[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201408-11.xml - gentoo-commits

From:	"Kristian Fiskerstrand (k_f)" <k_f@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201408-11.xml
Date:	Fri, 29 Aug 2014 10:49:37
Message-Id:	`20140829104932.DAC74429B@oystercatcher.gentoo.org`

1

k_f         14/08/29 10:49:32

2

3

  Added:                glsa-201408-11.xml

4

  Log:

5

  GLSA 201408-11

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201408-11.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201408-11.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201408-11.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201408-11.xml

14

===================================================================

15

<?xml version="1.0" encoding="UTF-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

<glsa id="201408-11">

20

  <title>PHP: Multiple vulnerabilities</title>

21

  <synopsis>Multiple vulnerabilities have been discovered in PHP, the worst of

22

    which could lead to remote execution of arbitrary code.

23

  </synopsis>

24

  <product type="ebuild">php</product>

25

  <announced>August 29, 2014</announced>

26

  <revised>August 29, 2014: 1</revised>

27

  <bug>459904</bug>

28

  <bug>472204</bug>

29

  <bug>472558</bug>

30

  <bug>474656</bug>

31

  <bug>476570</bug>

32

  <bug>481004</bug>

33

  <bug>483212</bug>

34

  <bug>485252</bug>

35

  <bug>492784</bug>

36

  <bug>493982</bug>

37

  <bug>501312</bug>

38

  <bug>503630</bug>

39

  <bug>503670</bug>

40

  <bug>505172</bug>

41

  <bug>505712</bug>

42

  <bug>509132</bug>

43

  <bug>512288</bug>

44

  <bug>512492</bug>

45

  <bug>513032</bug>

46

  <bug>516994</bug>

47

  <bug>519932</bug>

48

  <bug>520134</bug>

49

  <bug>520438</bug>

50

  <access>remote</access>

51

  <affected>

52

    <package name="dev-lang/php" auto="yes" arch="*">

53

      <unaffected range="ge">5.5.16</unaffected>

54

      <unaffected range="rge">5.4.32</unaffected>

55

      <unaffected range="rge">5.3.29</unaffected>

56

      <vulnerable range="lt">5.5.16</vulnerable>

57

    </package>

58

  </affected>

59

  <background>

60

    <p>PHP is a widely-used general-purpose scripting language that is

61

      especially suited for Web development and can be embedded into HTML. 

62

    </p>

63

  </background>

64

  <description>

65

    <p>Multiple vulnerabilities have been discovered in PHP. Please review the

66

      CVE identifiers referenced below for details.

67

    </p>

68

  </description>

69

  <impact type="high">

70

    <p>A context-dependent attacker can cause arbitrary code execution, create

71

      a Denial of Service condition, read or write arbitrary files, impersonate

72

      other servers, hijack a web session, or have other unspecified impact.

73

      Additionally, a local attacker could gain escalated privileges.

74

    </p>

75

  </impact>

76

  <workaround>

77

    <p>There is no known workaround at this time.</p>

78

  </workaround>

79

  <resolution>

80

    <p>All PHP 5.5 users should upgrade to the latest version:</p>

81

82

    <code>

83

      # emerge --sync

84

      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.5.16"

85

    </code>

86

87

    <p>All PHP 5.4 users should upgrade to the latest version:</p>

88

89

    <code>

90

      # emerge --sync

91

      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.4.32"

92

    </code>

93

94

    <p>All PHP 5.3 users should upgrade to the latest version. This release

95

      marks the end of life of the PHP 5.3 series. Future releases of this

96

      series are not planned. All PHP 5.3 users are encouraged to upgrade to

97

      the current stable version of PHP 5.5 or previous stable version of PHP

98

      5.4, which are supported till at least 2016 and 2015 respectively.

99

    </p>

100

101

    <code>

102

      # emerge --sync

103

      # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-5.3.29"

104

    </code>

105

  </resolution>

106

  <references>

107

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718">CVE-2011-4718</uri>

108

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635">CVE-2013-1635</uri>

109

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643">CVE-2013-1643</uri>

110

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824">CVE-2013-1824</uri>

111

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110">CVE-2013-2110</uri>

112

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735">CVE-2013-3735</uri>

113

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113">CVE-2013-4113</uri>

114

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248">CVE-2013-4248</uri>

115

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635">CVE-2013-4635</uri>

116

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636">CVE-2013-4636</uri>

117

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420">CVE-2013-6420</uri>

118

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712">CVE-2013-6712</uri>

119

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226">CVE-2013-7226</uri>

120

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327">CVE-2013-7327</uri>

121

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345">CVE-2013-7345</uri>

122

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185">CVE-2014-0185</uri>

123

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237">CVE-2014-0237</uri>

124

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238">CVE-2014-0238</uri>

125

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943">CVE-2014-1943</uri>

126

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270">CVE-2014-2270</uri>

127

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497">CVE-2014-2497</uri>

128

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597">CVE-2014-3597</uri>

129

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981">CVE-2014-3981</uri>

130

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049">CVE-2014-4049</uri>

131

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670">CVE-2014-4670</uri>

132

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120">CVE-2014-5120</uri>

133

  </references>

134

  <metadata tag="requester" timestamp="Fri, 23 Aug 2013 14:19:36 +0000">

135

    creffett

136

  </metadata>

137

  <metadata tag="submitter" timestamp="Fri, 29 Aug 2014 10:48:28 +0000">

138

    creffett

139

  </metadata>

140

</glsa>

1	k_f 14/08/29 10:49:32
2
3	Added: glsa-201408-11.xml
4	Log:
5	GLSA 201408-11
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201408-11.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201408-11.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201408-11.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201408-11.xml
14	===================================================================
15	<?xml version="1.0" encoding="UTF-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19	<glsa id="201408-11">
20	<title>PHP: Multiple vulnerabilities</title>
21	<synopsis>Multiple vulnerabilities have been discovered in PHP, the worst of
22	which could lead to remote execution of arbitrary code.
23	</synopsis>
24	<product type="ebuild">php</product>
25	<announced>August 29, 2014</announced>
26	<revised>August 29, 2014: 1</revised>
27	<bug>459904</bug>
28	<bug>472204</bug>
29	<bug>472558</bug>
30	<bug>474656</bug>
31	<bug>476570</bug>
32	<bug>481004</bug>
33	<bug>483212</bug>
34	<bug>485252</bug>
35	<bug>492784</bug>
36	<bug>493982</bug>
37	<bug>501312</bug>
38	<bug>503630</bug>
39	<bug>503670</bug>
40	<bug>505172</bug>
41	<bug>505712</bug>
42	<bug>509132</bug>
43	<bug>512288</bug>
44	<bug>512492</bug>
45	<bug>513032</bug>
46	<bug>516994</bug>
47	<bug>519932</bug>
48	<bug>520134</bug>
49	<bug>520438</bug>
50	<access>remote</access>
51	<affected>
52	<package name="dev-lang/php" auto="yes" arch="*">
53	<unaffected range="ge">5.5.16</unaffected>
54	<unaffected range="rge">5.4.32</unaffected>
55	<unaffected range="rge">5.3.29</unaffected>
56	<vulnerable range="lt">5.5.16</vulnerable>
57	</package>
58	</affected>
59	<background>
60	<p>PHP is a widely-used general-purpose scripting language that is
61	especially suited for Web development and can be embedded into HTML.
62	</p>
63	</background>
64	<description>
65	<p>Multiple vulnerabilities have been discovered in PHP. Please review the
66	CVE identifiers referenced below for details.
67	</p>
68	</description>
69	<impact type="high">
70	<p>A context-dependent attacker can cause arbitrary code execution, create
71	a Denial of Service condition, read or write arbitrary files, impersonate
72	other servers, hijack a web session, or have other unspecified impact.
73	Additionally, a local attacker could gain escalated privileges.
74	</p>
75	</impact>
76	<workaround>
77	<p>There is no known workaround at this time.</p>
78	</workaround>
79	<resolution>
80	<p>All PHP 5.5 users should upgrade to the latest version:</p>
81
82	<code>
83	# emerge --sync
84	# emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.16"
85	</code>
86
87	<p>All PHP 5.4 users should upgrade to the latest version:</p>
88
89	<code>
90	# emerge --sync
91	# emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.32"
92	</code>
93
94	<p>All PHP 5.3 users should upgrade to the latest version. This release
95	marks the end of life of the PHP 5.3 series. Future releases of this
96	series are not planned. All PHP 5.3 users are encouraged to upgrade to
97	the current stable version of PHP 5.5 or previous stable version of PHP
98	5.4, which are supported till at least 2016 and 2015 respectively.
99	</p>
100
101	<code>
102	# emerge --sync
103	# emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29"
104	</code>
105	</resolution>
106	<references>
107	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718">CVE-2011-4718</uri>
108	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635">CVE-2013-1635</uri>
109	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643">CVE-2013-1643</uri>
110	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824">CVE-2013-1824</uri>
111	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110">CVE-2013-2110</uri>
112	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735">CVE-2013-3735</uri>
113	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113">CVE-2013-4113</uri>
114	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248">CVE-2013-4248</uri>
115	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635">CVE-2013-4635</uri>
116	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636">CVE-2013-4636</uri>
117	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420">CVE-2013-6420</uri>
118	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712">CVE-2013-6712</uri>
119	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226">CVE-2013-7226</uri>
120	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327">CVE-2013-7327</uri>
121	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345">CVE-2013-7345</uri>
122	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185">CVE-2014-0185</uri>
123	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237">CVE-2014-0237</uri>
124	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238">CVE-2014-0238</uri>
125	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943">CVE-2014-1943</uri>
126	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270">CVE-2014-2270</uri>
127	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497">CVE-2014-2497</uri>
128	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597">CVE-2014-3597</uri>
129	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981">CVE-2014-3981</uri>
130	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049">CVE-2014-4049</uri>
131	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670">CVE-2014-4670</uri>
132	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120">CVE-2014-5120</uri>
133	</references>
134	<metadata tag="requester" timestamp="Fri, 23 Aug 2013 14:19:36 +0000">
135	creffett
136	</metadata>
137	<metadata tag="submitter" timestamp="Fri, 29 Aug 2014 10:48:28 +0000">
138	creffett
139	</metadata>
140	</glsa>

Gentoo Archives: gentoo-commits