[SECURITY] [DLA 67-1] php5 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package : php5
Version : 5.3.3-7+squeeze22
CVE ID : CVE-2014-3538 CVE-2014-3587 CVE-2014-3597
CVE-2014-3538
It was discovered that the original fix for CVE-2013-7345 did not
sufficiently address the problem. A remote attacker could still
cause a denial of service (CPU consumption) via a specially-crafted
input file that triggers backtracking during processing of an awk
regular expression rule.
CVE-2014-3587
It was discovered that the CDF parser of the fileinfo module does
not properly process malformed files in the Composite Document File
(CDF) format, leading to crashes.
CVE-2014-3597
It was discovered that the original fix for CVE-2014-4049 did not
completely address the issue. A malicious server or
man-in-the-middle attacker could cause a denial of service (crash)
and possibly execute arbitrary code via a crafted DNS TXT record.
CVE-2014-4670
It was discovered that PHP incorrectly handled certain SPL
Iterators. A local attacker could use this flaw to cause PHP to
crash, resulting in a denial of service.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFUKl7E02K2KlS5mJARArRYAKCUVQeEWMaVHiOOrd9s0D+amhBEKQCdE5Tk
tmpHDouz2xXL+hyh4DCO7hM=
=JkZD
-----END PGP SIGNATURE-----
Reply to: