[El-errata] ELSA-2014-1327 Moderate: Oracle Linux 7 php security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Sep 30 07:53:11 PDT 2014 

Oracle Linux Security Advisory ELSA-2014-1327

https://access.redhat.com/errata/RHSA-2014:1327.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
php-5.4.16-23.el7_0.1.x86_64.rpm
php-bcmath-5.4.16-23.el7_0.1.x86_64.rpm
php-cli-5.4.16-23.el7_0.1.x86_64.rpm
php-common-5.4.16-23.el7_0.1.x86_64.rpm
php-dba-5.4.16-23.el7_0.1.x86_64.rpm
php-devel-5.4.16-23.el7_0.1.x86_64.rpm
php-embedded-5.4.16-23.el7_0.1.x86_64.rpm
php-enchant-5.4.16-23.el7_0.1.x86_64.rpm
php-fpm-5.4.16-23.el7_0.1.x86_64.rpm
php-gd-5.4.16-23.el7_0.1.x86_64.rpm
php-intl-5.4.16-23.el7_0.1.x86_64.rpm
php-ldap-5.4.16-23.el7_0.1.x86_64.rpm
php-mbstring-5.4.16-23.el7_0.1.x86_64.rpm
php-mysql-5.4.16-23.el7_0.1.x86_64.rpm
php-mysqlnd-5.4.16-23.el7_0.1.x86_64.rpm
php-odbc-5.4.16-23.el7_0.1.x86_64.rpm
php-pdo-5.4.16-23.el7_0.1.x86_64.rpm
php-pgsql-5.4.16-23.el7_0.1.x86_64.rpm
php-process-5.4.16-23.el7_0.1.x86_64.rpm
php-pspell-5.4.16-23.el7_0.1.x86_64.rpm
php-recode-5.4.16-23.el7_0.1.x86_64.rpm
php-snmp-5.4.16-23.el7_0.1.x86_64.rpm
php-soap-5.4.16-23.el7_0.1.x86_64.rpm
php-xml-5.4.16-23.el7_0.1.x86_64.rpm
php-xmlrpc-5.4.16-23.el7_0.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/php-5.4.16-23.el7_0.1.src.rpm

Description of changes:

[5.4.16-23.1]
- gd: fix NULL pointer dereference in gdImageCreateFromXpm().
   CVE-2014-2497
- gd: fix NUL byte injection in file names. CVE-2014-5120
- fileinfo: fix extensive backtracking in regular expression
   (incomplete fix for CVE-2013-7345). CVE-2014-3538
- fileinfo: fix mconvert incorrect handling of truncated
   pascal string size. CVE-2014-3478
- fileinfo: fix cdf_read_property_info
   (incomplete fix for CVE-2012-1571). CVE-2014-3587
- spl: fix use-after-free in ArrayIterator due to object
   change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670
- network: fix segfault in dns_get_record
   (incomplete fix for CVE-2014-4049). CVE-2014-3597

More information about the El-errata mailing list