Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.703074 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 3074-1 (php5 - security update) |
Zusammenfassung: | Francisco Alonso of Red Hat Product Security found an issue in the file;utility, whose code is embedded in PHP, a general-purpose scripting;language. When checking ELF files, note headers are incorrectly;checked, thus potentially allowing attackers to cause a denial of;service (out-of-bounds read and application crash) by supplying a;specially crafted ELF file.;;As announced in DSA-3064-1 it has been decided to follow the stable;5.4.x releases for the Wheezy php5 packages. Consequently the;vulnerability is addressed by upgrading PHP to a new upstream version;5.4.35, which includes additional bug fixes, new features and possibly;incompatible changes. |
Beschreibung: | Summary: Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file. As announced in DSA-3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerability is addressed by upgrading PHP to a new upstream version 5.4.35, which includes additional bug fixes, new features and possibly incompatible changes. Affected Software/OS: php5 on Debian Linux Solution: For the stable distribution (wheezy), this problem has been fixed in version 5.4.35-0+deb7u1. We recommend that you upgrade your php5 packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3710 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 70807 http://www.securityfocus.com/bid/70807 Debian Security Information: DSA-3072 (Google Search) http://www.debian.org/security/2014/dsa-3072 FreeBSD Security Advisory: FreeBSD-SA-14:28 https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc https://security.gentoo.org/glsa/201503-03 https://security.gentoo.org/glsa/201701-42 RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html RedHat Security Advisories: RHSA-2014:1767 http://rhn.redhat.com/errata/RHSA-2014-1767.html RedHat Security Advisories: RHSA-2014:1768 http://rhn.redhat.com/errata/RHSA-2014-1768.html RedHat Security Advisories: RHSA-2016:0760 http://rhn.redhat.com/errata/RHSA-2016-0760.html http://www.securitytracker.com/id/1031344 http://secunia.com/advisories/60630 http://secunia.com/advisories/60699 http://secunia.com/advisories/61763 http://secunia.com/advisories/61970 http://secunia.com/advisories/61982 http://secunia.com/advisories/62347 http://secunia.com/advisories/62559 SuSE Security Announcement: openSUSE-SU-2014:1516 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html http://www.ubuntu.com/usn/USN-2391-1 http://www.ubuntu.com/usn/USN-2494-1 |
Copyright | Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |