Scientific Linux Security Update : php on SL6.x i386/x86_64

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

It was found that PHP did not properly handle file names with a NULL
character. A remote attacker could possibly use this flaw to make a
PHP script access unexpected files and bypass intended file system
access restrictions. (CVE-2006-7243)

A flaw was found in PHP's SSL client's hostname identity check when
handling certificates that contain hostnames with NULL bytes. If an
attacker was able to get a carefully crafted certificate signed by a
trusted Certificate Authority, the attacker could use the certificate
to conduct man-in-the-middle attacks to spoof SSL servers.
(CVE-2013-4248)

It was found that the PHP SOAP parser allowed the expansion of
external XML entities during SOAP message parsing. A remote attacker
could possibly use this flaw to read arbitrary files that are
accessible to a PHP application using a SOAP extension.
(CVE-2013-1643)

This update fixes the following bugs :

- Previously, when the allow_call_time_pass_reference
setting was disabled, a virtual host on the Apache
server could terminate with a segmentation fault when
attempting to process certain PHP content. This bug has
been fixed and virtual hosts no longer crash when
allow_call_time_pass_reference is off.

- Prior to this update, if an error occurred during the
operation of the fclose(), file_put_contents(), or
copy() function, the function did not report it. This
could have led to data loss. With this update, the
aforementioned functions have been modified to properly
report any errors.

- The internal buffer for the SQLSTATE error code can
store maximum of 5 characters. Previously, when certain
calls exceeded this limit, a buffer overflow occurred.
With this update, messages longer than 5 characters are
automatically replaced with the default 'HY000' string,
thus preventing the overflow.

In addition, this update adds the following enhancement :

- This update adds the following rpm macros to the php
package: %__php, %php_inidir, %php_incldir.

After installing the updated packages, the httpd daemon must be
restarted for the update to take effect.

See also :

http://www.nessus.org/u?7e644df1

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 71198 ()

Bugtraq ID:

CVE ID: CVE-2006-7243
CVE-2013-1643
CVE-2013-4248