Fedora 17 : php-5.4.17-2.fc17 (2013-12354)

medium Nessus Plugin ID 69001

Synopsis

The remote Fedora host is missing a security update.

Description

04 Jul 2013, PHP 5.4.17

Core :

- Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence)

- Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence)

- Fixed bug #64960 (Segfault in gc_zval_possible_root).
(Laruence)

- Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas, Jonathan Oddy)

- Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol)

- Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace). (Michael M Slusarz)

DateTime :

- Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol)

FPM :

- Fixed Bug #64915 (error_log ignored when daemonize=0).
(Remi)

- Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan)

PDO :

- Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). (Laruence)

PDO_DBlib :

- Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). (Stanley Sufficool)

- Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). (Stanley Sufficool)

- Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes). (Stanley Sufficool)

PDO_firebird :

- Fixed bug #64037 (Firebird return wrong value for numeric field). (Matheus Degiovani, Matteo)

- Fixed bug #62024 (Cannot insert second row with null using parametrized query). (patch by james at kenjim.com, Matheus Degiovani, Matteo)

PDO_mysql :

- Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR). (Antony, Daniel Beardsley)

PDO_pgsql :

- Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error).
(Remi)

pgsql :

- Fixed bug #64609 (pg_convert enum type support).
(Matteo)

Readline :

- Implement FR #55694 (Expose additional readline variable to prevent default filename completion). (Hartmel)

SPL :

- Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems).
(Laruence)

Backported from 5.4.18

CGI :

- Fixed Bug #65143 (Missing php-cgi man page). (Remi)

Phar :

- Fixed Bug #65142 (Missing phar man page). (Remi)

XML :

- Fixed bug #65236 (heap corruption in xml parser).
CVE-2013-4113

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=983689

http://www.nessus.org/u?f5b3ccb2

Plugin Details

Severity: Medium

ID: 69001

File Name: fedora_2013-12354.nasl

Version: 1.14

Type: local

Agent: unix

Published: 7/23/2013

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:17

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/5/2013

Reference Information

CVE: CVE-2013-4113

BID: 61128

FEDORA: 2013-12354