New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 3.4
SynopsisThe remote Fedora host is missing a security update.
DescriptionVersion 5.4.19, 22-Aug-2013
- Fixed bug #64503 (Compilation fails with error:
conflicting types for 'zendparse'). (Laruence)
- Fixed UMR in fix for CVE-2013-4248.
Version 5.4.18, 15-Aug-2013
- Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value).
- Fixed bug #65254 (Exception not catchable when exception thrown in autoload with a namespace).
- Fixed bug #65108 (is_callable() triggers Fatal Error).
- Fixed bug #65088 (Generated configure script is malformed on OpenBSD).
- Fixed bug #62964 (Possible XSS on 'Registered stream filters' info).
- Fixed bug #62672 (Error on serialize of ArrayObject).
- Fixed bug #62475 (variant_* functions causes crash when null given as an argument).
- Fixed bug #60732 (php_error_docref links to invalid pages).
- Fixed bug #65226 (chroot() does not get enabled).
CLI server :
- Fixed bug #65066 (Cli server not responsive when responding with 422 http status code).
- Fixed bug #62665 (curl.cainfo doesn't appear in php.ini).
- Fixed bug #65228 (FTPs memory leak with SSL).
- Fixed bug #65227 (Memory leak in gmp_cmp second parameter).
- Fixed bug #64467 (Segmentation fault after imap_reopen failure).
- Fixed bug #62759 (Buggy grapheme_substr() on edge case).
Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).
- Fixed segfault in mysqlnd when doing long prepare.
- Fixed bug #61387 (NULL valued anonymous column causes segfault in odbc_fetch_array).
- Fixed handling null bytes in subjectAltName (CVE-2013-4248).
- Fixed bug #65219 (PDO/dblib not working anymore ('use dbName' not sent)).
- Fixed meta data retrieve when OID is larger than 2^31.
- Fixed bug #62535 ($_SESSION[$key]['cancel_upload'] doesn't work as documented).
- Fixed bug #35703 (when session_name('123') consist only digits, should warning).
- Fixed bug #49175 (mod_files.sh does not support hash bits).
- Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option).
- Fixed bug #65136 (RecursiveDirectoryIterator segfault).
- Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator /Spl(Temp)FileObject ctor twice).
- Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings).
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected php package.