Test ID:	1.3.6.1.4.1.25623.1.1.10.2014.0367
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2014-0367)
Summary:	The remote host is missing an update for the 'php, php-apc, php-gd-bundled' package(s) announced via the MGASA-2014-0367 advisory.
Description:	Summary: The remote host is missing an update for the 'php, php-apc, php-gd-bundled' package(s) announced via the MGASA-2014-0367 advisory. Vulnerability Insight: Updated php packages fix security vulnerabilities: Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 (CVE-2014-3587). Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (CVE-2014-3597). gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack \%00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function (CVE-2014-5120). The php packages have been updated to 5.4.32 for Mageia 3 and 5.5.16 for Mageia 4, fixing these issues and several other bugs. Note that the CVE-2014-5120 issue is only relevant for the php-gd-bundled package in Mageia 3. Also, php-apc has been rebuilt against the updated php packages. Affected Software/OS: 'php, php-apc, php-gd-bundled' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3587 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 69325 http://www.securityfocus.com/bid/69325 Debian Security Information: DSA-3008 (Google Search) http://www.debian.org/security/2014/dsa-3008 Debian Security Information: DSA-3021 (Google Search) http://www.debian.org/security/2014/dsa-3021 RedHat Security Advisories: RHSA-2014:1326 http://rhn.redhat.com/errata/RHSA-2014-1326.html RedHat Security Advisories: RHSA-2014:1327 http://rhn.redhat.com/errata/RHSA-2014-1327.html RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html RedHat Security Advisories: RHSA-2016:0760 http://rhn.redhat.com/errata/RHSA-2016-0760.html http://secunia.com/advisories/60609 http://secunia.com/advisories/60696 http://www.ubuntu.com/usn/USN-2344-1 http://www.ubuntu.com/usn/USN-2369-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3597 BugTraq ID: 69322 http://www.securityfocus.com/bid/69322 SuSE Security Announcement: openSUSE-SU-2014:1133 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html SuSE Security Announcement: openSUSE-SU-2014:1245 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html Common Vulnerability Exposure (CVE) ID: CVE-2014-5120
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.