update for php5
CVE-2014-5459:
It was reported that the pear utility insecurely used the /tmp/ directory for cache data. A local attacker could use this flaw to perform a symbolic link attack against a user (typically the root user) running a pear command, causing an arbitrary file to be overwritten, possibly leading to a denial of service.
CVE-2014-3597:
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
-
Submitted by
Christian Wittmer (computersalat)
Fixed bugs
bnc#893849
VUL-1: CVE-2014-5459: php5, php53: php5-pear, php53-pear: insecure temporary file use for cache data
bnc#893853
VUL-0: CVE-2014-3597: php5, php53: incomplete fix for CVE-2014-4049
