Updated php packages fix multiple security vulnerabilities
Publication date: 19 Dec 2013Type: security
Affected Mageia releases : 3
CVE: CVE-2013-6420 , CVE-2013-6712
Description
Updated php packages fix security vulnerabilities:
Stefan Esser discovered that PHP incorrectly parsed certificates. An
attacker could use a malformed certificate to cause PHP to crash, resulting
in a denial of service, or possibly execute arbitrary code (CVE-2013-6420).
It was discovered that PHP incorrectly handled DateInterval objects. An
attacker could use this issue to cause PHP to crash, resulting in a denial
of service (CVE-2013-6712).
References
SRPMS
3/core
- php-5.4.23-1.mga3
- php-gd-bundled-5.4.23-1.mga3
- php-apc-3.1.14-7.5.mga3