/[advisories]/10997.adv
ViewVC logotype

Contents of /10997.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 394 - (show annotations) (download)
Fri Aug 30 17:30:07 2013 UTC (10 years, 7 months ago) by tmb
File size: 1269 byte(s)
MGASA-2013-0264: php-5.3.27-1.2.mga2, php-5.4.19-1.1.mga3, php-apc-3.1.14-7.3.mga3, php-gd-bundled-5.4.19-1.mga3
1 type: security
2 subject: Updated php packages fix CVE-2013-4248 and prevent the two gd packages being installed at once
3 CVE:
4 - CVE-2013-4248
5 src:
6 2:
7 core:
8 - php-5.3.27-1.2.mga2
9 3:
10 core:
11 - php-5.4.19-1.1.mga3
12 - php-apc-3.1.14-7.3.mga3
13 - php-gd-bundled-5.4.19-1.mga3
14 description: |
15 Updated php packages fix security vulnerability:
16
17 The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP
18 before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character
19 in a domain name in the Subject Alternative Name field of an X.509 certificate,
20 which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a
21 crafted certificate issued by a legitimate Certification Authority
22 (CVE-2013-4248).
23
24 Additionally it prevents php-gd and php-gd-bundled packages being installed
25 at the same time, which causes errors.
26 references:
27 - http://www.php.net/ChangeLog-5.php
28 - http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755
29 - http://git.php.net/?p=php-src.git;a=commit;h=c1c49d6e3983c9ce0b43ffe7bf6e03b809ed048b
30 - http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:221/
31 - https://bugs.mageia.org/show_bug.cgi?id=10997
32 ID: MGASA-2013-0264

  ViewVC Help
Powered by ViewVC 1.1.30