Fedora 18 : php-5.4.17-2.fc18 (2013-12315)

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

04 Jul 2013, PHP 5.4.17

Core :

- Fixed bug #64988 (Class loading order affects E_STRICT
warning). (Laruence)

- Fixed bug #64966 (segfault in
zend_do_fcall_common_helper_SPEC). (Laruence)

- Fixed bug #64960 (Segfault in gc_zval_possible_root).
(Laruence)

- Fixed bug #64936 (doc comments picked up from previous
scanner run). (Stas, Jonathan Oddy)

- Fixed bug #64934 (Apache2 TS crash with
get_browser()). (Anatol)

- Fixed bug #64166 (quoted-printable-encode stream
filter incorrectly discarding whitespace). (Michael M
Slusarz)

DateTime :

- Fixed bug #53437 (Crash when using unserialized
DatePeriod instance). (Gustavo, Derick, Anatol)

FPM :

- Fixed Bug #64915 (error_log ignored when daemonize=0).
(Remi)

- Implemented FR #64764 (add support for FPM init.d
script). (Lior Kaplan)

PDO :

- Fixed bug #63176 (Segmentation fault when instantiate 2
persistent PDO to the same db server). (Laruence)

PDO_DBlib :

- Fixed bug #63638 (Cannot connect to SQL Server 2008 with
PDO dblib). (Stanley Sufficool)

- Fixed bug #64338 (pdo_dblib can't connect to Azure
SQL). (Stanley Sufficool)

- Fixed bug #64808 (FreeTDS PDO getColumnMeta on a
prepared but not executed statement crashes). (Stanley
Sufficool)

PDO_firebird :

- Fixed bug #64037 (Firebird return wrong value for
numeric field). (Matheus Degiovani, Matteo)

- Fixed bug #62024 (Cannot insert second row with null
using parametrized query). (patch by james at
kenjim.com, Matheus Degiovani, Matteo)

PDO_mysql :

- Fixed bug #48724 (getColumnMeta() doesn't return
native_type for BIT, TINYINT and YEAR). (Antony, Daniel
Beardsley)

PDO_pgsql :

- Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error).
(Remi)

pgsql :

- Fixed bug #64609 (pg_convert enum type support).
(Matteo)

Readline :

- Implement FR #55694 (Expose additional readline variable
to prevent default filename completion). (Hartmel)

SPL :

- Fixed bug #64997 (Segfault while using
RecursiveIteratorIterator on 64-bits systems).
(Laruence)

Backported from 5.4.18

CGI :

- Fixed Bug #65143 (Missing php-cgi man page). (Remi)

Phar :

- Fixed Bug #65142 (Missing phar man page). (Remi)

XML :

- Fixed bug #65236 (heap corruption in xml parser).
CVE-2013-4113

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=983689
http://www.nessus.org/u?a91adb17

Solution :

Update the affected php package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 69000 ()

Bugtraq ID: 61128

CVE ID: CVE-2013-4113

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now