Fedora 20 : php-5.5.14-1.fc20 (2014-7765)

medium Nessus Plugin ID 76327

Synopsis

The remote Fedora host is missing a security update.

Description

26 Jun 2014, PHP 5.5.14

Core :

- Fixed BC break introduced by patch for bug #67072.
(Anatol, Stas)

- Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison)

- Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi)

- Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)

- Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser)

CLI server :

- Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)

Date :

- Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam)

- Fixed regression in fix for bug #67118 (constructor can't be called twice). (Remi)

Fileinfo :

- Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)

- Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size).
(CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)

- Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)

- Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)

- Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)

Intl :

- Fixed bug #67349 (Locale::parseLocale Double Free).
(Stas)

- Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)). (Stas)

Network :

- Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara)

OPCache :

- Fixed issue #183 (TMP_VAR is not only used once).
(Dmitry, Laruence)

OpenSSL :

- Fixed bug #65698 (certificates validity parsing does not work past 2050). (Paul Oehler)

- Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME). (Paul Oehler)

PDO-ODBC :

- Fixed bug #50444 (PDO-ODBC changes for 64-bit).

SOAP :

- Implemented FR #49898 (Add SoapClient::__getCookies()).
(Boro Sitnikovski)

SPL :

- Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)

- Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)

- Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)

- Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515) (Stefan Esser)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

http://www.nessus.org/u?d807888f

Plugin Details

Severity: Medium

ID: 76327

File Name: fedora_2014-7765.nasl

Version: 1.7

Type: local

Agent: unix

Published: 7/1/2014

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:20

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/27/2014

Vulnerability Publication Date: 6/27/2014

Reference Information

BID: 67837, 68007, 68120, 68237, 68238, 68239, 68241, 68243

FEDORA: 2014-7765