Test ID:	1.3.6.1.4.1.25623.1.0.882077
Category:	CentOS Local Security Checks
Title:	CentOS Update for php CESA-2014:1824 centos5
Summary:	Check the version of php
Description:	Summary: Check the version of php Vulnerability Insight: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. Affected Software/OS: php on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3669 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 70611 http://www.securityfocus.com/bid/70611 Debian Security Information: DSA-3064 (Google Search) http://www.debian.org/security/2014/dsa-3064 RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html RedHat Security Advisories: RHSA-2014:1767 http://rhn.redhat.com/errata/RHSA-2014-1767.html RedHat Security Advisories: RHSA-2014:1768 http://rhn.redhat.com/errata/RHSA-2014-1768.html RedHat Security Advisories: RHSA-2014:1824 http://rhn.redhat.com/errata/RHSA-2014-1824.html http://secunia.com/advisories/59967 http://secunia.com/advisories/60630 http://secunia.com/advisories/60699 http://secunia.com/advisories/61763 http://secunia.com/advisories/61970 http://secunia.com/advisories/61982 SuSE Security Announcement: openSUSE-SU-2014:1377 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html SuSE Security Announcement: openSUSE-SU-2014:1391 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html SuSE Security Announcement: openSUSE-SU-2015:0014 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://www.ubuntu.com/usn/USN-2391-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3670 BugTraq ID: 70665 http://www.securityfocus.com/bid/70665 Common Vulnerability Exposure (CVE) ID: CVE-2014-8626 BugTraq ID: 70928 http://www.securityfocus.com/bid/70928 http://openwall.com/lists/oss-security/2014/11/06/3 RedHat Security Advisories: RHSA-2014:1825 http://rhn.redhat.com/errata/RHSA-2014-1825.html
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.