ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0324
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0324)
Resumen:	The remote host is missing an update for the 'php, php-apc, php-gd-bundled, php-timezonedb' package(s) announced via the MGASA-2014-0324 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php, php-apc, php-gd-bundled, php-timezonedb' package(s) announced via the MGASA-2014-0324 advisory. Vulnerability Insight: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (CVE-2014-4698). Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (CVE-2014-4670). file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for Mageia 4, and additional patches have been added to fix these issues and several other bugs. Also, php-apc has been rebuilt against the updated PHP versions and the php-timezonedb package has been updated to the latest version, 2014.5. Additionally, the jsonc extension has been upgraded to the 1.3.6 version. Affected Software/OS: 'php, php-apc, php-gd-bundled, php-timezonedb' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3538 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 68348 http://www.securityfocus.com/bid/68348 Debian Security Information: DSA-3008 (Google Search) http://www.debian.org/security/2014/dsa-3008 Debian Security Information: DSA-3021 (Google Search) http://www.debian.org/security/2014/dsa-3021 http://mx.gw.com/pipermail/file/2014/001553.html http://openwall.com/lists/oss-security/2014/06/30/7 RedHat Security Advisories: RHSA-2014:1327 http://rhn.redhat.com/errata/RHSA-2014-1327.html RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html RedHat Security Advisories: RHSA-2016:0760 http://rhn.redhat.com/errata/RHSA-2016-0760.html http://secunia.com/advisories/60696 Common Vulnerability Exposure (CVE) ID: CVE-2014-4670 RedHat Security Advisories: RHSA-2014:1326 http://rhn.redhat.com/errata/RHSA-2014-1326.html http://secunia.com/advisories/54553 http://secunia.com/advisories/59831 SuSE Security Announcement: openSUSE-SU-2014:0945 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html SuSE Security Announcement: openSUSE-SU-2014:1236 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html Common Vulnerability Exposure (CVE) ID: CVE-2014-4698
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.