File _patchinfo of Package patchinfo.2913

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.2913

<patchinfo>
  <issue id="886059" tracker="bnc">CVE-2014-4670: php5,php53: SPL Iterators use-after-free</issue>
  <issue id="885961" tracker="bnc">CVE-2014-4721: php5,php53: type confusion issue in phpinfo() leading to information leak</issue>
  <issue id="886060" tracker="bnc">CVE-2014-4698: php5,php53: ArrayIterator use-after-free due to object change during sorting</issue>
  <issue id="CVE-2014-4698" tracker="cve" />
  <issue id="CVE-2014-4670" tracker="cve" />
  <issue id="CVE-2014-4721" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>
php5 was updated to fix security issues:

CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in
the SPL component in PHP allowed context-dependent attackers to cause a
denial of service or possibly have unspecified other impact via crafted
iterator usage within applications in certain web-hosting environments.

CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c
in the SPL component in PHP allowed context-dependent attackers to
cause a denial of service or possibly have unspecified other impact via
crafted ArrayIterator usage within applications in certain web-hosting
environments.

CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in
PHP did not ensure use of the string data type for the PHP_AUTH_PW,
PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow
context-dependent attackers to obtain sensitive information from process
memory by using the integer data type with crafted values, related to a
"type confusion" vulnerability, as demonstrated by reading a private
SSL key in an Apache HTTP Server web-hosting environment with mod_ssl
and a PHP 5.3.x mod_php. 
</description>
  <summary>php5: security fixes</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.2913

Places