Parent Directory | Revision Log
MGASA-2013-0264: php-5.3.27-1.2.mga2, php-5.4.19-1.1.mga3, php-apc-3.1.14-7.3.mga3, php-gd-bundled-5.4.19-1.mga3
1 | type: security |
2 | subject: Updated php packages fix CVE-2013-4248 and prevent the two gd packages being installed at once |
3 | CVE: |
4 | - CVE-2013-4248 |
5 | src: |
6 | 2: |
7 | core: |
8 | - php-5.3.27-1.2.mga2 |
9 | 3: |
10 | core: |
11 | - php-5.4.19-1.1.mga3 |
12 | - php-apc-3.1.14-7.3.mga3 |
13 | - php-gd-bundled-5.4.19-1.mga3 |
14 | description: | |
15 | Updated php packages fix security vulnerability: |
16 | |
17 | The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP |
18 | before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character |
19 | in a domain name in the Subject Alternative Name field of an X.509 certificate, |
20 | which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a |
21 | crafted certificate issued by a legitimate Certification Authority |
22 | (CVE-2013-4248). |
23 | |
24 | Additionally it prevents php-gd and php-gd-bundled packages being installed |
25 | at the same time, which causes errors. |
26 | references: |
27 | - http://www.php.net/ChangeLog-5.php |
28 | - http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755 |
29 | - http://git.php.net/?p=php-src.git;a=commit;h=c1c49d6e3983c9ce0b43ffe7bf6e03b809ed048b |
30 | - http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:221/ |
31 | - https://bugs.mageia.org/show_bug.cgi?id=10997 |
32 | ID: MGASA-2013-0264 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |