FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PHP multiple vulnerabilities

Affected packages
php53 < 5.3.29

Details

VuXML ID d2a892b9-2605-11e4-9da0-00a0986f28c4
Discovery 2014-08-14
Entry 2014-08-18

The PHP Team reports:

insecure temporary file use in the configure script

unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion

Heap buffer over-read in DateInterval

fileinfo: cdf_read_short_sector insufficient boundary check

fileinfo: CDF infinite loop in nelements DoS

fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation)

Fix potential segfault in dns_check_record()

References

CVE Name CVE-2013-6712
CVE Name CVE-2014-0207
CVE Name CVE-2014-0237
CVE Name CVE-2014-0238
CVE Name CVE-2014-3515
CVE Name CVE-2014-3981
CVE Name CVE-2014-4049
URL http://php.net/ChangeLog-5.php#5.3.29
URL https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html