Fedora 18 : php-5.4.16-1.fc18 (2013-10255)

medium Nessus Plugin ID 67276

Synopsis

The remote Fedora host is missing a security update.

Description

06 Jun 2013, PHP 5.4.16

Core :

- Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE-2013-2110). (Stas)

- Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build). (Anatol)

- Fixed bug #64729 (compilation failure on x32).
(Gustavo)

- Fixed bug #64720 (SegFault on zend_deactivate).
(Dmitry)

- Fixed bug #64660 (Segfault on memory exhaustion within function definition). (Stas, reported by Juha Kylmanen)

Calendar: -Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)

Fileinfo :

- Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol)

FPM :

- Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi)

- Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan. (Remi)

- Log a warning when a syscall fails. (Remi)

- Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file. (Remi)

MySQLi

- Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed). (Laruence)

Phar

- Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir). (Pierre)

SNMP :

- Fixed bug #64765 (Some IPv6 addresses get interpreted wrong). (Boris Lytochkin)

- Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin)

Streams :

- Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64). (Anatol)

Zend Engine :

- Fixed bug #64821 (Custom Exceptions crash when internal properties overridden). (Anatol)

Fix backported from PHP 5.4.17

Core :

- Fixed bug #64960 (Segfault in gc_zval_possible_root).
(Laruence)

FPM :

- Fixed Bug #64915 (error_log ignored when daemonize=0).
(Remi)

PDO_pgsql :

- Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error).
(Remi)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

http://www.nessus.org/u?4e217726

Plugin Details

Severity: Medium

ID: 67276

File Name: fedora_2013-10255.nasl

Version: 1.6

Type: local

Agent: unix

Published: 7/12/2013

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:18

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/7/2013

Reference Information

BID: 60411

FEDORA: 2013-10255