SUSE Security Update: Security update for PHP5 ______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0873-2 Rating: important References: #837746 #854880 #868624 #882992 Cross-References: CVE-2013-4248 CVE-2013-6420 CVE-2014-2497 CVE-2014-4049 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________
An update that fixes four vulnerabilities is now available. It includes one version update.
Description:
PHP5 has been updated to fix four security vulnerabilities:
* Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049) * Heap based buffer overflow in time handling in openssl_x509_parse (CVE-2013-6420) * Man in the Middle attack in the the openssl_x509_parse due to lack of \0 handling (CVE-2013-4248) * NULL pointer dereference in GD XPM decoder (CVE-2014-2497)