ID CVE-2014-2497
Summary The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
References
Vulnerable Configurations
  • PHP 5.4.25
    cpe:2.3:a:php:php:5.4.25
  • PHP 5.4.26
    cpe:2.3:a:php:php:5.4.26
  • PHP 5.4.24
    cpe:2.3:a:php:php:5.4.24
  • PHP PHP 5.0.0
    cpe:2.3:a:php:php:5.0.0
  • PHP PHP 5.0.0 Beta1
    cpe:2.3:a:php:php:5.0.0:beta1
  • PHP PHP 5.0.0 Beta2
    cpe:2.3:a:php:php:5.0.0:beta2
  • PHP PHP 5.0.0 Beta3
    cpe:2.3:a:php:php:5.0.0:beta3
  • PHP PHP 5.0.0 Beta4
    cpe:2.3:a:php:php:5.0.0:beta4
  • PHP PHP 5.0.0 RC1
    cpe:2.3:a:php:php:5.0.0:rc1
  • PHP PHP 5.0.0 RC2
    cpe:2.3:a:php:php:5.0.0:rc2
  • PHP PHP 5.0.0 RC3
    cpe:2.3:a:php:php:5.0.0:rc3
  • PHP PHP 5.0.1
    cpe:2.3:a:php:php:5.0.1
  • PHP PHP 5.0.2
    cpe:2.3:a:php:php:5.0.2
  • PHP PHP 5.0.3
    cpe:2.3:a:php:php:5.0.3
  • PHP PHP 5.0.4
    cpe:2.3:a:php:php:5.0.4
  • PHP PHP 5.0.5
    cpe:2.3:a:php:php:5.0.5
  • PHP PHP 5.1.0
    cpe:2.3:a:php:php:5.1.0
  • PHP PHP 5.1.1
    cpe:2.3:a:php:php:5.1.1
  • PHP PHP 5.1.2
    cpe:2.3:a:php:php:5.1.2
  • PHP PHP 5.1.3
    cpe:2.3:a:php:php:5.1.3
  • PHP 5.1.4
    cpe:2.3:a:php:php:5.1.4
  • PHP PHP 5.1.5
    cpe:2.3:a:php:php:5.1.5
  • PHP PHP 5.1.6
    cpe:2.3:a:php:php:5.1.6
  • PHP 5.2.0
    cpe:2.3:a:php:php:5.2.0
  • PHP 5.2.1
    cpe:2.3:a:php:php:5.2.1
  • PHP 5.2.10
    cpe:2.3:a:php:php:5.2.10
  • PHP 5.2.11
    cpe:2.3:a:php:php:5.2.11
  • PHP 5.2.12
    cpe:2.3:a:php:php:5.2.12
  • PHP 5.2.13
    cpe:2.3:a:php:php:5.2.13
  • PHP 5.2.14
    cpe:2.3:a:php:php:5.2.14
  • PHP 5.2.15
    cpe:2.3:a:php:php:5.2.15
  • PHP 5.2.16
    cpe:2.3:a:php:php:5.2.16
  • PHP 5.2.17
    cpe:2.3:a:php:php:5.2.17
  • PHP 5.2.2
    cpe:2.3:a:php:php:5.2.2
  • PHP 5.2.3
    cpe:2.3:a:php:php:5.2.3
  • PHP 5.2.4
    cpe:2.3:a:php:php:5.2.4
  • PHP 5.2.5
    cpe:2.3:a:php:php:5.2.5
  • PHP 5.2.6
    cpe:2.3:a:php:php:5.2.6
  • PHP 5.2.7
    cpe:2.3:a:php:php:5.2.7
  • PHP 5.2.8
    cpe:2.3:a:php:php:5.2.8
  • PHP 5.2.9
    cpe:2.3:a:php:php:5.2.9
  • PHP 5.3.0
    cpe:2.3:a:php:php:5.3.0
  • PHP 5.3.1
    cpe:2.3:a:php:php:5.3.1
  • PHP 5.3.10
    cpe:2.3:a:php:php:5.3.10
  • PHP 5.3.11
    cpe:2.3:a:php:php:5.3.11
  • PHP 5.3.12
    cpe:2.3:a:php:php:5.3.12
  • PHP 5.3.13
    cpe:2.3:a:php:php:5.3.13
  • PHP 5.3.14
    cpe:2.3:a:php:php:5.3.14
  • PHP 5.3.15
    cpe:2.3:a:php:php:5.3.15
  • PHP 5.3.16
    cpe:2.3:a:php:php:5.3.16
  • PHP 5.3.17
    cpe:2.3:a:php:php:5.3.17
  • PHP 5.3.18
    cpe:2.3:a:php:php:5.3.18
  • PHP 5.3.19
    cpe:2.3:a:php:php:5.3.19
  • PHP 5.3.2
    cpe:2.3:a:php:php:5.3.2
  • PHP 5.3.20
    cpe:2.3:a:php:php:5.3.20
  • PHP 5.3.21
    cpe:2.3:a:php:php:5.3.21
  • PHP 5.3.22
    cpe:2.3:a:php:php:5.3.22
  • PHP 5.3.23
    cpe:2.3:a:php:php:5.3.23
  • PHP 5.3.24
    cpe:2.3:a:php:php:5.3.24
  • PHP 5.3.25
    cpe:2.3:a:php:php:5.3.25
  • PHP 5.3.26
    cpe:2.3:a:php:php:5.3.26
  • PHP 5.3.27
    cpe:2.3:a:php:php:5.3.27
  • PHP 5.3.3
    cpe:2.3:a:php:php:5.3.3
  • PHP 5.3.4
    cpe:2.3:a:php:php:5.3.4
  • PHP 5.3.5
    cpe:2.3:a:php:php:5.3.5
  • PHP 5.3.6
    cpe:2.3:a:php:php:5.3.6
  • PHP 5.3.7
    cpe:2.3:a:php:php:5.3.7
  • PHP 5.3.8
    cpe:2.3:a:php:php:5.3.8
  • PHP 5.3.9
    cpe:2.3:a:php:php:5.3.9
  • PHP 5.4.0
    cpe:2.3:a:php:php:5.4.0
  • PHP 5.4.1
    cpe:2.3:a:php:php:5.4.1
  • PHP 5.4.10
    cpe:2.3:a:php:php:5.4.10
  • PHP 5.4.11
    cpe:2.3:a:php:php:5.4.11
  • PHP 5.4.12
    cpe:2.3:a:php:php:5.4.12
  • PHP 5.4.12 release candidate 1
    cpe:2.3:a:php:php:5.4.12:rc1
  • PHP 5.4.12 release candidate 2
    cpe:2.3:a:php:php:5.4.12:rc2
  • PHP 5.4.13
    cpe:2.3:a:php:php:5.4.13
  • PHP 5.4.13 release candidate 1
    cpe:2.3:a:php:php:5.4.13:rc1
  • PHP 5.4.14
    cpe:2.3:a:php:php:5.4.14
  • PHP 5.4.14 release candidate 1
    cpe:2.3:a:php:php:5.4.14:rc1
  • PHP 5.4.15 release candidate 1
    cpe:2.3:a:php:php:5.4.15:rc1
  • PHP 5.4.16 release candidate 1
    cpe:2.3:a:php:php:5.4.16:rc1
  • PHP 5.4.17
    cpe:2.3:a:php:php:5.4.17
  • PHP 5.4.18
    cpe:2.3:a:php:php:5.4.18
  • PHP 5.4.19
    cpe:2.3:a:php:php:5.4.19
  • PHP 5.4.2
    cpe:2.3:a:php:php:5.4.2
  • PHP 5.4.20
    cpe:2.3:a:php:php:5.4.20
  • PHP 5.4.21
    cpe:2.3:a:php:php:5.4.21
  • PHP 5.4.22
    cpe:2.3:a:php:php:5.4.22
  • PHP 5.4.23
    cpe:2.3:a:php:php:5.4.23
  • PHP 5.4.3
    cpe:2.3:a:php:php:5.4.3
  • PHP 5.4.9
    cpe:2.3:a:php:php:5.4.9
  • PHP 5.4.8
    cpe:2.3:a:php:php:5.4.8
  • PHP 5.4.7
    cpe:2.3:a:php:php:5.4.7
  • PHP 5.4.6
    cpe:2.3:a:php:php:5.4.6
  • PHP 5.4.5
    cpe:2.3:a:php:php:5.4.5
  • PHP 5.4.4
    cpe:2.3:a:php:php:5.4.4
CVSS
Base: 4.3 (as of 21-03-2014 - 07:04)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201607-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201607-04 (GD: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-10-10
    plugin id 92348
    published 2016-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92348
    title GLSA-201607-04 : GD: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-0868-1.NASL
    description PHP5 has been updated to fix two security vulnerabilities : - Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049) - NULL pointer dereference in GD XPM decoder (CVE-2014-2497) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-05-20
    plugin id 83630
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83630
    title SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0868-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-189.NASL
    description Multiple vulnerabilities were discovered in libgd2, a graphics library : CVE-2014-2497 The gdImageCreateFromXpm() function would try to dereference a NULL pointer when reading an XPM file with a special color table. This could allow remote attackers to cause a denial of service (crash) via crafted XPM files. CVE-2014-9709 Importing an invalid GIF file using the gdImageCreateFromGif() function would cause a read buffer overflow that could allow remote attackers to cause a denial of service (crash) via crafted GIF files. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82646
    published 2015-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82646
    title Debian DLA-189-1 : libgd2 security update
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2015-004.NASL
    description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 82700
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82700
    title Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-153.NASL
    description Updated libgd packages fix security vulnerabilities : The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file (CVE-2014-2497). A buffer read overflow in gd_gif_in.c in the php#68601 bug referenced in the PHP 5.5.21 ChangeLog has been fixed in the libgd package.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82406
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82406
    title Mandriva Linux Security Advisory : libgd (MDVSA-2015:153)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3215.NASL
    description Multiple vulnerabilities were discovered in libgd2, a graphics library : - CVE-2014-2497 The gdImageCreateFromXpm() function would try to dereference a NULL pointer when reading an XPM file with a special color table. This could allow remote attackers to cause a denial of service (crash) via crafted XPM files. - CVE-2014-9709 Importing an invalid GIF file using the gdImageCreateFromGif() function would cause a read buffer overflow that could allow remote attackers to cause a denial of service (crash) via crafted GIF files.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 82623
    published 2015-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82623
    title Debian DSA-3215-1 : libgd2 - security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201408-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201408-11 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77455
    published 2014-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77455
    title GLSA-201408-11 : PHP: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-0503.NASL
    description Previous patch of #1076676 introduced memory leak. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 80873
    published 2015-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80873
    title Fedora 20 : gd-2.1.0-8.fc20 (2015-0503)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-133.NASL
    description Updated gd and libgd packages fix security vulnerability : The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file (CVE-2014-2497).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 76469
    published 2014-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76469
    title Mandriva Linux Security Advisory : gd (MDVSA-2014:133)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-8458.NASL
    description CVE-2014-2497 gd: NULL pointer dereference in : gdImageCreateFromXpm() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 77206
    published 2014-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77206
    title Fedora 20 : gd-2.1.0-6.fc20 (2014-8458)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-0432.NASL
    description Previous patch of #1076676 introduced memory leak. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 80837
    published 2015-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80837
    title Fedora 21 : gd-2.1.0-8.fc21 (2015-0432)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-415.NASL
    description A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 .
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78358
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78358
    title Amazon Linux AMI : php55 (ALAS-2014-415)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140930_PHP53_AND_PHP_ON_SL5_X.NASL
    description It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3597 issue was discovered by David Kutlek of the Red Hat BaseOS QE. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 78419
    published 2014-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78419
    title Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10_3.NASL
    description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 82699
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82699
    title Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1326.NASL
    description From Red Hat Security Advisory 2014:1326 : Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3597 issue was discovered by David Kutalek of the Red Hat BaseOS QE. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 78004
    published 2014-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78004
    title Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1326)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2987-1.NASL
    description It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2497) It was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9709) It was discovered that the GD library incorrectly handled memory when using gdImageFillToBorder(). A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-8874) It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877) Hans Jerry Illikainen discovered that the GD library incorrectly handled certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-3074). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 91423
    published 2016-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91423
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libgd2 vulnerabilities (USN-2987-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-419.NASL
    description php5 was updated to fix several security issues. These issues were fixed : - Performance degradation by too many file_printf calls (CVE-2014-0237) - DoS in Fileinfo component (CVE-2014-0238) - NULL pointer dereference in GD XPM decoder (CVE-2014-2497) - Privilege escalation due to insecure default config (CVE-2014-0185)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 75385
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75385
    title openSUSE Security Update : php5 (openSUSE-SU-2014:0784-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_APACHE2-MOD_PHP53-140627.NASL
    description php53 was updated to fix the following security vulnerabilities : - Heap-based buffer overflow in DNS TXT record parsing. (CVE-2014-4049) - Denial of service in Fileinfo component. (CVE-2014-0238) - Performance degradation by too many file_printf calls. (CVE-2014-0237) - NULL pointer dereference in GD XPM decoder. (CVE-2014-2497)
    last seen 2018-09-01
    modified 2014-08-31
    plugin id 76367
    published 2014-07-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76367
    title SuSE 11.3 Security Update : php53 (SAT Patch Number 9450)
  • NASL family CGI abuses
    NASL id PHP_5_5_16.NASL
    description According to its banner, the remote web server is running a version of PHP 5.5.x prior to 5.5.16. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file. By using a specially crafted color mapping, a remote attacker could cause a denial of service. (CVE-2014-2497) - The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538) - An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587) - There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597) - There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files. (CVE-2014-5120) Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 77403
    published 2014-08-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77403
    title PHP 5.5.x < 5.5.16 Multiple Vulnerabilities
  • NASL family CGI abuses
    NASL id PHP_5_4_32.NASL
    description According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file. By using a specially crafted color mapping, a remote attacker could cause a denial of service. (CVE-2014-2497) - The original upstream patch for CVE-2013-7345 did not provide a complete solution. It is, therefore, still possible for a remote attacker to deploy a specially crafted input file to cause excessive resources to be used when trying to detect the file type using awk regular expression rules. This can cause a denial of service. (CVE-2014-3538) - An integer overflow flaw exists in the 'cdf.c' file. By using a specially crafted CDF file, a remote attacker could cause a denial of service. (CVE-2014-3587) - There are multiple buffer overflow flaws in the 'dns.c' file related to the 'dns_get_record' and 'dn_expand' functions. By using a specially crafted DNS record, a remote attacker could exploit these to cause a denial of service or execute arbitrary code. (CVE-2014-3597) - A flaw exists in the 'spl_dllist.c' file that may lead to a use-after-free condition in the SPL component when iterating over an object. An attacker could utilize this to cause a denial of service. (CVE-2014-4670) - A flaw exists in the 'spl_array.c' file that may lead to a use-after-free condition in the SPL component when handling the modification of objects while sorting. An attacker could utilize this to cause a denial of service. (CVE-2014-4698) - There exist multiple flaws in the GD component within the 'gd_ctx.c' file where user-supplied input is not properly validated to ensure that pathnames lack %00 sequences. By using specially crafted input, a remote attacker could overwrite arbitrary files. (CVE-2014-5120) Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 77402
    published 2014-08-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77402
    title PHP 5.4.x < 5.4.32 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1327.NASL
    description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. (CVE-2014-3478) Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2014-3538) It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat Product Security, the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by David Kutalek of the Red Hat BaseOS QE. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 78009
    published 2014-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78009
    title RHEL 7 : php (RHSA-2014:1327)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1326.NASL
    description Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3597 issue was discovered by David Kutalek of the Red Hat BaseOS QE. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77995
    published 2014-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77995
    title CentOS 5 / 6 : php / php53 (CESA-2014:1326)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1327.NASL
    description From Red Hat Security Advisory 2014:1327 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. (CVE-2014-3478) Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2014-3538) It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat Product Security, the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by David Kutalek of the Red Hat BaseOS QE. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 78005
    published 2014-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78005
    title Oracle Linux 7 : php (ELSA-2014-1327)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2014-247-01.NASL
    description New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2014-09-15
    plugin id 77543
    published 2014-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77543
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : php (SSA:2014-247-01)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1326.NASL
    description Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3597 issue was discovered by David Kutalek of the Red Hat BaseOS QE. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 77980
    published 2014-09-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77980
    title RHEL 5 / 6 : php53 and php (RHSA-2014:1326)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9679.NASL
    description 21 Aug 2014, PHP 5.5.16 Core : - Fixed bug #67693 (incorrect push to the empty array) (Tjerk) - Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi) COM : - Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas). Fileinfo : - Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538) (Remi) - Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi) FPM : - Fixed bug #67635 (php links to systemd libraries without using pkg-config). (pacho at gentoo.org, Remi) GD : - Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497) (Remi) - Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120) (Ryan Mauger) Milter : - Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike) OpenSSL : - Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas). readline : - Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt). (Bob, Johannes) - Fixed bug #67496 (Save command history when exiting interactive shell with control-c). (Dmitry Saprykin, Johannes) Sessions : - Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas). ODBC : - Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields). (Keyur) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 77481
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77481
    title Fedora 19 : php-5.5.16-1.fc19 (2014-9679)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-172.NASL
    description Multiple vulnerabilities has been discovered and corrected in php : The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file (CVE-2014-2497). file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345 (CVE-2014-3538). Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 (CVE-2014-3587). Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (CVE-2014-3597). gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack \%00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function (CVE-2014-5120). The updated php packages have been upgraded to the 5.5.16 version resolve these security flaws. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.6 version.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 77651
    published 2014-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77651
    title Mandriva Linux Security Advisory : php (MDVSA-2014:172)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1327.NASL
    description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. (CVE-2014-3478) Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2014-3538) It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat Product Security, the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by David Kutalek of the Red Hat BaseOS QE. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77996
    published 2014-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77996
    title CentOS 7 : php (CESA-2014:1327)
redhat via4
advisories
  • rhsa
    id RHSA-2014:1326
  • rhsa
    id RHSA-2014:1327
  • rhsa
    id RHSA-2014:1765
  • rhsa
    id RHSA-2014:1766
rpms
  • php-0:5.3.3-27.el6_5.2
  • php-bcmath-0:5.3.3-27.el6_5.2
  • php-cli-0:5.3.3-27.el6_5.2
  • php-common-0:5.3.3-27.el6_5.2
  • php-dba-0:5.3.3-27.el6_5.2
  • php-devel-0:5.3.3-27.el6_5.2
  • php-embedded-0:5.3.3-27.el6_5.2
  • php-enchant-0:5.3.3-27.el6_5.2
  • php-fpm-0:5.3.3-27.el6_5.2
  • php-gd-0:5.3.3-27.el6_5.2
  • php-imap-0:5.3.3-27.el6_5.2
  • php-intl-0:5.3.3-27.el6_5.2
  • php-ldap-0:5.3.3-27.el6_5.2
  • php-mbstring-0:5.3.3-27.el6_5.2
  • php-mysql-0:5.3.3-27.el6_5.2
  • php-odbc-0:5.3.3-27.el6_5.2
  • php-pdo-0:5.3.3-27.el6_5.2
  • php-pgsql-0:5.3.3-27.el6_5.2
  • php-process-0:5.3.3-27.el6_5.2
  • php-pspell-0:5.3.3-27.el6_5.2
  • php-recode-0:5.3.3-27.el6_5.2
  • php-snmp-0:5.3.3-27.el6_5.2
  • php-soap-0:5.3.3-27.el6_5.2
  • php-tidy-0:5.3.3-27.el6_5.2
  • php-xml-0:5.3.3-27.el6_5.2
  • php-xmlrpc-0:5.3.3-27.el6_5.2
  • php-zts-0:5.3.3-27.el6_5.2
  • php53-0:5.3.3-24.el5
  • php53-bcmath-0:5.3.3-24.el5
  • php53-cli-0:5.3.3-24.el5
  • php53-common-0:5.3.3-24.el5
  • php53-dba-0:5.3.3-24.el5
  • php53-devel-0:5.3.3-24.el5
  • php53-gd-0:5.3.3-24.el5
  • php53-imap-0:5.3.3-24.el5
  • php53-intl-0:5.3.3-24.el5
  • php53-ldap-0:5.3.3-24.el5
  • php53-mbstring-0:5.3.3-24.el5
  • php53-mysql-0:5.3.3-24.el5
  • php53-odbc-0:5.3.3-24.el5
  • php53-pdo-0:5.3.3-24.el5
  • php53-pgsql-0:5.3.3-24.el5
  • php53-process-0:5.3.3-24.el5
  • php53-pspell-0:5.3.3-24.el5
  • php53-snmp-0:5.3.3-24.el5
  • php53-soap-0:5.3.3-24.el5
  • php53-xml-0:5.3.3-24.el5
  • php53-xmlrpc-0:5.3.3-24.el5
  • php-0:5.4.16-23.el7_0.1
  • php-bcmath-0:5.4.16-23.el7_0.1
  • php-cli-0:5.4.16-23.el7_0.1
  • php-common-0:5.4.16-23.el7_0.1
  • php-dba-0:5.4.16-23.el7_0.1
  • php-devel-0:5.4.16-23.el7_0.1
  • php-embedded-0:5.4.16-23.el7_0.1
  • php-enchant-0:5.4.16-23.el7_0.1
  • php-fpm-0:5.4.16-23.el7_0.1
  • php-gd-0:5.4.16-23.el7_0.1
  • php-intl-0:5.4.16-23.el7_0.1
  • php-ldap-0:5.4.16-23.el7_0.1
  • php-mbstring-0:5.4.16-23.el7_0.1
  • php-mysql-0:5.4.16-23.el7_0.1
  • php-mysqlnd-0:5.4.16-23.el7_0.1
  • php-odbc-0:5.4.16-23.el7_0.1
  • php-pdo-0:5.4.16-23.el7_0.1
  • php-pgsql-0:5.4.16-23.el7_0.1
  • php-process-0:5.4.16-23.el7_0.1
  • php-pspell-0:5.4.16-23.el7_0.1
  • php-recode-0:5.4.16-23.el7_0.1
  • php-snmp-0:5.4.16-23.el7_0.1
  • php-soap-0:5.4.16-23.el7_0.1
  • php-xml-0:5.4.16-23.el7_0.1
  • php-xmlrpc-0:5.4.16-23.el7_0.1
refmap via4
apple APPLE-SA-2015-04-08-2
bid 66233
confirm
debian DSA-3215
gentoo GLSA-201607-04
mandriva MDVSA-2015:153
secunia
  • 59061
  • 59418
  • 59496
  • 59652
suse
  • SUSE-SU-2014:0868
  • SUSE-SU-2014:0869
ubuntu USN-2987-1
Last major update 06-01-2017 - 21:59
Published 21-03-2014 - 10:55
Back to Top