 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.703074 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-3074-1) |
| Summary: | The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-3074-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-3074-1 advisory. Vulnerability Insight: Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file. As announced in DSA-3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerability is addressed by upgrading PHP to a new upstream version 5.4.35, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information: For the stable distribution (wheezy), this problem has been fixed in version 5.4.35-0+deb7u1. We recommend that you upgrade your php5 packages. Affected Software/OS: 'php5' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3710 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 70807 http://www.securityfocus.com/bid/70807 Debian Security Information: DSA-3072 (Google Search) http://www.debian.org/security/2014/dsa-3072 FreeBSD Security Advisory: FreeBSD-SA-14:28 https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc https://security.gentoo.org/glsa/201503-03 https://security.gentoo.org/glsa/201701-42 RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html RedHat Security Advisories: RHSA-2014:1767 http://rhn.redhat.com/errata/RHSA-2014-1767.html RedHat Security Advisories: RHSA-2014:1768 http://rhn.redhat.com/errata/RHSA-2014-1768.html RedHat Security Advisories: RHSA-2016:0760 http://rhn.redhat.com/errata/RHSA-2016-0760.html http://www.securitytracker.com/id/1031344 http://secunia.com/advisories/60630 http://secunia.com/advisories/60699 http://secunia.com/advisories/61763 http://secunia.com/advisories/61970 http://secunia.com/advisories/61982 http://secunia.com/advisories/62347 http://secunia.com/advisories/62559 SuSE Security Announcement: openSUSE-SU-2014:1516 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html http://www.ubuntu.com/usn/USN-2391-1 http://www.ubuntu.com/usn/USN-2494-1 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |