var-201311-0379
Vulnerability from variot

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. PHP is prone to a denial-of-service vulnerability due to a heap-based buffer over-read error. Successful exploits will allow attackers to cause a denial of service condition. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in the 'scan' function in the ext/date/lib/parse_iso_intervals.c file in PHP 5.5.6 and earlier versions. The vulnerability is caused by the program not properly restricting the creation of DateInterval objects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-11


                                        http://security.gentoo.org/

Severity: High Title: PHP: Multiple vulnerabilities Date: August 29, 2014 Bugs: #459904, #472204, #472558, #474656, #476570, #481004, #483212, #485252, #492784, #493982, #501312, #503630, #503670, #505172, #505712, #509132, #512288, #512492, #513032, #516994, #519932, #520134, #520438 ID: 201408-11


Synopsis

Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 5.5.16 >= 5.5.16 >= 5.4.32 >= 5.3.29

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.16"

All PHP 5.4 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.32"

All PHP 5.3 users should upgrade to the latest version. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively.

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29"

References

[ 1 ] CVE-2011-4718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718 [ 2 ] CVE-2013-1635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635 [ 3 ] CVE-2013-1643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643 [ 4 ] CVE-2013-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824 [ 5 ] CVE-2013-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110 [ 6 ] CVE-2013-3735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735 [ 7 ] CVE-2013-4113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113 [ 8 ] CVE-2013-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248 [ 9 ] CVE-2013-4635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635 [ 10 ] CVE-2013-4636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636 [ 11 ] CVE-2013-6420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420 [ 12 ] CVE-2013-6712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712 [ 13 ] CVE-2013-7226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226 [ 14 ] CVE-2013-7327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327 [ 15 ] CVE-2013-7345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345 [ 16 ] CVE-2014-0185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185 [ 17 ] CVE-2014-0237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237 [ 18 ] CVE-2014-0238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238 [ 19 ] CVE-2014-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943 [ 20 ] CVE-2014-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270 [ 21 ] CVE-2014-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497 [ 22 ] CVE-2014-3597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597 [ 23 ] CVE-2014-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981 [ 24 ] CVE-2014-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049 [ 25 ] CVE-2014-4670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670 [ 26 ] CVE-2014-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201408-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2055-1 December 12, 2013

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP. (CVE-2013-6420)

It was discovered that PHP incorrectly handled DateInterval objects. (CVE-2013-6712)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10: libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.1 php5-cgi 5.5.3+dfsg-1ubuntu2.1 php5-cli 5.5.3+dfsg-1ubuntu2.1

Ubuntu 13.04: libapache2-mod-php5 5.4.9-4ubuntu2.4 php5-cgi 5.4.9-4ubuntu2.4 php5-cli 5.4.9-4ubuntu2.4

Ubuntu 12.10: libapache2-mod-php5 5.4.6-1ubuntu1.5 php5-cgi 5.4.6-1ubuntu1.5 php5-cli 5.4.6-1ubuntu1.5

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.9 php5-cgi 5.3.10-1ubuntu3.9 php5-cli 5.3.10-1ubuntu3.9

Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.22 php5-cgi 5.3.2-1ubuntu4.22 php5-cli 5.3.2-1ubuntu4.22

In general, a standard system update will make all the necessary changes.

Release Date: 2014-09-30 Last Updated: 2014-09-30

Potential Security Impact: Cross-site scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking.

References:

CVE-2013-4545 Unauthorized modification CVE-2013-6420 (SSRT101447) Unauthorized disclosure of information CVE-2013-6422 Unauthorized disclosure of information CVE-2013-6712 (SSRT101447) Denial of Service (DoS) CVE-2014-2640 (SSRT101633, SSRT101438) Cross-site Scripting (XSS) CVE-2014-2641 (SSRT101438) Cross-site Request Forgery (CSRF) CVE-2014-2642 (SSRT101701) Clickjacking

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) for Linux and Windows prior to version 7.4

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2013-4545 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-6420 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-6422 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2013-6712 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-2640 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-2641 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2014-2642 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH) for Linux and Windows:

http://h18013.www1.hp.com/products/servers/management/agents/

HISTORY Version:1 (rev.1) - 30 September 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. 6) - i386, x86_64

  1. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004

OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following:

Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec

apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523

ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero

Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller

CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)

CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli

CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple

FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld

Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team

Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple

IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco

IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io

LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142

LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple

libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.

ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298

OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy

OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204

Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple

PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120

QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein

SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team

Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple

Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146

UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple

WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative

Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.

OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658

OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php54-php security update Advisory ID: RHSA-2014:1765-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1765.html Issue date: 2014-10-30 CVE Names: CVE-2013-6712 CVE-2013-7345 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5120 =====================================================================

  1. Summary:

Updated php54-php packages that fix multiple security issues are now available for Red Hat Software Collections 1.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. (CVE-2014-3670)

Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function. (CVE-2014-4049, CVE-2014-3597)

Multiple denial of service flaws were found in the File Information (fileinfo) extension. A remote attacker could use these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU and possibly crash. (CVE-2013-7345, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-3538)

Multiple boundary check flaws were found in the File Information (fileinfo) extension. A remote attacker could use these flaws to cause a PHP application using fileinfo to crash. (CVE-2014-0207, CVE-2014-2270, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587, CVE-2014-3710)

A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721)

A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515)

Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698)

An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669)

It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120)

A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497)

A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712)

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668)

The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluža of the Red Hat Web Stack Team; the CVE-2014-3597 issue was discovered by David Kutálek of Red Hat BaseOS QE.

All php54-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd service must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1035670 - CVE-2013-6712 php: heap-based buffer over-read in DateInterval 1065836 - CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules 1072220 - CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file 1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm() 1079846 - CVE-2013-7345 file: extensive backtracking in awk rule regular expression 1091842 - CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check 1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop 1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS 1098222 - CVE-2014-3538 file: unrestricted regular expression matching 1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check 1104863 - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size 1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check 1107544 - CVE-2014-3487 file: cdf_read_property_info insufficient boundary check 1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing 1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw 1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak 1120259 - CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting 1120266 - CVE-2014-4670 php: SPL Iterators use-after-free 1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info 1132589 - CVE-2014-3597 php: multiple buffer over-reads in php_parserr 1132793 - CVE-2014-5120 php: gd extension NUL byte injection in file names 1154500 - CVE-2014-3669 php: integer overflow in unserialize() 1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail() 1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() 1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers

  1. Package List:

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6):

Source: php54-php-5.4.16-22.el6.src.rpm

x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4):

Source: php54-php-5.4.16-22.el6.src.rpm

x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5):

Source: php54-php-5.4.16-22.el6.src.rpm

x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source: php54-php-5.4.16-22.el6.src.rpm

x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6):

Source: php54-php-5.4.16-22.el6.src.rpm

x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7):

Source: php54-php-5.4.16-22.el7.src.rpm

x86_64: php54-php-5.4.16-22.el7.x86_64.rpm php54-php-bcmath-5.4.16-22.el7.x86_64.rpm php54-php-cli-5.4.16-22.el7.x86_64.rpm php54-php-common-5.4.16-22.el7.x86_64.rpm php54-php-dba-5.4.16-22.el7.x86_64.rpm php54-php-debuginfo-5.4.16-22.el7.x86_64.rpm php54-php-devel-5.4.16-22.el7.x86_64.rpm php54-php-enchant-5.4.16-22.el7.x86_64.rpm php54-php-fpm-5.4.16-22.el7.x86_64.rpm php54-php-gd-5.4.16-22.el7.x86_64.rpm php54-php-intl-5.4.16-22.el7.x86_64.rpm php54-php-ldap-5.4.16-22.el7.x86_64.rpm php54-php-mbstring-5.4.16-22.el7.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm php54-php-odbc-5.4.16-22.el7.x86_64.rpm php54-php-pdo-5.4.16-22.el7.x86_64.rpm php54-php-pgsql-5.4.16-22.el7.x86_64.rpm php54-php-process-5.4.16-22.el7.x86_64.rpm php54-php-pspell-5.4.16-22.el7.x86_64.rpm php54-php-recode-5.4.16-22.el7.x86_64.rpm php54-php-snmp-5.4.16-22.el7.x86_64.rpm php54-php-soap-5.4.16-22.el7.x86_64.rpm php54-php-xml-5.4.16-22.el7.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7):

Source: php54-php-5.4.16-22.el7.src.rpm

x86_64: php54-php-5.4.16-22.el7.x86_64.rpm php54-php-bcmath-5.4.16-22.el7.x86_64.rpm php54-php-cli-5.4.16-22.el7.x86_64.rpm php54-php-common-5.4.16-22.el7.x86_64.rpm php54-php-dba-5.4.16-22.el7.x86_64.rpm php54-php-debuginfo-5.4.16-22.el7.x86_64.rpm php54-php-devel-5.4.16-22.el7.x86_64.rpm php54-php-enchant-5.4.16-22.el7.x86_64.rpm php54-php-fpm-5.4.16-22.el7.x86_64.rpm php54-php-gd-5.4.16-22.el7.x86_64.rpm php54-php-intl-5.4.16-22.el7.x86_64.rpm php54-php-ldap-5.4.16-22.el7.x86_64.rpm php54-php-mbstring-5.4.16-22.el7.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm php54-php-odbc-5.4.16-22.el7.x86_64.rpm php54-php-pdo-5.4.16-22.el7.x86_64.rpm php54-php-pgsql-5.4.16-22.el7.x86_64.rpm php54-php-process-5.4.16-22.el7.x86_64.rpm php54-php-pspell-5.4.16-22.el7.x86_64.rpm php54-php-recode-5.4.16-22.el7.x86_64.rpm php54-php-snmp-5.4.16-22.el7.x86_64.rpm php54-php-soap-5.4.16-22.el7.x86_64.rpm php54-php-xml-5.4.16-22.el7.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-6712 https://access.redhat.com/security/cve/CVE-2013-7345 https://access.redhat.com/security/cve/CVE-2014-0207 https://access.redhat.com/security/cve/CVE-2014-0237 https://access.redhat.com/security/cve/CVE-2014-0238 https://access.redhat.com/security/cve/CVE-2014-1943 https://access.redhat.com/security/cve/CVE-2014-2270 https://access.redhat.com/security/cve/CVE-2014-2497 https://access.redhat.com/security/cve/CVE-2014-3478 https://access.redhat.com/security/cve/CVE-2014-3479 https://access.redhat.com/security/cve/CVE-2014-3480 https://access.redhat.com/security/cve/CVE-2014-3487 https://access.redhat.com/security/cve/CVE-2014-3515 https://access.redhat.com/security/cve/CVE-2014-3538 https://access.redhat.com/security/cve/CVE-2014-3587 https://access.redhat.com/security/cve/CVE-2014-3597 https://access.redhat.com/security/cve/CVE-2014-3668 https://access.redhat.com/security/cve/CVE-2014-3669 https://access.redhat.com/security/cve/CVE-2014-3670 https://access.redhat.com/security/cve/CVE-2014-3710 https://access.redhat.com/security/cve/CVE-2014-4049 https://access.redhat.com/security/cve/CVE-2014-4670 https://access.redhat.com/security/cve/CVE-2014-4698 https://access.redhat.com/security/cve/CVE-2014-4721 https://access.redhat.com/security/cve/CVE-2014-5120 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFUUqUKXlSAg2UNWIIRAjOVAKCpGLdlKkkekepN6kcFJZMPAAABIQCeOxaS CZNh+ke6Be93ZKCSwqWDm+c= =YZgO -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0379",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.2"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.24"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.10"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "13.10"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.29"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "10.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "13.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "12.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "11.4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "12.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "13.1"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:php:php",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Oden Eriksson",
    "sources": [
      {
        "db": "BID",
        "id": "64018"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6712",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-6712",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-66714",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-6712",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-6712",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201311-464",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66714",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. PHP is prone to a denial-of-service vulnerability due to a heap-based buffer over-read error. \nSuccessful exploits will allow attackers to cause a denial of service condition. Due to the nature of this issue, arbitrary code  execution may be possible; this has not been confirmed. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in the \u0027scan\u0027 function in the ext/date/lib/parse_iso_intervals.c file in PHP 5.5.6 and earlier versions. The vulnerability is caused by the program not properly restricting the creation of DateInterval objects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201408-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: PHP: Multiple vulnerabilities\n     Date: August 29, 2014\n     Bugs: #459904, #472204, #472558, #474656, #476570, #481004,\n           #483212, #485252, #492784, #493982, #501312, #503630,\n           #503670, #505172, #505712, #509132, #512288, #512492,\n           #513032, #516994, #519932, #520134, #520438\n       ID: 201408-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in PHP, the worst of\nwhich could lead to remote execution of arbitrary code. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/php                 \u003c 5.5.16                  \u003e= 5.5.16\n                                                           *\u003e= 5.4.32\n                                                           *\u003e= 5.3.29\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker can cause arbitrary code execution, create\na Denial of Service condition, read or write arbitrary files,\nimpersonate other servers, hijack a web session, or have other\nunspecified impact. Additionally, a local attacker could gain escalated\nprivileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.5.16\"\n\nAll PHP 5.4 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.4.32\"\n\nAll PHP 5.3 users should upgrade to the latest version. This release\nmarks the end of life of the PHP 5.3 series. Future releases of this\nseries are not planned. All PHP 5.3 users are encouraged to upgrade to\nthe current stable version of PHP 5.5 or previous stable version of PHP\n5.4, which are supported till at least 2016 and 2015 respectively. \n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.3.29\"\n\nReferences\n==========\n\n[  1 ] CVE-2011-4718\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718\n[  2 ] CVE-2013-1635\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635\n[  3 ] CVE-2013-1643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643\n[  4 ] CVE-2013-1824\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824\n[  5 ] CVE-2013-2110\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110\n[  6 ] CVE-2013-3735\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735\n[  7 ] CVE-2013-4113\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113\n[  8 ] CVE-2013-4248\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248\n[  9 ] CVE-2013-4635\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635\n[ 10 ] CVE-2013-4636\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636\n[ 11 ] CVE-2013-6420\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420\n[ 12 ] CVE-2013-6712\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712\n[ 13 ] CVE-2013-7226\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226\n[ 14 ] CVE-2013-7327\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327\n[ 15 ] CVE-2013-7345\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345\n[ 16 ] CVE-2014-0185\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185\n[ 17 ] CVE-2014-0237\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237\n[ 18 ] CVE-2014-0238\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238\n[ 19 ] CVE-2014-1943\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943\n[ 20 ] CVE-2014-2270\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270\n[ 21 ] CVE-2014-2497\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497\n[ 22 ] CVE-2014-3597\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597\n[ 23 ] CVE-2014-3981\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981\n[ 24 ] CVE-2014-4049\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049\n[ 25 ] CVE-2014-4670\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670\n[ 26 ] CVE-2014-5120\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201408-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2055-1\nDecember 12, 2013\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 13.04\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. (CVE-2013-6420)\n\nIt was discovered that PHP incorrectly handled DateInterval objects. (CVE-2013-6712)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n  libapache2-mod-php5             5.5.3+dfsg-1ubuntu2.1\n  php5-cgi                        5.5.3+dfsg-1ubuntu2.1\n  php5-cli                        5.5.3+dfsg-1ubuntu2.1\n\nUbuntu 13.04:\n  libapache2-mod-php5             5.4.9-4ubuntu2.4\n  php5-cgi                        5.4.9-4ubuntu2.4\n  php5-cli                        5.4.9-4ubuntu2.4\n\nUbuntu 12.10:\n  libapache2-mod-php5             5.4.6-1ubuntu1.5\n  php5-cgi                        5.4.6-1ubuntu1.5\n  php5-cli                        5.4.6-1ubuntu1.5\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.9\n  php5-cgi                        5.3.10-1ubuntu3.9\n  php5-cli                        5.3.10-1ubuntu3.9\n\nUbuntu 10.04 LTS:\n  libapache2-mod-php5             5.3.2-1ubuntu4.22\n  php5-cgi                        5.3.2-1ubuntu4.22\n  php5-cli                        5.3.2-1ubuntu4.22\n\nIn general, a standard system update will make all the necessary changes. \n\nRelease Date: 2014-09-30\nLast Updated: 2014-09-30\n\nPotential Security Impact: Cross-site scripting (XSS), Cross-site Request\nForgery (CSRF), unauthorized disclosure of information, Denial of Service\n(DoS), and Clickjacking\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) on Linux and Windows. The vulnerabilities could be\nexploited remotely resulting in Cross-site Scripting (XSS), Cross-site\nRequest Forgery (CSRF), unauthorized disclosure of information, Denial of\nService (DoS), and Clickjacking. \n\nReferences:\n\nCVE-2013-4545 Unauthorized modification\nCVE-2013-6420 (SSRT101447) Unauthorized disclosure of information\nCVE-2013-6422 Unauthorized disclosure of information\nCVE-2013-6712 (SSRT101447) Denial of Service (DoS)\nCVE-2014-2640 (SSRT101633, SSRT101438) Cross-site Scripting (XSS)\nCVE-2014-2641 (SSRT101438) Cross-site Request Forgery (CSRF)\nCVE-2014-2642 (SSRT101701) Clickjacking\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) for Linux and Windows prior to version\n7.4\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-4545    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2013-6420    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2013-6422    (AV:N/AC:H/Au:N/C:P/I:P/A:N)       4.0\nCVE-2013-6712    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-2640    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-2641    (AV:N/AC:M/Au:S/C:P/I:P/A:P)       6.0\nCVE-2014-2642    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH) for Linux and Windows:\n\nhttp://h18013.www1.hp.com/products/servers/management/agents/\n\nHISTORY\nVersion:1 (rev.1) - 30 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. 6) - i386, x86_64\n\n3. PHP\u0027s fileinfo module provides functions used to identify a\nparticular file according to the type of data contained by the file. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\nand address the following:\n\nAdmin Framework\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A process may gain admin privileges without properly\nauthenticating\nDescription:  An issue existed when checking XPC entitlements. This\nissue was addressed with improved entitlement checking. \nCVE-ID\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\n\napache\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in Apache\nDescription:  Multiple vulnerabilities existed in Apache versions\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\nattacker to execute arbitrary code. These issues were addressed by\nupdating Apache to versions 2.4.10 and 2.2.29\nCVE-ID\nCVE-2013-0118\nCVE-2013-5704\nCVE-2013-6438\nCVE-2014-0098\nCVE-2014-0117\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-3523\n\nATS\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Multiple input validation issues existed in fontd. \nThese issues were addressed through improved input validation. \nCVE-ID\nCVE-2015-1131 : Ian Beer of Google Project Zero\nCVE-2015-1132 : Ian Beer of Google Project Zero\nCVE-2015-1133 : Ian Beer of Google Project Zero\nCVE-2015-1134 : Ian Beer of Google Project Zero\nCVE-2015-1135 : Ian Beer of Google Project Zero\n\nCertificate Trust Policy\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPProtocol\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Cookies belonging to one origin may be sent to another\norigin\nDescription:  A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork Session\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Authentication credentials may be sent to a server on\nanother origin\nDescription:  A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088 : Luigi Galli\n\nCoreAnimation\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A use-after-free issue existed in CoreAnimation. This\nissue was addressed through improved mutex management. \nCVE-ID\nCVE-2015-1136 : Apple\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nGraphics Driver\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A NULL pointer dereference existed in NVIDIA graphics\ndriver\u0027s handling of certain IOService userclient types. This issue\nwas addressed through additional context validation. \nCVE-ID\nCVE-2015-1137 :\nFrank Graziano and John Villamil of the Yahoo Pentest Team\n\nHypervisor\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local application may be able to cause a denial of service\nDescription:  An input validation issue existed in the hypervisor\nframework. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-1138 : Izik Eidus and Alex Fishman\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted .sgi file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\n.sgi files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1139 : Apple\n\nIOHIDFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A malicious HID device may be able to cause arbitrary code\nexecution\nDescription:  A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1140 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative,\nLuca Todesco\n\nIOHIDFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A heap buffer overflow existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A user may be able to execute arbitrary code with system\nprivileges\nDescription:  An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause unexpected system shutdown\nDescription:  An issue existed in the handling of virtual memory\noperations within the kernel. The issue is fixed through improved\nhandling of the mach_vm_read operation. \nCVE-ID\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription:  setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription:  ICMP redirects were enabled by default on OS X. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  An attacker with a privileged network position may be able\nto cause a denial of service\nDescription:  A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription:  A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may be able to bypass network filters\nDescription:  The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nLaunchServices\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause the Finder to crash\nDescription:  An input validation issue existed in LaunchServices\u0027s\nhandling of application localization data. This issue was addressed\nthrough improved validation of localization data. \nCVE-ID\nCVE-2015-1142\n\nLaunchServices\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A type confusion issue existed in LaunchServices\u0027s\nhandling of localized strings. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2015-1143 : Apple\n\nlibnetcore\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription:  A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nntp\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may brute force ntpd authentication keys\nDescription:  The config_auth function in ntpd generated a weak key\nwhen an authentication key was not configured. This issue was\naddressed by improved key generation. \nCVE-ID\nCVE-2014-9298\n\nOpenLDAP\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A remote unauthenticated client may be able to cause a\ndenial of service\nDescription:  Multiple input validation issues existed in OpenLDAP. \nThese issues were addressed by improved input validation. \nCVE-ID\nCVE-2015-1545 : Ryan Tandy\nCVE-2015-1546 : Ryan Tandy\n\nOpenSSL\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\nincluding one that may allow an attacker to intercept connections to\na server that supports export-grade ciphers. These issues were\naddressed by updating OpenSSL to version 0.9.8zd. \nCVE-ID\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\n\nOpen Directory Client\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A password might be sent unencrypted over the network when\nusing Open Directory from OS X Server\nDescription:  If an Open Directory client was bound to an OS X Server\nbut did not install the certificates of the OS X Server, and then a\nuser on that client changed their password, the password change\nrequest was sent over the network without encryption. This issue was\naddressed by having the client require encryption for this case. \nCVE-ID\nCVE-2015-1147 : Apple\n\nPHP\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\narbitrary code execution. This update addresses the issues by\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20. \nCVE-ID\nCVE-2013-6712\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-2497\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3538\nCVE-2014-3587\nCVE-2014-3597\nCVE-2014-3668\nCVE-2014-3669\nCVE-2014-3670\nCVE-2014-3710\nCVE-2014-3981\nCVE-2014-4049\nCVE-2014-4670\nCVE-2014-4698\nCVE-2014-5120\n\nQuickLook\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nSceneKit\nAvailable for:  OS X Mountain Lion v10.8.5\nImpact:  Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription:  A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. This issue was addressed through\nimproved validation of accessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nScreen Sharing\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A user\u0027s password may be logged to a local file\nDescription:  In some circumstances, Screen Sharing may log a user\u0027s\npassword that is not readable by other users on the system. This\nissue was addressed by removing logging of credential. \nCVE-ID\nCVE-2015-1148 : Apple\n\nSecurity - Code Signing\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Tampered applications may not be prevented from launching\nDescription:  Applications containing specially crafted bundles may\nhave been able to launch without a completely valid signature. This\nissue was addressed by adding additional checks. \nCVE-ID\nCVE-2015-1145\nCVE-2015-1146\n\nUniformTypeIdentifiers\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A buffer overflow existed in the way Uniform Type\nIdentifiers were handled. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2015-1144 : Apple\n\nWebKit\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in WebKit. This\nissues was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\nRemote Apple Events clients on any version from connecting to the\nRemote Apple Events server. In default configurations, Remote Apple\nEvents is not enabled. \n\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. \nhttps://support.apple.com/en-us/HT204658\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\nvVE37tYUU4PnLfwlcazq\n=MOsT\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php54-php security update\nAdvisory ID:       RHSA-2014:1765-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1765.html\nIssue date:        2014-10-30\nCVE Names:         CVE-2013-6712 CVE-2013-7345 CVE-2014-0207 \n                   CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 \n                   CVE-2014-2270 CVE-2014-2497 CVE-2014-3478 \n                   CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 \n                   CVE-2014-3515 CVE-2014-3538 CVE-2014-3587 \n                   CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 \n                   CVE-2014-3670 CVE-2014-3710 CVE-2014-4049 \n                   CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 \n                   CVE-2014-5120 \n=====================================================================\n\n1. Summary:\n\nUpdated php54-php packages that fix multiple security issues are now\navailable for Red Hat Software Collections 1. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA buffer overflow flaw was found in the Exif extension. A specially crafted\nJPEG or TIFF file could cause a PHP application using the exif_thumbnail()\nfunction to crash or, possibly, execute arbitrary code. (CVE-2014-3670)\n\nMultiple buffer overflow flaws were found in the way PHP parsed DNS\nresponses. A malicious DNS server or a man-in-the-middle attacker could\nuse these flaws to crash or, possibly, execute arbitrary code with the\nprivileges of a PHP application that uses the dns_get_record() function. \n(CVE-2014-4049, CVE-2014-3597)\n\nMultiple denial of service flaws were found in the File Information\n(fileinfo) extension. A remote attacker could use these flaws to cause a\nPHP application using fileinfo to consume an excessive amount of CPU and\npossibly crash. (CVE-2013-7345, CVE-2014-0237, CVE-2014-0238,\nCVE-2014-1943, CVE-2014-3538)\n\nMultiple boundary check flaws were found in the File Information\n(fileinfo) extension. A remote attacker could use these flaws to cause a\nPHP application using fileinfo to crash. (CVE-2014-0207, CVE-2014-2270,\nCVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587,\nCVE-2014-3710)\n\nA type confusion issue was found in PHP\u0027s phpinfo() function. A malicious\nscript author could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2014-4721)\n\nA type confusion issue was found in the SPL ArrayObject and\nSPLObjectStorage classes\u0027 unserialize() method. A remote attacker able to\nsubmit specially crafted input to a PHP application, which would then\nunserialize this input using one of the aforementioned methods, could use\nthis flaw to execute arbitrary code with the privileges of the user running\nthat PHP application. (CVE-2014-3515)\n\nTwo use-after-free flaws were found in the way PHP handled certain Standard\nPHP Library (SPL) Iterators and ArrayIterators. A malicious script author\ncould possibly use either of these flaws to disclose certain portions of\nserver memory. (CVE-2014-4670, CVE-2014-4698)\n\nAn integer overflow flaw was found in the way custom objects were\nunserialized. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash. (CVE-2014-3669)\n\nIt was found that PHP\u0027s gd extension did not properly handle file names\nwith a null character. A remote attacker could possibly use this flaw to\nmake a PHP application access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2014-5120)\n\nA NULL pointer dereference flaw was found in the gdImageCreateFromXpm()\nfunction of PHP\u0027s gd extension. A remote attacker could use this flaw to\ncrash a PHP application using gd via a specially crafted X PixMap (XPM)\nfile. (CVE-2014-2497)\n\nA buffer over-read flaw was found in the way the DateInterval class parsed\ninterval specifications. An attacker able to make a PHP application parse a\nspecially crafted specification using DateInterval could possibly cause the\nPHP interpreter to crash. (CVE-2013-6712)\n\nAn out of bounds read flaw was found in the way the xmlrpc extension parsed\ndates in the ISO 8601 format. A specially crafted XML-RPC request or\nresponse could possibly cause a PHP application to crash. (CVE-2014-3668)\n\nThe CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478,\nCVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were\ndiscovered by Francisco Alonso of Red Hat Product Security; the\nCVE-2014-3538 issue was discovered by Jan Kalu\u017ea of the Red Hat Web Stack\nTeam; the CVE-2014-3597 issue was discovered by David Kut\u00e1lek of Red Hat\nBaseOS QE. \n\nAll php54-php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd service must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1035670 - CVE-2013-6712 php: heap-based buffer over-read in DateInterval\n1065836 - CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules\n1072220 - CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file\n1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm()\n1079846 - CVE-2013-7345 file: extensive backtracking in awk rule regular expression\n1091842 - CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check\n1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop\n1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS\n1098222 - CVE-2014-3538 file: unrestricted regular expression matching\n1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check\n1104863 - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size\n1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check\n1107544 - CVE-2014-3487 file: cdf_read_property_info insufficient boundary check\n1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing\n1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw\n1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak\n1120259 - CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting\n1120266 - CVE-2014-4670 php: SPL Iterators use-after-free\n1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info\n1132589 - CVE-2014-3597 php: multiple buffer over-reads in php_parserr\n1132793 - CVE-2014-5120 php: gd extension NUL byte injection in file names\n1154500 - CVE-2014-3669 php: integer overflow in unserialize()\n1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail()\n1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()\n1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers\n\n6. Package List:\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp54-php-5.4.16-22.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el6.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el6.x86_64.rpm\nphp54-php-cli-5.4.16-22.el6.x86_64.rpm\nphp54-php-common-5.4.16-22.el6.x86_64.rpm\nphp54-php-dba-5.4.16-22.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el6.x86_64.rpm\nphp54-php-devel-5.4.16-22.el6.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el6.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el6.x86_64.rpm\nphp54-php-gd-5.4.16-22.el6.x86_64.rpm\nphp54-php-imap-5.4.16-22.el6.x86_64.rpm\nphp54-php-intl-5.4.16-22.el6.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el6.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el6.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el6.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el6.x86_64.rpm\nphp54-php-process-5.4.16-22.el6.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el6.x86_64.rpm\nphp54-php-recode-5.4.16-22.el6.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el6.x86_64.rpm\nphp54-php-soap-5.4.16-22.el6.x86_64.rpm\nphp54-php-tidy-5.4.16-22.el6.x86_64.rpm\nphp54-php-xml-5.4.16-22.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4):\n\nSource:\nphp54-php-5.4.16-22.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el6.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el6.x86_64.rpm\nphp54-php-cli-5.4.16-22.el6.x86_64.rpm\nphp54-php-common-5.4.16-22.el6.x86_64.rpm\nphp54-php-dba-5.4.16-22.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el6.x86_64.rpm\nphp54-php-devel-5.4.16-22.el6.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el6.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el6.x86_64.rpm\nphp54-php-gd-5.4.16-22.el6.x86_64.rpm\nphp54-php-imap-5.4.16-22.el6.x86_64.rpm\nphp54-php-intl-5.4.16-22.el6.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el6.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el6.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el6.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el6.x86_64.rpm\nphp54-php-process-5.4.16-22.el6.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el6.x86_64.rpm\nphp54-php-recode-5.4.16-22.el6.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el6.x86_64.rpm\nphp54-php-soap-5.4.16-22.el6.x86_64.rpm\nphp54-php-tidy-5.4.16-22.el6.x86_64.rpm\nphp54-php-xml-5.4.16-22.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nphp54-php-5.4.16-22.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el6.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el6.x86_64.rpm\nphp54-php-cli-5.4.16-22.el6.x86_64.rpm\nphp54-php-common-5.4.16-22.el6.x86_64.rpm\nphp54-php-dba-5.4.16-22.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el6.x86_64.rpm\nphp54-php-devel-5.4.16-22.el6.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el6.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el6.x86_64.rpm\nphp54-php-gd-5.4.16-22.el6.x86_64.rpm\nphp54-php-imap-5.4.16-22.el6.x86_64.rpm\nphp54-php-intl-5.4.16-22.el6.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el6.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el6.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el6.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el6.x86_64.rpm\nphp54-php-process-5.4.16-22.el6.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el6.x86_64.rpm\nphp54-php-recode-5.4.16-22.el6.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el6.x86_64.rpm\nphp54-php-soap-5.4.16-22.el6.x86_64.rpm\nphp54-php-tidy-5.4.16-22.el6.x86_64.rpm\nphp54-php-xml-5.4.16-22.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nphp54-php-5.4.16-22.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el6.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el6.x86_64.rpm\nphp54-php-cli-5.4.16-22.el6.x86_64.rpm\nphp54-php-common-5.4.16-22.el6.x86_64.rpm\nphp54-php-dba-5.4.16-22.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el6.x86_64.rpm\nphp54-php-devel-5.4.16-22.el6.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el6.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el6.x86_64.rpm\nphp54-php-gd-5.4.16-22.el6.x86_64.rpm\nphp54-php-imap-5.4.16-22.el6.x86_64.rpm\nphp54-php-intl-5.4.16-22.el6.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el6.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el6.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el6.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el6.x86_64.rpm\nphp54-php-process-5.4.16-22.el6.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el6.x86_64.rpm\nphp54-php-recode-5.4.16-22.el6.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el6.x86_64.rpm\nphp54-php-soap-5.4.16-22.el6.x86_64.rpm\nphp54-php-tidy-5.4.16-22.el6.x86_64.rpm\nphp54-php-xml-5.4.16-22.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp54-php-5.4.16-22.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el6.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el6.x86_64.rpm\nphp54-php-cli-5.4.16-22.el6.x86_64.rpm\nphp54-php-common-5.4.16-22.el6.x86_64.rpm\nphp54-php-dba-5.4.16-22.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el6.x86_64.rpm\nphp54-php-devel-5.4.16-22.el6.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el6.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el6.x86_64.rpm\nphp54-php-gd-5.4.16-22.el6.x86_64.rpm\nphp54-php-imap-5.4.16-22.el6.x86_64.rpm\nphp54-php-intl-5.4.16-22.el6.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el6.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el6.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el6.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el6.x86_64.rpm\nphp54-php-process-5.4.16-22.el6.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el6.x86_64.rpm\nphp54-php-recode-5.4.16-22.el6.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el6.x86_64.rpm\nphp54-php-soap-5.4.16-22.el6.x86_64.rpm\nphp54-php-tidy-5.4.16-22.el6.x86_64.rpm\nphp54-php-xml-5.4.16-22.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp54-php-5.4.16-22.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el7.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el7.x86_64.rpm\nphp54-php-cli-5.4.16-22.el7.x86_64.rpm\nphp54-php-common-5.4.16-22.el7.x86_64.rpm\nphp54-php-dba-5.4.16-22.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el7.x86_64.rpm\nphp54-php-devel-5.4.16-22.el7.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el7.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el7.x86_64.rpm\nphp54-php-gd-5.4.16-22.el7.x86_64.rpm\nphp54-php-intl-5.4.16-22.el7.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el7.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el7.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el7.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el7.x86_64.rpm\nphp54-php-process-5.4.16-22.el7.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el7.x86_64.rpm\nphp54-php-recode-5.4.16-22.el7.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el7.x86_64.rpm\nphp54-php-soap-5.4.16-22.el7.x86_64.rpm\nphp54-php-xml-5.4.16-22.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp54-php-5.4.16-22.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el7.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el7.x86_64.rpm\nphp54-php-cli-5.4.16-22.el7.x86_64.rpm\nphp54-php-common-5.4.16-22.el7.x86_64.rpm\nphp54-php-dba-5.4.16-22.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el7.x86_64.rpm\nphp54-php-devel-5.4.16-22.el7.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el7.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el7.x86_64.rpm\nphp54-php-gd-5.4.16-22.el7.x86_64.rpm\nphp54-php-intl-5.4.16-22.el7.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el7.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el7.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el7.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el7.x86_64.rpm\nphp54-php-process-5.4.16-22.el7.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el7.x86_64.rpm\nphp54-php-recode-5.4.16-22.el7.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el7.x86_64.rpm\nphp54-php-soap-5.4.16-22.el7.x86_64.rpm\nphp54-php-xml-5.4.16-22.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-6712\nhttps://access.redhat.com/security/cve/CVE-2013-7345\nhttps://access.redhat.com/security/cve/CVE-2014-0207\nhttps://access.redhat.com/security/cve/CVE-2014-0237\nhttps://access.redhat.com/security/cve/CVE-2014-0238\nhttps://access.redhat.com/security/cve/CVE-2014-1943\nhttps://access.redhat.com/security/cve/CVE-2014-2270\nhttps://access.redhat.com/security/cve/CVE-2014-2497\nhttps://access.redhat.com/security/cve/CVE-2014-3478\nhttps://access.redhat.com/security/cve/CVE-2014-3479\nhttps://access.redhat.com/security/cve/CVE-2014-3480\nhttps://access.redhat.com/security/cve/CVE-2014-3487\nhttps://access.redhat.com/security/cve/CVE-2014-3515\nhttps://access.redhat.com/security/cve/CVE-2014-3538\nhttps://access.redhat.com/security/cve/CVE-2014-3587\nhttps://access.redhat.com/security/cve/CVE-2014-3597\nhttps://access.redhat.com/security/cve/CVE-2014-3668\nhttps://access.redhat.com/security/cve/CVE-2014-3669\nhttps://access.redhat.com/security/cve/CVE-2014-3670\nhttps://access.redhat.com/security/cve/CVE-2014-3710\nhttps://access.redhat.com/security/cve/CVE-2014-4049\nhttps://access.redhat.com/security/cve/CVE-2014-4670\nhttps://access.redhat.com/security/cve/CVE-2014-4698\nhttps://access.redhat.com/security/cve/CVE-2014-4721\nhttps://access.redhat.com/security/cve/CVE-2014-5120\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUUqUKXlSAg2UNWIIRAjOVAKCpGLdlKkkekepN6kcFJZMPAAABIQCeOxaS\nCZNh+ke6Be93ZKCSwqWDm+c=\n=YZgO\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      },
      {
        "db": "BID",
        "id": "64018"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "124407"
      },
      {
        "db": "PACKETSTORM",
        "id": "128505"
      },
      {
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "128900"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6712",
        "trust": 3.4
      },
      {
        "db": "JVN",
        "id": "JVNVU91828320",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "64018",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "128900",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-66714",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128049",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124407",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128505",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127757",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131359",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "BID",
        "id": "64018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "124407"
      },
      {
        "db": "PACKETSTORM",
        "id": "128505"
      },
      {
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "128900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "id": "VAR-201311-0379",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-29T19:57:37.600000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204659"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204659"
      },
      {
        "title": "Fixed bug #66060 (Heap buffer over-read in DateInterval)",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071"
      },
      {
        "title": "Bug #66060",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=66060"
      },
      {
        "title": "RHSA-2014:1765",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2014-1765.html"
      },
      {
        "title": "Multiple Buffer Errors vulnerabilities in PHP",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in1"
      },
      {
        "title": "ext/date/lib/parse_iso_intervals",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=46850"
      },
      {
        "title": "ext/date/lib/parse_iso_intervals",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=46849"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://bugs.php.net/bug.php?id=66060"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1765.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2055-1"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204659"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2013/dsa-2816"
      },
      {
        "trust": 1.7,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04463322"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=12fe4e90be7bfa2a763197079f68f5568a14e071"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6712"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91828320/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6712"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6712"
      },
      {
        "trust": 0.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1012.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2055-1/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2497"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6420"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4670"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5120"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4721"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3668"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4635"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4636"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1635"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2110"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2497"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4113"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1635"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5120"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1643"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201408-11.xml"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4718"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1824"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7327"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7327"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1824"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6420"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4636"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7226"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1643"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6712"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7226"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4718"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2110"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4113"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4635"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.4.9-4ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.22"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.5"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2640"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6422"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4545"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/agents/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2642"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-6712.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3480.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-2270.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-4049.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-4721.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0238.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-1571.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-1943.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3479.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3515.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0237.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1571"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0118"
      },
      {
        "trust": 0.1,
        "url": "https://www.frida.re"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204658"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0117"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
      },
      {
        "trust": 0.1,
        "url": "http://dtorres.me)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3670"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3669"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3587"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3480"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-4670"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3515"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-4721"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3538"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3479"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3487"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-2497"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-6712"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-5120"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-4698"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "BID",
        "id": "64018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "124407"
      },
      {
        "db": "PACKETSTORM",
        "id": "128505"
      },
      {
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "128900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "BID",
        "id": "64018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "124407"
      },
      {
        "db": "PACKETSTORM",
        "id": "128505"
      },
      {
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "128900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "date": "2013-11-27T00:00:00",
        "db": "BID",
        "id": "64018"
      },
      {
        "date": "2013-12-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      },
      {
        "date": "2014-08-29T22:24:02",
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "date": "2013-12-14T00:04:46",
        "db": "PACKETSTORM",
        "id": "124407"
      },
      {
        "date": "2014-10-01T19:15:04",
        "db": "PACKETSTORM",
        "id": "128505"
      },
      {
        "date": "2014-08-07T06:20:07",
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "date": "2015-04-09T16:30:50",
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "date": "2014-10-30T21:44:06",
        "db": "PACKETSTORM",
        "id": "128900"
      },
      {
        "date": "2013-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "date": "2013-11-28T04:37:39.840000",
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "date": "2015-04-16T18:05:00",
        "db": "BID",
        "id": "64018"
      },
      {
        "date": "2015-08-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      },
      {
        "date": "2022-11-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "date": "2024-11-21T01:59:35.997000",
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/date/lib/parse_iso_intervals.c of  scan Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005322"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.