Fedora 18 : php-5.4.19-1.fc18 (2013-14985)

medium Nessus Plugin ID 69815

Synopsis

The remote Fedora host is missing a security update.

Description

Version 5.4.19, 22-Aug-2013

Core :

- Fixed bug #64503 (Compilation fails with error:
conflicting types for 'zendparse'). (Laruence)

Openssl :

- Fixed UMR in fix for CVE-2013-4248.

Version 5.4.18, 15-Aug-2013

Core :

- Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value).

- Fixed bug #65254 (Exception not catchable when exception thrown in autoload with a namespace).

- Fixed bug #65108 (is_callable() triggers Fatal Error).

- Fixed bug #65088 (Generated configure script is malformed on OpenBSD).

- Fixed bug #62964 (Possible XSS on 'Registered stream filters' info).

- Fixed bug #62672 (Error on serialize of ArrayObject).

- Fixed bug #62475 (variant_* functions causes crash when null given as an argument).

- Fixed bug #60732 (php_error_docref links to invalid pages).

- Fixed bug #65226 (chroot() does not get enabled).

CLI server :

- Fixed bug #65066 (Cli server not responsive when responding with 422 http status code).

CURL :

- Fixed bug #62665 (curl.cainfo doesn't appear in php.ini).

FTP :

- Fixed bug #65228 (FTPs memory leak with SSL).

GMP :

- Fixed bug #65227 (Memory leak in gmp_cmp second parameter).

Imap :

- Fixed bug #64467 (Segmentation fault after imap_reopen failure).

Intl :

- Fixed bug #62759 (Buggy grapheme_substr() on edge case).
Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).

mysqlnd :

- Fixed segfault in mysqlnd when doing long prepare.

ODBC :

- Fixed bug #61387 (NULL valued anonymous column causes segfault in odbc_fetch_array).

Openssl :

- Fixed handling null bytes in subjectAltName (CVE-2013-4248).

PDO_dblib :

- Fixed bug #65219 (PDO/dblib not working anymore ('use dbName' not sent)).

PDO_pgsql :

- Fixed meta data retrieve when OID is larger than 2^31.

Session :

- Fixed bug #62535 ($_SESSION[$key]['cancel_upload'] doesn't work as documented).

- Fixed bug #35703 (when session_name('123') consist only digits, should warning).

- Fixed bug #49175 (mod_files.sh does not support hash bits).

Sockets :

- Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option).

SPL :

- Fixed bug #65136 (RecursiveDirectoryIterator segfault).

- Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator /Spl(Temp)FileObject ctor twice).

- Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=997097

http://www.nessus.org/u?40464961

Plugin Details

Severity: Medium

ID: 69815

File Name: fedora_2013-14985.nasl

Version: 1.12

Type: local

Agent: unix

Published: 9/9/2013

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:18, p-cpe:/a:fedoraproject:fedora:php

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/19/2013

Vulnerability Publication Date: 8/17/2013

Reference Information

CVE: CVE-2013-4248

BID: 61776

FEDORA: 2013-14985