Mandriva Linux Security Advisory : php (MDVSA-2014:172)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been discovered and corrected in php :

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP
5.4.26 and earlier, allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via a crafted
color table in an XPM file (CVE-2014-2497).

file before 5.19 does not properly restrict the amount of data read
during a regex search, which allows remote attackers to cause a denial
of service (CPU consumption) via a crafted file that triggers
backtracking during processing of an awk rule. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2013-7345
(CVE-2014-3538).

Integer overflow in the cdf_read_property_info function in cdf.c in
file through 5.19, as used in the Fileinfo component in PHP before
5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a
denial of service (application crash) via a crafted CDF file. NOTE:
this vulnerability exists because of an incomplete fix for
CVE-2012-1571 (CVE-2014-3587).

Multiple buffer overflows in the php_parserr function in
ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow
remote DNS servers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted DNS record, related to
the dns_get_record function and the dn_expand function. NOTE: this
issue exists because of an incomplete fix for CVE-2014-4049
(CVE-2014-3597).

gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x
before 5.5.16 does not ensure that pathnames lack \%00 sequences,
which might allow remote attackers to overwrite arbitrary files via
crafted input to an application that calls the (1) imagegd, (2)
imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or
(7) imagewebp function (CVE-2014-5120).

The updated php packages have been upgraded to the 5.5.16 version
resolve these security flaws.

Additionally, php-apc has been rebuilt against the updated php
packages and the php-timezonedb packages has been upgraded to the
2014.6 version.

See also :

http://php.net/ChangeLog-5.php#5.5.16

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 77651 ()

Bugtraq ID: 66233
68348
69322
69325
69375

CVE ID: CVE-2014-2497
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-5120

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now