[El-errata] ELSA-2014-1013 Moderate: Oracle Linux 7 php security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Aug 6 08:54:42 PDT 2014 

Oracle Linux Security Advisory ELSA-2014-1013

https://access.redhat.com/errata/RHSA-2014:1013.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
php-5.4.16-23.el7_0.x86_64.rpm
php-bcmath-5.4.16-23.el7_0.x86_64.rpm
php-cli-5.4.16-23.el7_0.x86_64.rpm
php-common-5.4.16-23.el7_0.x86_64.rpm
php-dba-5.4.16-23.el7_0.x86_64.rpm
php-devel-5.4.16-23.el7_0.x86_64.rpm
php-embedded-5.4.16-23.el7_0.x86_64.rpm
php-enchant-5.4.16-23.el7_0.x86_64.rpm
php-fpm-5.4.16-23.el7_0.x86_64.rpm
php-gd-5.4.16-23.el7_0.x86_64.rpm
php-intl-5.4.16-23.el7_0.x86_64.rpm
php-ldap-5.4.16-23.el7_0.x86_64.rpm
php-mbstring-5.4.16-23.el7_0.x86_64.rpm
php-mysql-5.4.16-23.el7_0.x86_64.rpm
php-mysqlnd-5.4.16-23.el7_0.x86_64.rpm
php-odbc-5.4.16-23.el7_0.x86_64.rpm
php-pdo-5.4.16-23.el7_0.x86_64.rpm
php-pgsql-5.4.16-23.el7_0.x86_64.rpm
php-process-5.4.16-23.el7_0.x86_64.rpm
php-pspell-5.4.16-23.el7_0.x86_64.rpm
php-recode-5.4.16-23.el7_0.x86_64.rpm
php-snmp-5.4.16-23.el7_0.x86_64.rpm
php-soap-5.4.16-23.el7_0.x86_64.rpm
php-xml-5.4.16-23.el7_0.x86_64.rpm
php-xmlrpc-5.4.16-23.el7_0.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/php-5.4.16-23.el7_0.src.rpm


Description of changes:

[5.4.16-23]
- fileinfo: cdf_unpack_summary_info() excessive looping
   DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
   loop. CVE-2014-0238
- fileinfo: cdf_check_stream_offset insufficient boundary
   check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check
   CVE-2014-3480
- fileinfo: cdf_read_short_sector insufficient boundary
   check. CVE-2014-0207
- fileinfo: cdf_read_property_info insufficient boundary
   check. CVE-2014-3487
- fileinfo: fix extensive backtracking CVE-2013-7345
- core: type confusion issue in phpinfo(). CVE-2014-4721
- core: fix heap-based buffer overflow in DNS TXT record
   parsing. CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage
   type confusion flaw. CVE-2014-3515

More information about the El-errata mailing list