[SECURITY] [DLA 145-1] php5 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : php5
Version : 5.3.3-7+squeeze24
CVE ID : CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117
Brief introduction
CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c in the Fileinfo
component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows
remote attackers to cause a denial of service (performance
degradation) by triggering many file_printf calls.
CVE-2014-0238
The cdf_read_property_info function in cdf.c in the Fileinfo
component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows
remote attackers to cause a denial of service (infinite loop
or out-of-bounds memory access) via a vector that (1) has zero
length or (2) is too long.
CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context
dependent attackers to cause a denial of service (out-of-bounds
memory access and crash) via crafted offsets in the softmagic
of a PE executable.
CVE-2014-8117
- Stop reporting bad capabilities after the first few.
- limit the number of program and section header number of sections
- limit recursion level
CVE-2015-TEMP (no official CVE number available yet)
- null pointer deference (PHP bugs: 68739 68740)
- out-of-bounds memory access (file bug: 398)
additional patches from CVE-2014-3478 added
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJUzNPKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHULwP/10/Nu9a1gM88xGdoSUhHd0a
wmtlMhDKd3CKw1qWMPQhlmuv2VNrKmDgyIe7nnmBu6UBtvrPABkYeLI5Ss/JoHuq
eimcbIfhN2CJHLV8sUmxlQIX4kagOHGYnwW4mc7ih80wVHF0esaQZ69Vp15sDWco
hICqn03j1VgbSX5g1pHDJwbl+Rc/3LZFpqr5FgCAvx8NKHz7/CcOikOMUScn7xkG
518fpMBCrd3TuN0sYefbyXGWODpYAEw5abwJTiR/Mg9nw7U83aGHaeRn/Tbx+rzd
2QK+/q0psWfOeM/AgXHkVTOJzmozfZgDmoZryJ5lziHA7iYqLSN3h6m1AQilSyKi
lpGvUsQ3OrJNJQSY5Q/aY2yDT7sxbST+M1b2GHm6Hvf4zIVXEjd49vJQ55Zxn2cb
EKPd8s/iqpf2bdqeUS4MnddVlzY8mut+u5+dsbWuw+nsjUr0NWL8UNGMYnar7YOx
d7et7yIzExVH77oRmIz0XwKX1VEK8d0LAPjTxFLHlUqJihdNji27wEmjM47a4tZo
JF3ouEvAbSD7KDqd9H+Yb0DhDyRSBVowm+BhyjOWBnN1tsAJTtrMzUW3+3n2sNEc
bI5JlkhzZBvxPhymplBB5iZXytKWiXoF3UgAbDZjeqYsA9KXAhKO4p2tYFqlTptr
IWzquz7LM9LsXpnvNzQ5
=cc7y
-----END PGP SIGNATURE-----
Reply to: