Debian Security Advisory
DLA-94-1 php5 -- LTS security update
- Date Reported:
- 25 Nov 2014
- Affected Packages:
- php5
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710.
- More information:
-
- CVE-2014-3668
Fix bug #68027 - fix date parsing in XMLRPC lib
- CVE-2014-3669
Fix bug #68044: Integer overflow in unserialize() (32-bits only)
- CVE-2014-3670
Fix bug #68113 (Heap corruption in exif_thumbnail())
- CVE-2014-3710
Fix bug #68283: fileinfo: out-of-bounds read in elf note headers
Additional bugfix
Fix null byte handling in LDAP bindings in ldap-fix.patch
For Debian 6
Squeeze
, these issues have been fixed in php5 version 5.3.3-7+squeeze23 - CVE-2014-3668