Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2015:10313

Overview

Id SUSE-2015:10313
Name Novell SUSE 2015:10313 apache2-mod_php53 security update for SLES 11 SP3 x86_64
Vendor Name novell
Product Novell
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 12 Feb 2015 12:00:00

SUSE-2015:10313

Novell SUSE 2015:10313 apache2-mod_php53 security update for SLES 11 SP3 x86_64

Vendor Name

novell

Product

Novell

Released On

12 Feb 2015 12:00:00

Url

http://www.novell.com/support

Description

LSAC(v2)
PHP 5.3 was updated to fix three security issues: * CVE-2014-8142: Use-after-free vulnerability allowed remote attackers to execute arbitrary code via a crafted unserialize call that leveraged improper handling of duplicate keys within the serialized properties of an object (bnc#910659). * CVE-2015-0231: Use-after-free vulnerability allowed remote attackers to execute arbitrary code via a crafted unserialize call that leveraged improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bnc#910659). * CVE-2015-0232: The exif_process_unicode function allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bnc#914690). Additionally a fix was included that protects against a possible NULL pointer use (bnc#910659). This non-security issue has been fixed: * Don't ignore default_socket_timeout on outgoing SSL connection (bnc#907519) Security Issues: * CVE-2015-0232 * CVE-2015-0231 * CVE-2014-8142

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches


Last Updated: 27 May 2016 11:20:45