpm php-cli-5.1.6-27.el5_6.6.s390x.rpm php-common-5.1.6-27.el5_6.6.s390x.rpm php-dba-5.1.6-27.el5_6.6.s390x.rpm php-debuginfo-5.1.6-27.el5_6.6.s390x.rpm php-devel-5.1.6-27.el5_6.6.s390x.rpm php-gd-5.1.6-27.el5_6.6.s390x.rpm php-imap-5.1.6-27.el5_6.6.s390x.rpm php-ldap-5.1.6-27.el5_6.6.s390x.rpm php-mbstring-5.1.6-27.el5_6.6.s390x.rpm php-mysql-5.1.6-27.el5_6.6.s390x.rpm php-ncurses-5.1.6-27.el5_6.6.s390x.rpm php-odbc-5.1.6-27.el5_6.6.s390x.rpm php-pdo-5.1.6-27.el5_6.6.s390x.rpm php-pgsql-5.1.6-27.el5_6.6.s390x.rpm php-snmp-5.1.6-27.el5_6.6.s390x.rpm php-soap-5.1.6-27.el5_6.6.s390x.rpm php-xml-5.1.6-27.el5_6.6.s390x.rpm php-xmlrpc-5.1.6-27.el5_6.6.s390x.rpm x86_64: php-5.1.6-27.el5_6.6.x86_64.rpm php-bcmath-5.1.6-27.el5_6.6.x86_64.rpm php-cli-5.1.6-27.el5_6.6.x86_64.rpm php-common-5.1.6-27.el5_6.6.x86_64.rpm php-dba-5.1.6-27.el5_6.6.x86_64.rpm php-debuginfo-5.1.6-27.el5_6.6.x86_64.rpm php-devel-5.1.6-27.el5_6.6.x86_64.rpm php-gd-5.1.6-27.el5_6.6.x86_64.rpm php-imap-5.1.6-27.el5_6.6.x86_64.rpm php-ldap-5.1.6-27.el5_6.6.x86_64.rpm php-mbstring-5.1.6-27.el5_6.6.x86_64.rpm php-mysql-5.1.6-27.el5_6.6.x86_64.rpm php-ncurses-5.1.6-27.el5_6.6.x86_64.rpm php-odbc-5.1.6-27.el5_6.6.x86_64.rpm php-pdo-5.1.6-27.el5_6.6.x86_64.rpm php-pgsql-5.1.6-27.el5_6.6.x86_64.rpm php-snmp-5.1.6-27.el5_6.6.x86_64.rpm php-soap-5.1.6-27.el5_6.6.x86_64.rpm php-xml-5.1.6-27.el5_6.6.x86_64.rpm php-xmlrpc-5.1.6-27.el5_6.6.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: php-5.1.6-40.el5_9.1.src.rpm i386: php-5.1.6-40.el5_9.1.i386.rpm php-bcmath-5.1.6-40.el5_9.1.i386.rpm php-cli-5.1.6-40.el5_9.1.i386.rpm php-common-5.1.6-40.el5_9.1.i386.rpm php-dba-5.1.6-40.el5_9.1.i386.rpm php-debuginfo-5.1.6-40.el5_9.1.i386.rpm php-devel-5.1.6-40.el5_9.1.i386.rpm php-gd-5.1.6-40.el5_9.1.i386.rpm php-imap-5.1.6-40.el5_9.1.i386.rpm php-ldap-5.1.6-40.el5_9.1.i386.rpm php-mbstring-5.1.6-40.el5_9.1.i386.rpm php-mysql-5.1.6-40.el5_9.1.i386.rpm php-ncurses-5.1.6-40.el5_9.1.i386.rpm php-odbc-5.1.6-40.el5_9.1.i386.rpm php-pdo-5.1.6-40.el5_9.1.i386.rpm php-pgsql-5.1.6-40.el5_9.1.i386.rpm php-snmp-5.1.6-40.el5_9.1.i386.rpm php-soap-5.1.6-40.el5_9.1.i386.rpm php-xml-5.1.6-40.el5_9.1.i386.rpm php-xmlrpc-5.1.6-40.el5_9.1.i386.rpm ia64: php-5.1.6-40.el5_9.1.ia64.rpm php-bcmath-5.1.6-40.el5_9.1.ia64.rpm php-cli-5.1.6-40.el5_9.1.ia64.rpm php-common-5.1.6-40.el5_9.1.ia64.rpm php-dba-5.1.6-40.el5_9.1.ia64.rpm php-debuginfo-5.1.6-40.el5_9.1.ia64.rpm php-devel-5.1.6-40.el5_9.1.ia64.rpm php-gd-5.1.6-40.el5_9.1.ia64.rpm php-imap-5.1.6-40.el5_9.1.ia64.rpm php-ldap-5.1.6-40.el5_9.1.ia64.rpm php-mbstring-5.1.6-40.el5_9.1.ia64.rpm php-mysql-5.1.6-40.el5_9.1.ia64.rpm php-ncurses-5.1.6-40.el5_9.1.ia64.rpm php-odbc-5.1.6-40.el5_9.1.ia64.rpm php-pdo-5.1.6-40.el5_9.1.ia64.rpm php-pgsql-5.1.6-40.el5_9.1.ia64.rpm php-snmp-5.1.6-40.el5_9.1.ia64.rpm php-soap-5.1.6-40.el5_9.1.ia64.rpm php-xml-5.1.6-40.el5_9.1.ia64.rpm php-xmlrpc-5.1.6-40.el5_9.1.ia64.rpm ppc: php-5.1.6-40.el5_9.1.ppc.rpm php-bcmath-5.1.6-40.el5_9.1.ppc.rpm php-cli-5.1.6-40.el5_9.1.ppc.rpm php-common-5.1.6-40.el5_9.1.ppc.rpm php-dba-5.1.6-40.el5_9.1.ppc.rpm php-debuginfo-5.1.6-40.el5_9.1.ppc.rpm php-devel-5.1.6-40.el5_9.1.ppc.rpm php-gd-5.1.6-40.el5_9.1.ppc.rpm php-imap-5.1.6-40.el5_9.1.ppc.rpm php-ldap-5.1.6-40.el5_9.1.ppc.rpm php-mbstring-5.1.6-40.el5_9.1.ppc.rpm php-mysql-5.1.6-40.el5_9.1.ppc.rpm php-ncurses-5.1.6-40.el5_9.1.ppc.rpm php-odbc-5.1.6-40.el5_9.1.ppc.rpm php-pdo-5.1.6-40.el5_9.1.ppc.rpm php-pgsql-5.1.6-40.el5_9.1.ppc.rpm php-snmp-5.1.6-40.el5_9.1.ppc.rpm php-soap-5.1.6-40.el5_9.1.ppc.rpm php-xml-5.1.6-40.el5_9.1.ppc.rpm php-xmlrpc-5.1.6-40.el5_9.1.ppc.rpm s390x: php-5.1.6-40.el5_9.1.s390x.rpm php-bcmath-5.1.6-40.el5_9.1.s390x.rpm php-cli-5.1.6-40.el5_9.1.s390x.rpm php-common-5.1.6-40.el5_9.1.s390x.rpm php-dba-5.1.6-40.el5_9.1.s390x.rpm php-debuginfo-5.1.6-40.el5_9.1.s390x.rpm php-devel-5.1.6-40.el5_9.1.s390x.rpm php-gd-5.1.6-40.el5_9.1.s390x.rpm php-imap-5.1.6-40.el5_9.1.s390x.rpm php-ldap-5.1.6-40.el5_9.1.s390x.rpm php-mbstring-5.1.6-40.el5_9.1.s390x.rpm php-mysql-5.1.6-40.el5_9.1.s390x.rpm php-ncurses-5.1.6-40.el5_9.1.s390x.rpm php-odbc-5.1.6-40.el5_9.1.s390x.rpm php-pdo-5.1.6-40.el5_9.1.s390x.rpm php-pgsql-5.1.6-40.el5_9.1.s390x.rpm php-snmp-5.1.6-40.el5_9.1.s390x.rpm php-soap-5.1.6-40.el5_9.1.s390x.rpm php-xml-5.1.6-40.el5_9.1.s390x.rpm php-xmlrpc-5.1.6-40.el5_9.1.s390x.rpm x86_64: php-5.1.6-40.el5_9.1.x86_64.rpm php-bcmath-5.1.6-40.el5_9.1.x86_64.rpm php-cli-5.1.6-40.el5_9.1.x86_64.rpm php-common-5.1.6-40.el5_9.1.x86_64.rpm php-dba-5.1.6-40.el5_9.1.x86_64.rpm php-debuginfo-5.1.6-40.el5_9.1.x86_64.rpm php-devel-5.1.6-40.el5_9.1.x86_64.rpm php-gd-5.1.6-40.el5_9.1.x86_64.rpm php-imap-5.1.6-40.el5_9.1.x86_64.rpm php-ldap-5.1.6-40.el5_9.1.x86_64.rpm php-mbstring-5.1.6-40.el5_9.1.x86_64.rpm php-mysql-5.1.6-40.el5_9.1.x86_64.rpm php-ncurses-5.1.6-40.el5_9.1.x86_64.rpm php-odbc-5.1.6-40.el5_9.1.x86_64.rpm php-pdo-5.1.6-40.el5_9.1.x86_64.rpm php-pgsql-5.1.6-40.el5_9.1.x86_64.rpm php-snmp-5.1.6-40.el5_9.1.x86_64.rpm php-soap-5.1.6-40.el5_9.1.x86_64.rpm php-xml-5.1.6-40.el5_9.1.x86_64.rpm php-xmlrpc-5.1.6-40.el5_9.1.x86_64.rpm Red Hat Enterprise Linux Compute Node EUS (v. 6.2): Source: php-5.3.3-3.el6_2.11.src.rpm x86_64: php-cli-5.3.3-3.el6_2.11.x86_64.rpm php-common-5.3.3-3.el6_2.11.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm Red Hat Enterprise Linux Compute Node EUS (v. 6.3): Source: php-5.3.3-14.el6_3.3.src.rpm x86_64: php-cli-5.3.3-14.el6_3.3.x86_64.rpm php-common-5.3.3-14.el6_3.3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: php-5.3.3-23.el6_4.1.src.rpm x86_64: php-cli-5.3.3-23.el6_4.1.x86_64.rpm php-common-5.3.3-23.el6_4.1.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2): Source: php-5.3.3-3.el6_2.11.src.rpm x86_64: php-5.3.3-3.el6_2.11.x86_64.rpm php-bcmath-5.3.3-3.el6_2.11.x86_64.rpm php-dba-5.3.3-3.el6_2.11.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm php-devel-5.3.3-3.el6_2.11.x86_64.rpm php-embedded-5.3.3-3.el6_2.11.x86_64.rpm php-enchant-5.3.3-3.el6_2.11.x86_64.rpm php-gd-5.3.3-3.el6_2.11.x86_64.rpm php-imap-5.3.3-3.el6_2.11.x86_64.rpm php-intl-5.3.3-3.el6_2.11.x86_64.rpm php-ldap-5.3.3-3.el6_2.11.x86_64.rpm php-mbstring-5.3.3-3.el6_2.11.x86_64.rpm php-mysql-5.3.3-3.el6_2.11.x86_64.rpm php-odbc-5.3.3-3.el6_2.11.x86_64.rpm php-pdo-5.3.3-3.el6_2.11.x86_64.rpm php-pgsql-5.3.3-3.el6_2.11.x86_64.rpm php-process-5.3.3-3.el6_2.11.x86_64.rpm php-pspell-5.3.3-3.el6_2.11.x86_64.rpm php-recode-5.3.3-3.el6_2.11.x86_64.rpm php-snmp-5.3.3-3.el6_2.11.x86_64.rpm php-soap-5.3.3-3.el6_2.11.x86_64.rpm php-tidy-5.3.3-3.el6_2.11.x86_64.rpm php-xml-5.3.3-3.el6_2.11.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.11.x86_64.rpm php-zts-5.3.3-3.el6_2.11.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) : Source: php-5.3.3-14.el6_3.3.src.rpm x86_64: php-5.3.3-14.el6_3.3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.3.x86_64.rpm php-dba-5.3.3-14.el6_3.3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm php-devel-5.3.3-14.el6_3.3.x86_64.rpm php-embedded-5.3.3-14.el6_3.3.x86_64.rpm php-enchant-5.3.3-14.el6_3.3.x86_64.rpm php-gd-5.3.3-14.el6_3.3.x86_64.rpm php-imap-5.3.3-14.el6_3.3.x86_64.rpm php-intl-5.3.3-14.el6_3.3.x86_64.rpm php-ldap-5.3.3-14.el6_3.3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.3.x86_64.rpm php-mysql-5.3.3-14.el6_3.3.x86_64.rpm php-odbc-5.3.3-14.el6_3.3.x86_64.rpm php-pdo-5.3.3-14.el6_3.3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.3.x86_64.rpm php-process-5.3.3-14.el6_3.3.x86_64.rpm php-pspell-5.3.3-14.el6_3.3.x86_64.rpm php-recode-5.3.3-14.el6_3.3.x86_64.rpm php-snmp-5.3.3-14.el6_3.3.x86_64.rpm php-soap-5.3.3-14.el6_3.3.x86_64.rpm php-tidy-5.3.3-14.el6_3.3.x86_64.rpm php-xml-5.3.3-14.el6_3.3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.3.x86_64.rpm php-zts-5.3.3-14.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: php-5.3.3-23.el6_4.1.src.rpm x86_64: php-5.3.3-23.el6_4.1.x86_64.rpm php-bcmath-5.3.3-23.el6_4.1.x86_64.rpm php-dba-5.3.3-23.el6_4.1.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm php-devel-5.3.3-23.el6_4.1.x86_64.rpm php-embedded-5.3.3-23.el6_4.1.x86_64.rpm php-enchant-5.3.3-23.el6_4.1.x86_64.rpm php-fpm-5.3.3-23.el6_4.1.x86_64.rpm php-gd-5.3.3-23.el6_4.1.x86_64.rpm php-imap-5.3.3-23.el6_4.1.x86_64.rpm php-intl-5.3.3-23.el6_4.1.x86_64.rpm php-ldap-5.3.3-23.el6_4.1.x86_64.rpm php-mbstring-5.3.3-23.el6_4.1.x86_64.rpm php-mysql-5.3.3-23.el6_4.1.x86_64.rpm php-odbc-5.3.3-23.el6_4.1.x86_64.rpm php-pdo-5.3.3-23.el6_4.1.x86_64.rpm php-pgsql-5.3.3-23.el6_4.1.x86_64.rpm php-process-5.3.3-23.el6_4.1.x86_64.rpm php-pspell-5.3.3-23.el6_4.1.x86_64.rpm php-recode-5.3.3-23.el6_4.1.x86_64.rpm php-snmp-5.3.3-23.el6_4.1.x86_64.rpm php-soap-5.3.3-23.el6_4.1.x86_64.rpm php-tidy-5.3.3-23.el6_4.1.x86_64.rpm php-xml-5.3.3-23.el6_4.1.x86_64.rpm php-xmlrpc-5.3.3-23.el6_4.1.x86_64.rpm php-zts-5.3.3-23.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.2): Source: php-5.3.3-3.el6_2.11.src.rpm i386: php-5.3.3-3.el6_2.11.i686.rpm php-cli-5.3.3-3.el6_2.11.i686.rpm php-common-5.3.3-3.el6_2.11.i686.rpm php-debuginfo-5.3.3-3.el6_2.11.i686.rpm php-gd-5.3.3-3.el6_2.11.i686.rpm php-ldap-5.3.3-3.el6_2.11.i686.rpm php-mysql-5.3.3-3.el6_2.11.i686.rpm php-odbc-5.3.3-3.el6_2.11.i686.rpm php-pdo-5.3.3-3.el6_2.11.i686.rpm php-pgsql-5.3.3-3.el6_2.11.i686.rpm php-soap-5.3.3-3.el6_2.11.i686.rpm php-xml-5.3.3-3.el6_2.11.i686.rpm php-xmlrpc-5.3.3-3.el6_2.11.i686.rpm ppc64: php-5.3.3-3.el6_2.11.ppc64.rpm php-cli-5.3.3-3.el6_2.11.ppc64.rpm php-common-5.3.3-3.el6_2.11.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.11.ppc64.rpm php-gd-5.3.3-3.el6_2.11.ppc64.rpm php-ldap-5.3.3-3.el6_2.11.ppc64.rpm php-mysql-5.3.3-3.el6_2.11.ppc64.rpm php-odbc-5.3.3-3.el6_2.11.ppc64.rpm php-pdo-5.3.3-3.el6_2.11.ppc64.rpm php-pgsql-5.3.3-3.el6_2.11.ppc64.rpm php-soap-5.3.3-3.el6_2.11.ppc64.rpm php-xml-5.3.3-3.el6_2.11.ppc64.rpm php-xmlrpc-5.3.3-3.el6_2.11.ppc64.rpm s390x: php-5.3.3-3.el6_2.11.s390x.rpm php-cli-5.3.3-3.el6_2.11.s390x.rpm php-common-5.3.3-3.el6_2.11.s390x.rpm php-debuginfo-5.3.3-3.el6_2.11.s390x.rpm php-gd-5.3.3-3.el6_2.11.s390x.rpm php-ldap-5.3.3-3.el6_2.11.s390x.rpm php-mysql-5.3.3-3.el6_2.11.s390x.rpm php-odbc-5.3.3-3.el6_2.11.s390x.rpm php-pdo-5.3.3-3.el6_2.11.s390x.rpm php-pgsql-5.3.3-3.el6_2.11.s390x.rpm php-soap-5.3.3-3.el6_2.11.s390x.rpm php-xml-5.3.3-3.el6_2.11.s390x.rpm php-xmlrpc-5.3.3-3.el6_2.11.s390x.rpm x86_64: php-5.3.3-3.el6_2.11.x86_64.rpm php-cli-5.3.3-3.el6_2.11.x86_64.rpm php-common-5.3.3-3.el6_2.11.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm php-gd-5.3.3-3.el6_2.11.x86_64.rpm php-ldap-5.3.3-3.el6_2.11.x86_64.rpm php-mysql-5.3.3-3.el6_2.11.x86_64.rpm php-odbc-5.3.3-3.el6_2.11.x86_64.rpm php-pdo-5.3.3-3.el6_2.11.x86_64.rpm php-pgsql-5.3.3-3.el6_2.11.x86_64.rpm php-soap-5.3.3-3.el6_2.11.x86_64.rpm php-xml-5.3.3-3.el6_2.11.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.11.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.3): Source: php-5.3.3-14.el6_3.3.src.rpm i386: php-5.3.3-14.el6_3.3.i686.rpm php-cli-5.3.3-14.el6_3.3.i686.rpm php-common-5.3.3-14.el6_3.3.i686.rpm php-debuginfo-5.3.3-14.el6_3.3.i686.rpm php-gd-5.3.3-14.el6_3.3.i686.rpm php-ldap-5.3.3-14.el6_3.3.i686.rpm php-mysql-5.3.3-14.el6_3.3.i686.rpm php-odbc-5.3.3-14.el6_3.3.i686.rpm php-pdo-5.3.3-14.el6_3.3.i686.rpm php-pgsql-5.3.3-14.el6_3.3.i686.rpm php-soap-5.3.3-14.el6_3.3.i686.rpm php-xml-5.3.3-14.el6_3.3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.3.i686.rpm ppc64: php-5.3.3-14.el6_3.3.ppc64.rpm php-cli-5.3.3-14.el6_3.3.ppc64.rpm php-common-5.3.3-14.el6_3.3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.3.ppc64.rpm php-gd-5.3.3-14.el6_3.3.ppc64.rpm php-ldap-5.3.3-14.el6_3.3.ppc64.rpm php-mysql-5.3.3-14.el6_3.3.ppc64.rpm php-odbc-5.3.3-14.el6_3.3.ppc64.rpm php-pdo-5.3.3-14.el6_3.3.ppc64.rpm php-pgsql-5.3.3-14.el6_3.3.ppc64.rpm php-soap-5.3.3-14.el6_3.3.ppc64.rpm php-xml-5.3.3-14.el6_3.3.ppc64.rpm php-xmlrpc-5.3.3-14.el6_3.3.ppc64.rpm s390x: php-5.3.3-14.el6_3.3.s390x.rpm php-cli-5.3.3-14.el6_3.3.s390x.rpm php-common-5.3.3-14.el6_3.3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.3.s390x.rpm php-gd-5.3.3-14.el6_3.3.s390x.rpm php-ldap-5.3.3-14.el6_3.3.s390x.rpm php-mysql-5.3.3-14.el6_3.3.s390x.rpm php-odbc-5.3.3-14.el6_3.3.s390x.rpm php-pdo-5.3.3-14.el6_3.3.s390x.rpm php-pgsql-5.3.3-14.el6_3.3.s390x.rpm php-soap-5.3.3-14.el6_3.3.s390x.rpm php-xml-5.3.3-14.el6_3.3.s390x.rpm php-xmlrpc-5.3.3-14.el6_3.3.s390x.rpm x86_64: php-5.3.3-14.el6_3.3.x86_64.rpm php-cli-5.3.3-14.el6_3.3.x86_64.rpm php-common-5.3.3-14.el6_3.3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm php-gd-5.3.3-14.el6_3.3.x86_64.rpm php-ldap-5.3.3-14.el6_3.3.x86_64.rpm php-mysql-5.3.3-14.el6_3.3.x86_64.rpm php-odbc-5.3.3-14.el6_3.3.x86_64.rpm php-pdo-5.3.3-14.el6_3.3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.3.x86_64.rpm php-soap-5.3.3-14.el6_3.3.x86_64.rpm php-xml-5.3.3-14.el6_3.3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: php-5.3.3-23.el6_4.1.src.rpm i386: php-5.3.3-23.el6_4.1.i686.rpm php-cli-5.3.3-23.el6_4.1.i686.rpm php-common-5.3.3-23.el6_4.1.i686.rpm php-debuginfo-5.3.3-23.el6_4.1.i686.rpm php-gd-5.3.3-23.el6_4.1.i686.rpm php-ldap-5.3.3-23.el6_4.1.i686.rpm php-mysql-5.3.3-23.el6_4.1.i686.rpm php-odbc-5.3.3-23.el6_4.1.i686.rpm php-pdo-5.3.3-23.el6_4.1.i686.rpm php-pgsql-5.3.3-23.el6_4.1.i686.rpm php-soap-5.3.3-23.el6_4.1.i686.rpm php-xml-5.3.3-23.el6_4.1.i686.rpm php-xmlrpc-5.3.3-23.el6_4.1.i686.rpm ppc64: php-5.3.3-23.el6_4.1.ppc64.rpm php-cli-5.3.3-23.el6_4.1.ppc64.rpm php-common-5.3.3-23.el6_4.1.ppc64.rpm php-debuginfo-5.3.3-23.el6_4.1.ppc64.rpm php-gd-5.3.3-23.el6_4.1.ppc64.rpm php-ldap-5.3.3-23.el6_4.1.ppc64.rpm php-mysql-5.3.3-23.el6_4.1.ppc64.rpm php-odbc-5.3.3-23.el6_4.1.ppc64.rpm php-pdo-5.3.3-23.el6_4.1.ppc64.rpm php-pgsql-5.3.3-23.el6_4.1.ppc64.rpm php-soap-5.3.3-23.el6_4.1.ppc64.rpm php-xml-5.3.3-23.el6_4.1.ppc64.rpm php-xmlrpc-5.3.3-23.el6_4.1.ppc64.rpm s390x: php-5.3.3-23.el6_4.1.s390x.rpm php-cli-5.3.3-23.el6_4.1.s390x.rpm php-common-5.3.3-23.el6_4.1.s390x.rpm php-debuginfo-5.3.3-23.el6_4.1.s390x.rpm php-gd-5.3.3-23.el6_4.1.s390x.rpm php-ldap-5.3.3-23.el6_4.1.s390x.rpm php-mysql-5.3.3-23.el6_4.1.s390x.rpm php-odbc-5.3.3-23.el6_4.1.s390x.rpm php-pdo-5.3.3-23.el6_4.1.s390x.rpm php-pgsql-5.3.3-23.el6_4.1.s390x.rpm php-soap-5.3.3-23.el6_4.1.s390x.rpm php-xml-5.3.3-23.el6_4.1.s390x.rpm php-xmlrpc-5.3.3-23.el6_4.1.s390x.rpm x86_64: php-5.3.3-23.el6_4.1.x86_64.rpm php-cli-5.3.3-23.el6_4.1.x86_64.rpm php-common-5.3.3-23.el6_4.1.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm php-gd-5.3.3-23.el6_4.1.x86_64.rpm php-ldap-5.3.3-23.el6_4.1.x86_64.rpm php-mysql-5.3.3-23.el6_4.1.x86_64.rpm php-odbc-5.3.3-23.el6_4.1.x86_64.rpm php-pdo-5.3.3-23.el6_4.1.x86_64.rpm php-pgsql-5.3.3-23.el6_4.1.x86_64.rpm php-soap-5.3.3-23.el6_4.1.x86_64.rpm php-xml-5.3.3-23.el6_4.1.x86_64.rpm php-xmlrpc-5.3.3-23.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.2): Source: php-5.3.3-3.el6_2.11.src.rpm i386: php-bcmath-5.3.3-3.el6_2.11.i686.rpm php-dba-5.3.3-3.el6_2.11.i686.rpm php-debuginfo-5.3.3-3.el6_2.11.i686.rpm php-devel-5.3.3-3.el6_2.11.i686.rpm php-embedded-5.3.3-3.el6_2.11.i686.rpm php-enchant-5.3.3-3.el6_2.11.i686.rpm php-imap-5.3.3-3.el6_2.11.i686.rpm php-intl-5.3.3-3.el6_2.11.i686.rpm php-mbstring-5.3.3-3.el6_2.11.i686.rpm php-process-5.3.3-3.el6_2.11.i686.rpm php-pspell-5.3.3-3.el6_2.11.i686.rpm php-recode-5.3.3-3.el6_2.11.i686.rpm php-snmp-5.3.3-3.el6_2.11.i686.rpm php-tidy-5.3.3-3.el6_2.11.i686.rpm php-zts-5.3.3-3.el6_2.11.i686.rpm ppc64: php-bcmath-5.3.3-3.el6_2.11.ppc64.rpm php-dba-5.3.3-3.el6_2.11.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.11.ppc64.rpm php-devel-5.3.3-3.el6_2.11.ppc64.rpm php-embedded-5.3.3-3.el6_2.11.ppc64.rpm php-enchant-5.3.3-3.el6_2.11.ppc64.rpm php-imap-5.3.3-3.el6_2.11.ppc64.rpm php-intl-5.3.3-3.el6_2.11.ppc64.rpm php-mbstring-5.3.3-3.el6_2.11.ppc64.rpm php-process-5.3.3-3.el6_2.11.ppc64.rpm php-pspell-5.3.3-3.el6_2.11.ppc64.rpm php-recode-5.3.3-3.el6_2.11.ppc64.rpm php-snmp-5.3.3-3.el6_2.11.ppc64.rpm php-tidy-5.3.3-3.el6_2.11.ppc64.rpm php-zts-5.3.3-3.el6_2.11.ppc64.rpm s390x: php-bcmath-5.3.3-3.el6_2.11.s390x.rpm php-dba-5.3.3-3.el6_2.11.s390x.rpm php-debuginfo-5.3.3-3.el6_2.11.s390x.rpm php-devel-5.3.3-3.el6_2.11.s390x.rpm php-embedded-5.3.3-3.el6_2.11.s390x.rpm php-enchant-5.3.3-3.el6_2.11.s390x.rpm php-imap-5.3.3-3.el6_2.11.s390x.rpm php-intl-5.3.3-3.el6_2.11.s390x.rpm php-mbstring-5.3.3-3.el6_2.11.s390x.rpm php-process-5.3.3-3.el6_2.11.s390x.rpm php-pspell-5.3.3-3.el6_2.11.s390x.rpm php-recode-5.3.3-3.el6_2.11.s390x.rpm php-snmp-5.3.3-3.el6_2.11.s390x.rpm php-tidy-5.3.3-3.el6_2.11.s390x.rpm php-zts-5.3.3-3.el6_2.11.s390x.rpm x86_64: php-bcmath-5.3.3-3.el6_2.11.x86_64.rpm php-dba-5.3.3-3.el6_2.11.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm php-devel-5.3.3-3.el6_2.11.x86_64.rpm php-embedded-5.3.3-3.el6_2.11.x86_64.rpm php-enchant-5.3.3-3.el6_2.11.x86_64.rpm php-imap-5.3.3-3.el6_2.11.x86_64.rpm php-intl-5.3.3-3.el6_2.11.x86_64.rpm php-mbstring-5.3.3-3.el6_2.11.x86_64.rpm php-process-5.3.3-3.el6_2.11.x86_64.rpm php-pspell-5.3.3-3.el6_2.11.x86_64.rpm php-recode-5.3.3-3.el6_2.11.x86_64.rpm php-snmp-5.3.3-3.el6_2.11.x86_64.rpm php-tidy-5.3.3-3.el6_2.11.x86_64.rpm php-zts-5.3.3-3.el6_2.11.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: php-5.3.3-14.el6_3.3.src.rpm i386: php-bcmath-5.3.3-14.el6_3.3.i686.rpm php-dba-5.3.3-14.el6_3.3.i686.rpm php-debuginfo-5.3.3-14.el6_3.3.i686.rpm php-devel-5.3.3-14.el6_3.3.i686.rpm php-embedded-5.3.3-14.el6_3.3.i686.rpm php-enchant-5.3.3-14.el6_3.3.i686.rpm php-imap-5.3.3-14.el6_3.3.i686.rpm php-intl-5.3.3-14.el6_3.3.i686.rpm php-mbstring-5.3.3-14.el6_3.3.i686.rpm php-process-5.3.3-14.el6_3.3.i686.rpm php-pspell-5.3.3-14.el6_3.3.i686.rpm php-recode-5.3.3-14.el6_3.3.i686.rpm php-snmp-5.3.3-14.el6_3.3.i686.rpm php-tidy-5.3.3-14.el6_3.3.i686.rpm php-zts-5.3.3-14.el6_3.3.i686.rpm ppc64: php-bcmath-5.3.3-14.el6_3.3.ppc64.rpm php-dba-5.3.3-14.el6_3.3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.3.ppc64.rpm php-devel-5.3.3-14.el6_3.3.ppc64.rpm php-embedded-5.3.3-14.el6_3.3.ppc64.rpm php-enchant-5.3.3-14.el6_3.3.ppc64.rpm php-imap-5.3.3-14.el6_3.3.ppc64.rpm php-intl-5.3.3-14.el6_3.3.ppc64.rpm php-mbstring-5.3.3-14.el6_3.3.ppc64.rpm php-process-5.3.3-14.el6_3.3.ppc64.rpm php-pspell-5.3.3-14.el6_3.3.ppc64.rpm php-recode-5.3.3-14.el6_3.3.ppc64.rpm php-snmp-5.3.3-14.el6_3.3.ppc64.rpm php-tidy-5.3.3-14.el6_3.3.ppc64.rpm php-zts-5.3.3-14.el6_3.3.ppc64.rpm s390x: php-bcmath-5.3.3-14.el6_3.3.s390x.rpm php-dba-5.3.3-14.el6_3.3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.3.s390x.rpm php-devel-5.3.3-14.el6_3.3.s390x.rpm php-embedded-5.3.3-14.el6_3.3.s390x.rpm php-enchant-5.3.3-14.el6_3.3.s390x.rpm php-imap-5.3.3-14.el6_3.3.s390x.rpm php-intl-5.3.3-14.el6_3.3.s390x.rpm php-mbstring-5.3.3-14.el6_3.3.s390x.rpm php-process-5.3.3-14.el6_3.3.s390x.rpm php-pspell-5.3.3-14.el6_3.3.s390x.rpm php-recode-5.3.3-14.el6_3.3.s390x.rpm php-snmp-5.3.3-14.el6_3.3.s390x.rpm php-tidy-5.3.3-14.el6_3.3.s390x.rpm php-zts-5.3.3-14.el6_3.3.s390x.rpm x86_64: php-bcmath-5.3.3-14.el6_3.3.x86_64.rpm php-dba-5.3.3-14.el6_3.3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm php-devel-5.3.3-14.el6_3.3.x86_64.rpm php-embedded-5.3.3-14.el6_3.3.x86_64.rpm php-enchant-5.3.3-14.el6_3.3.x86_64.rpm php-imap-5.3.3-14.el6_3.3.x86_64.rpm php-intl-5.3.3-14.el6_3.3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.3.x86_64.rpm php-process-5.3.3-14.el6_3.3.x86_64.rpm php-pspell-5.3.3-14.el6_3.3.x86_64.rpm php-recode-5.3.3-14.el6_3.3.x86_64.rpm php-snmp-5.3.3-14.el6_3.3.x86_64.rpm php-tidy-5.3.3-14.el6_3.3.x86_64.rpm php-zts-5.3.3-14.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: php-5.3.3-23.el6_4.1.src.rpm i386: php-bcmath-5.3.3-23.el6_4.1.i686.rpm php-dba-5.3.3-23.el6_4.1.i686.rpm php-debuginfo-5.3.3-23.el6_4.1.i686.rpm php-devel-5.3.3-23.el6_4.1.i686.rpm php-embedded-5.3.3-23.el6_4.1.i686.rpm php-enchant-5.3.3-23.el6_4.1.i686.rpm php-fpm-5.3.3-23.el6_4.1.i686.rpm php-imap-5.3.3-23.el6_4.1.i686.rpm php-intl-5.3.3-23.el6_4.1.i686.rpm php-mbstring-5.3.3-23.el6_4.1.i686.rpm php-process-5.3.3-23.el6_4.1.i686.rpm php-pspell-5.3.3-23.el6_4.1.i686.rpm php-recode-5.3.3-23.el6_4.1.i686.rpm php-snmp-5.3.3-23.el6_4.1.i686.rpm php-tidy-5.3.3-23.el6_4.1.i686.rpm php-zts-5.3.3-23.el6_4.1.i686.rpm ppc64: php-bcmath-5.3.3-23.el6_4.1.ppc64.rpm php-dba-5.3.3-23.el6_4.1.ppc64.rpm php-debuginfo-5.3.3-23.el6_4.1.ppc64.rpm php-devel-5.3.3-23.el6_4.1.ppc64.rpm php-embedded-5.3.3-23.el6_4.1.ppc64.rpm php-enchant-5.3.3-23.el6_4.1.ppc64.rpm php-fpm-5.3.3-23.el6_4.1.ppc64.rpm php-imap-5.3.3-23.el6_4.1.ppc64.rpm php-intl-5.3.3-23.el6_4.1.ppc64.rpm php-mbstring-5.3.3-23.el6_4.1.ppc64.rpm php-process-5.3.3-23.el6_4.1.ppc64.rpm php-pspell-5.3.3-23.el6_4.1.ppc64.rpm php-recode-5.3.3-23.el6_4.1.ppc64.rpm php-snmp-5.3.3-23.el6_4.1.ppc64.rpm php-tidy-5.3.3-23.el6_4.1.ppc64.rpm php-zts-5.3.3-23.el6_4.1.ppc64.rpm s390x: php-bcmath-5.3.3-23.el6_4.1.s390x.rpm php-dba-5.3.3-23.el6_4.1.s390x.rpm php-debuginfo-5.3.3-23.el6_4.1.s390x.rpm php-devel-5.3.3-23.el6_4.1.s390x.rpm php-embedded-5.3.3-23.el6_4.1.s390x.rpm php-enchant-5.3.3-23.el6_4.1.s390x.rpm php-fpm-5.3.3-23.el6_4.1.s390x.rpm php-imap-5.3.3-23.el6_4.1.s390x.rpm php-intl-5.3.3-23.el6_4.1.s390x.rpm php-mbstring-5.3.3-23.el6_4.1.s390x.rpm php-process-5.3.3-23.el6_4.1.s390x.rpm php-pspell-5.3.3-23.el6_4.1.s390x.rpm php-recode-5.3.3-23.el6_4.1.s390x.rpm php-snmp-5.3.3-23.el6_4.1.s390x.rpm php-tidy-5.3.3-23.el6_4.1.s390x.rpm php-zts-5.3.3-23.el6_4.1.s390x.rpm x86_64: php-bcmath-5.3.3-23.el6_4.1.x86_64.rpm php-dba-5.3.3-23.el6_4.1.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm php-devel-5.3.3-23.el6_4.1.x86_64.rpm php-embedded-5.3.3-23.el6_4.1.x86_64.rpm php-enchant-5.3.3-23.el6_4.1.x86_64.rpm php-fpm-5.3.3-23.el6_4.1.x86_64.rpm php-imap-5.3.3-23.el6_4.1.x86_64.rpm php-intl-5.3.3-23.el6_4.1.x86_64.rpm php-mbstring-5.3.3-23.el6_4.1.x86_64.rpm php-process-5.3.3-23.el6_4.1.x86_64.rpm php-pspell-5.3.3-23.el6_4.1.x86_64.rpm php-recode-5.3.3-23.el6_4.1.x86_64.rpm php-snmp-5.3.3-23.el6_4.1.x86_64.rpm php-tidy-5.3.3-23.el6_4.1.x86_64.rpm php-zts-5.3.3-23.el6_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6420.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSqKLhXlSAg2UNWIIRAnSIAKCghJudv/nUjGlRyial77jiDvzgOACghRSP XX2uwN0qecAwBgiL2cJNyh4= =6m6W -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.61

sources: NVD: CVE-2013-6420 // JVNDB: JVNDB-2013-005585 // VULHUB: VHN-66422 // PACKETSTORM: 128049 // PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 124776 // PACKETSTORM: 124532 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389 // PACKETSTORM: 124390

AFFECTED PRODUCTS

vendor:phpmodel:phpscope:eqversion:5.5.4

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.5.6

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.5.2

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.5.1

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.5.5

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.5.3

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.5.0

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.3.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.24

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.14

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.25

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.13

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.19

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.15

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.1

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.12

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.16

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.18

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.11

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.19

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.26

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.11

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.21

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.14

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.18

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.16

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.21

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.20

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.8

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.23

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.8

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.5

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.9.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.17

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.15

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.17

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.4

Trust: 1.0

vendor:phpmodel:phpscope:lteversion:5.3.27

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.9

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.22

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.22

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.13

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.20

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.9

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.12

Trust: 1.0

vendor:the php groupmodel:phpscope:eqversion:5.4.23

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.8.5

Trust: 0.8

vendor:the php groupmodel:phpscope:ltversion:5.5.x

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.9.1

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.9

Trust: 0.8

vendor:the php groupmodel:phpscope:eqversion:5.5.7

Trust: 0.8

vendor:the php groupmodel:phpscope:ltversion:5.4.x

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.7.5

Trust: 0.8

sources: JVNDB: JVNDB-2013-005585 // CNNVD: CNNVD-201312-348 // NVD: CVE-2013-6420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6420
value: HIGH

Trust: 1.0

NVD: CVE-2013-6420
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201312-348
value: HIGH

Trust: 0.6

VULHUB: VHN-66422
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6420
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66422
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66422 // JVNDB: JVNDB-2013-005585 // CNNVD: CNNVD-201312-348 // NVD: CVE-2013-6420

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-66422 // JVNDB: JVNDB-2013-005585 // NVD: CVE-2013-6420

THREAT TYPE

remote

Trust: 1.4

sources: PACKETSTORM: 128049 // PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124532 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389 // PACKETSTORM: 124390 // CNNVD: CNNVD-201312-348

TYPE

arbitrary

Trust: 0.9

sources: PACKETSTORM: 128049 // PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 124532 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389 // PACKETSTORM: 124390

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005585

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-66422

PATCH

title:APPLE-SA-2014-02-25-1url:http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html

Trust: 0.8

title:HT6150url:http://support.apple.com/kb/HT6150

Trust: 0.8

title:HT6150url:http://support.apple.com/kb/HT6150?viewlocale=ja_JP

Trust: 0.8

title:InterWorx Version 5.0.14 Released on Beta Channel!url:http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!

Trust: 0.8

title:Bug 1036830url:https://bugzilla.redhat.com/show_bug.cgi?id=1036830

Trust: 0.8

title:Multiple Buffer Errors vulnerabilities in PHPurl:https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in1

Trust: 0.8

title:Fix CVE-2013-6420 - memory corruption in openssl_x509_parseurl:http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415

Trust: 0.8

title:PHP 5 ChangeLogurl:http://www.php.net/ChangeLog-5.php

Trust: 0.8

title:php-5.5.7url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47192

Trust: 0.6

title:php-5.4.23url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47191

Trust: 0.6

title:php-5.3.28url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47190

Trust: 0.6

sources: JVNDB: JVNDB-2013-005585 // CNNVD: CNNVD-201312-348

EXTERNAL IDS

db:NVDid:CVE-2013-6420

Trust: 3.5

db:SECTRACKid:1029472

Trust: 1.1

db:SECUNIAid:59652

Trust: 1.1

db:BIDid:64225

Trust: 1.1

db:JVNid:JVNVU95868425

Trust: 0.8

db:JVNDBid:JVNDB-2013-005585

Trust: 0.8

db:CNNVDid:CNNVD-201312-348

Trust: 0.7

db:SECUNIAid:56071

Trust: 0.6

db:SECUNIAid:56055

Trust: 0.6

db:SECUNIAid:56070

Trust: 0.6

db:PACKETSTORMid:124391

Trust: 0.2

db:PACKETSTORMid:124532

Trust: 0.2

db:PACKETSTORMid:124776

Trust: 0.2

db:PACKETSTORMid:124389

Trust: 0.2

db:PACKETSTORMid:124390

Trust: 0.2

db:PACKETSTORMid:124383

Trust: 0.2

db:PACKETSTORMid:124384

Trust: 0.2

db:PACKETSTORMid:124407

Trust: 0.2

db:PACKETSTORMid:124436

Trust: 0.1

db:PACKETSTORMid:124406

Trust: 0.1

db:SEEBUGid:SSVID-83792

Trust: 0.1

db:EXPLOIT-DBid:30395

Trust: 0.1

db:VULHUBid:VHN-66422

Trust: 0.1

db:PACKETSTORMid:128049

Trust: 0.1

db:PACKETSTORMid:124382

Trust: 0.1

sources: VULHUB: VHN-66422 // JVNDB: JVNDB-2013-005585 // PACKETSTORM: 128049 // PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 124776 // PACKETSTORM: 124532 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389 // PACKETSTORM: 124390 // CNNVD: CNNVD-201312-348 // NVD: CVE-2013-6420

REFERENCES

url:https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html

Trust: 2.5

url:http://www.php.net/changelog-5.php

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=1036830

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2013-1813.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2013-1815.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2013-1824.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2013-1825.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2013-1826.html

Trust: 1.2

url:http://www.ubuntu.com/usn/usn-2055-1

Trust: 1.2

url:http://www.securityfocus.com/bid/64225

Trust: 1.1

url:http://forums.interworx.com/threads/8000-interworx-version-5-0-14-released-on-beta-channel%21

Trust: 1.1

url:http://support.apple.com/kb/ht6150

Trust: 1.1

url:http://www.debian.org/security/2013/dsa-2816

Trust: 1.1

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04463322

Trust: 1.1

url:http://www.securitytracker.com/id/1029472

Trust: 1.1

url:http://secunia.com/advisories/59652

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6420

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2013-6420

Trust: 1.0

url:http://git.php.net/?p=php-src.git%3ba=commit%3bh=c1224573c773b6845e83505f717fbf820fc18415

Trust: 1.0

url:http://jvn.jp/vu/jvnvu95868425/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6420

Trust: 0.8

url:http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415

Trust: 0.7

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/team/key/#package

Trust: 0.6

url:https://access.redhat.com/site/articles/11258

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-6420.html

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:http://secunia.com/advisories/56055

Trust: 0.6

url:http://secunia.com/advisories/56070

Trust: 0.6

url:http://secunia.com/advisories/56071

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-1643

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-6712

Trust: 0.2

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4635

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3597

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4636

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1635

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0238

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2110

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2497

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0185

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4113

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1635

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-7345

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5120

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-3735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-2497

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201408-11.xml

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4718

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1824

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-7327

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2270

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7327

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0237

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3981

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1824

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0185

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6420

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0237

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3597

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4636

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-7226

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4670

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1643

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6712

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7226

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4718

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0238

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4049

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-2270

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-5120

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2110

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4248

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4049

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3981

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4248

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4113

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4635

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.4.9-4ubuntu2.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.22

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.9

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.5

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://www.php.net/changelog-5.php#5.3.28

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2688

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1398.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1398

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2013-1814.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-2688.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-1643.html

Trust: 0.1

sources: VULHUB: VHN-66422 // JVNDB: JVNDB-2013-005585 // PACKETSTORM: 128049 // PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 124776 // PACKETSTORM: 124532 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389 // PACKETSTORM: 124390 // CNNVD: CNNVD-201312-348 // NVD: CVE-2013-6420

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 124383 // PACKETSTORM: 124384 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389 // PACKETSTORM: 124390

SOURCES

db:VULHUBid:VHN-66422
db:JVNDBid:JVNDB-2013-005585
db:PACKETSTORMid:128049
db:PACKETSTORMid:124383
db:PACKETSTORMid:124384
db:PACKETSTORMid:124407
db:PACKETSTORMid:124776
db:PACKETSTORMid:124532
db:PACKETSTORMid:124382
db:PACKETSTORMid:124391
db:PACKETSTORMid:124389
db:PACKETSTORMid:124390
db:CNNVDid:CNNVD-201312-348
db:NVDid:CVE-2013-6420

LAST UPDATE DATE

2024-11-21T22:07:29.520000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-66422date:2018-10-30T00:00:00
db:JVNDBid:JVNDB-2013-005585date:2015-08-10T00:00:00
db:CNNVDid:CNNVD-201312-348date:2013-12-18T00:00:00
db:NVDid:CVE-2013-6420date:2023-11-07T02:17:11.400

SOURCES RELEASE DATE

db:VULHUBid:VHN-66422date:2013-12-17T00:00:00
db:JVNDBid:JVNDB-2013-005585date:2013-12-18T00:00:00
db:PACKETSTORMid:128049date:2014-08-29T22:24:02
db:PACKETSTORMid:124383date:2013-12-11T06:56:18
db:PACKETSTORMid:124384date:2013-12-11T06:56:45
db:PACKETSTORMid:124407date:2013-12-14T00:04:46
db:PACKETSTORMid:124776date:2014-01-14T14:44:00
db:PACKETSTORMid:124532date:2013-12-22T15:06:29
db:PACKETSTORMid:124382date:2013-12-11T06:56:03
db:PACKETSTORMid:124391date:2013-12-12T04:29:50
db:PACKETSTORMid:124389date:2013-12-12T04:29:33
db:PACKETSTORMid:124390date:2013-12-12T04:29:44
db:CNNVDid:CNNVD-201312-348date:2013-12-18T00:00:00
db:NVDid:CVE-2013-6420date:2013-12-17T04:46:45.877