GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Nov 09, 2014 5:26 pm Post subject: [ GLSA 201411-04 ] PHP: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: PHP: Multiple vulnerabilities (GLSA 201411-04)
Severity: normal
Exploitable: remote
Date: November 09, 2014
Updated: January 02, 2015
Bug(s): #525960
ID: 201411-04
Synopsis
Multiple vulnerabilities have been discovered in PHP, the worst of
which could lead to remote execution of arbitrary code.
Background
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Affected Packages
Package: dev-lang/php
Vulnerable: < 5.5.18
Unaffected: >= 5.5.18
Unaffected: >= 5.4.34 < 5.4.35
Unaffected: >= 5.3.29 < 5.3.30
Unaffected: >= 5.4.36 < 5.4.37
Unaffected: >= 5.4.37 < 5.4.38
Unaffected: >= 5.4.38 < 5.4.39
Unaffected: >= 5.4.39 < 5.4.40
Unaffected: >= 5.4.35 < 5.4.36
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.
Impact
A context-dependent attacker can possibly execute arbitrary code or
create a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All PHP 5.5 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.18"
| All PHP 5.4 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.34"
| All PHP 5.3 users should upgrade to the latest version. This release
marks the end of life of the PHP 5.3 series. Future releases of this
series are not planned. All PHP 5.3 users are encouraged to upgrade to
the current stable version of PHP 5.5 or previous stable version of PHP
5.4, which are supported till at least 2016 and 2015 respectively.
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29"
|
References
CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
Last edited by GLSA on Sat Jan 03, 2015 4:33 am; edited 1 time in total |
|