Description

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Server. PHP's fileinfo module provides functions used to identify aparticular file according to the type of data contained by the file.Multiple denial of service flaws were found in the way the File Information(fileinfo) extension parsed certain Composite Document Format (CDF) files.A remote attacker could use either of these flaws to crash a PHPapplication using fileinfo via a specially crafted CDF file.(CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571)Two denial of service flaws were found in the way the File Information(fileinfo) extension handled indirect and search rules. A remote attackercould use either of these flaws to cause a PHP application using fileinfoto crash or consume an excessive amount of CPU. (CVE-2014-1943,CVE-2014-2270)A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXTrecords. A malicious DNS server or a man-in-the-middle attacker couldpossibly use this flaw to execute arbitrary code as the PHP interpreter ifa PHP application used the dns_get_record() function to perform a DNSquery. (CVE-2014-4049)A type confusion issue was found in PHP's phpinfo() function. A maliciousscript author could possibly use this flaw to disclose certain portions ofserver memory. (CVE-2014-4721)A buffer over-read flaw was found in the way the DateInterval class parsedinterval specifications. An attacker able to make a PHP application parse aspecially crafted specification using DateInterval could possibly cause thePHP interpreter to crash. (CVE-2013-6712)A type confusion issue was found in the SPL ArrayObject andSPLObjectStorage classes' unserialize() method. A remote attacker able tosubmit specially crafted input to a PHP application, which would thenunserialize this input using one of the aforementioned methods, could usethis flaw to execute arbitrary code with the privileges of the user runningthat PHP application. (CVE-2014-3515)The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issueswere discovered by Francisco Alonso of Red Hat Product Security.All php53 and php users are advised to upgrade to these updated packages,which contain backported patches to correct these issues.

References

• APPLE-APPLE-SA-2015-04-08-2
• CVE-2012-1571
• CVE-2013-6712
• CVE-2014-0237
• CVE-2014-0238
• CVE-2014-1943
• CVE-2014-2270
• CVE-2014-3479
• CVE-2014-3480
• CVE-2014-3515
• CVE-2014-4049
• CVE-2014-4721
• DEBIAN-DSA-2422
• DEBIAN-DSA-2861
• DEBIAN-DSA-2868
• DEBIAN-DSA-2873
• DEBIAN-DSA-2961
• DEBIAN-DSA-2974
• DEBIAN-DSA-3021
• REDHAT-RHSA-2014:1012
• REDHAT-RHSA-2014:1765
• REDHAT-RHSA-2014:1766

Solution

Related Vulnerabilities

• RHSA-2014:1765: php54-php security update
• OS X update for Note: (CVE-2014-3480)
• Alpine Linux: CVE-2014-1943: file DoS
• Amazon Linux AMI: Security patch for file (ALAS-2014-382) (multiple CVEs)
• Gentoo Linux: CVE-2014-4049: PHP: Multiple vulnerabilities
• OS X update for Note: (CVE-2014-0238)
• OS X update for apache_mod_php (CVE-2014-0238)
• OS X update for PHP (CVE-2014-0238)
• Oracle Solaris 11: CVE-2014-1943: Vulnerability in PHP
• USN-2162-1: file vulnerability
• USN-2123-1: file vulnerabilities
• DSA-2868-1 php5 -- denial of service
• ELSA-2014-1327 Moderate: Oracle Linux php security update
• Gentoo Linux: CVE-2012-1571: file: Denial of Service
• Amazon Linux AMI: Security patch for php55 (ALAS-2014-314) (multiple CVEs)
• DSA-2816-1 php5 -- several vulnerabilities
• Amazon Linux AMI: Security patch for php54 (ALAS-2014-361) (multiple CVEs)
• Gentoo Linux: CVE-2014-2270: file: Denial of Service
• Oracle Solaris 11: CVE-2014-3479: Vulnerability in PHP
• DSA-3021-1 file -- security update
• OS X update for Admin Framework (CVE-2014-3480)
• Alpine Linux: CVE-2014-4721: php sensitive information leak from process memory
• ELSA-2014-1606 Moderate: Oracle Linux file security and bug fix update
• ELSA-2015-2155 Moderate: Oracle Linux file security and bug fix update
• SUSE Linux Security Vulnerability: CVE-2013-6712
• Gentoo Linux: CVE-2014-0238: PHP: Multiple vulnerabilities
• OS X update for apache_mod_php (CVE-2014-0237)
• DSA-2422-2 file -- missing bounds checks
• DSA-2861-1 file -- denial of service
• USN-2278-1: file vulnerabilities
• FreeBSD: file -- denial of service (CVE-2014-1943)
• OS X update for PHP (CVE-2013-6712)
• Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
• Alpine Linux: CVE-2014-3479: php multiple issues fixed in new 5.5.14
• OS X update for apache_mod_php (CVE-2014-3515)
• Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
• Amazon Linux AMI: Security patch for php55 (ALAS-2014-372) (multiple CVEs)
• PHP Vulnerability: CVE-2014-0238
• OS X update for PHP (CVE-2014-4049)
• SUSE Linux Security Vulnerability: CVE-2012-1571
• Oracle Solaris 11: CVE-2014-0238: Vulnerability in PHP
• Oracle Solaris 11: CVE-2014-0237: Vulnerability in PHP
• FreeBSD: PHP multiple vulnerabilities (Multiple CVEs)
• Alpine Linux: CVE-2014-3480: php multiple issues fixed in new 5.5.14
• DSA-2943-1 php5 -- security update
• Oracle Solaris 11: CVE-2014-3515: Vulnerability in PHP
• OS X update for apache_mod_php (CVE-2014-3479)
• USN-2163-1: PHP vulnerability
• OS X update for apache_mod_php (CVE-2014-2270)
• PHP Vulnerability: CVE-2013-6712
• ELSA-2014-1013 Moderate: Oracle Linux php security update
• Oracle Solaris 11: CVE-2014-2270: Vulnerability in PHP
• OS X update for Admin Framework (CVE-2014-0237)
• USN-2055-1: PHP vulnerabilities
• Gentoo Linux: CVE-2014-1943: file: Denial of Service
• FreeBSD: FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (FreeBSD-SA-14:16.file) (Multiple CVEs)
• OS X update for Note: (CVE-2014-2270)
• OS X update for Admin Framework (CVE-2013-6712)
• Alpine Linux: CVE-2014-2270: file CVE-2014-2270
• PHP Vulnerability: CVE-2014-3479
• Alpine Linux: CVE-2013-6712: php remote DoS
• OS X update for Note: (CVE-2014-0237)
• OS X update for apache_mod_php (CVE-2014-1943)
• OS X update for Note: (CVE-2014-3479)
• Amazon Linux AMI: Security patch for php (ALAS-2014-393) (multiple CVEs)
• Oracle Solaris 11: CVE-2014-3480: Vulnerability in PHP
• Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
• OS X update for Admin Framework (CVE-2014-4049)
• RHSA-2015:2155: file security and bug fix update
• Gentoo Linux: CVE-2014-0237: PHP: Multiple vulnerabilities
• ELSA-2014-1012 Moderate: Oracle Linux php53 and php security update
• DSA-2974-1 php5 -- security update
• RHSA-2014:1766: php55-php security update
• USN-2276-1: PHP vulnerabilities
• OS X update for Admin Framework (CVE-2014-0238)
• USN-2254-1: PHP vulnerabilities
• Alpine Linux: CVE-2014-4049: php buffer overflow on bad DNS TXT records
• ELSA-2014-1326 Moderate: Oracle Linux php53 and php security update
• Oracle Solaris 11: CVE-2013-6712: Vulnerability in PHP
• Gentoo Linux: CVE-2013-6712: PHP: Multiple vulnerabilities
• Alpine Linux: CVE-2012-1571: Vulnerability in file < 5.11 may allow remote denial of service
• PHP Vulnerability: CVE-2014-3515
• Amazon Linux AMI: Security patch for php55 (ALAS-2014-362) (multiple CVEs)
• OS X update for PHP (CVE-2014-0237)
• Amazon Linux AMI: Security patch for php54 (ALAS-2014-367) (multiple CVEs)
• OS X update for PHP (CVE-2014-3480)
• Alpine Linux: CVE-2014-3515: php multiple issues fixed in new 5.5.14
• DSA-2873-1 file -- several vulnerabilities
• Alpine Linux: CVE-2014-0238: php remote DoS, Fileinfo component
• FreeBSD: file -- out-of-bounds access in search rules with offsets from input file (CVE-2014-2270)
• OS X update for Note: (CVE-2014-1943)
• PHP Vulnerability: CVE-2014-0237
• USN-2126-1: PHP vulnerabilities
• OS X update for Admin Framework (CVE-2014-3479)
• DSA-2961-1 php5 -- security update
• RHSA-2014:1606: file security and bug fix update
• Oracle Solaris 11: CVE-2014-4049: Vulnerability in PHP
• ELSA-2015-1135 Important: Oracle Linux php security and bug fix update
• Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 3
• Amazon Linux AMI: Security patch for file (ALAS-2014-304) (CVE-2014-1943)