Scientific Linux Security Update : php on SL5.x i386/x86_64
High Nessus Plugin ID 79082
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626)
An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669)
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
SolutionUpdate the affected packages.