Fedora 17 : php-5.4.16-1.fc17 (2013-10233)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

06 Jun 2013, PHP 5.4.16

Core :

- Fixed bug #64879 (Heap based buffer overflow in
quoted_printable_encode, CVE-2013-2110). (Stas)

- Fixed bug #64853 (Use of no longer available ini
directives causes crash on TS build). (Anatol)

- Fixed bug #64729 (compilation failure on x32).
(Gustavo)

- Fixed bug #64720 (SegFault on zend_deactivate).
(Dmitry)

- Fixed bug #64660 (Segfault on memory exhaustion within
function definition). (Stas, reported by Juha
Kylmanen)

Calendar: -Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)

Fileinfo :

- Fixed bug #64830 (mimetype detection segfaults on mp3
file). (Anatol)

FPM :

- Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi)

- Fixed some possible memory or resource leaks and
possible null dereference detected by code coverity
scan. (Remi)

- Log a warning when a syscall fails. (Remi)

- Add --with-fpm-systemd option to report health to
systemd, and systemd_interval option to configure
this. The service can now use Type=notify in the
systemd unit file. (Remi)

MySQLi

- Fixed bug #64726 (Segfault when calling fetch_object on
a use_result and DB pointer has closed). (Laruence)

Phar

- Fixed bug #64214 (PHAR PHPTs intermittently crash when
run on DFS, SMB or with non std tmp dir). (Pierre)

SNMP :

- Fixed bug #64765 (Some IPv6 addresses get interpreted
wrong). (Boris Lytochkin)

- Fixed bug #64159 (Truncated snmpget). (Boris
Lytochkin)

Streams :

- Fixed bug #64770 (stream_select() fails with pipes
returned by proc_open() on Windows x64). (Anatol)

Zend Engine :

- Fixed bug #64821 (Custom Exceptions crash when internal
properties overridden). (Anatol)

Fix backported from PHP 5.4.17

Core :

- Fixed bug #64960 (Segfault in gc_zval_possible_root).
(Laruence)

FPM :

- Fixed Bug #64915 (error_log ignored when daemonize=0).
(Remi)

PDO_pgsql :

- Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error).
(Remi)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?95ffd148

Solution :

Update the affected php package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 67274 ()

Bugtraq ID: 60411

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now