|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2013:1315-1)|
|Summary:||The remote host is missing an update for the 'PHP5' package(s) announced via the SUSE-SU-2013:1315-1 advisory.|
The remote host is missing an update for the 'PHP5' package(s) announced via the SUSE-SU-2013:1315-1 advisory.
The following security issues have been fixed in PHP5:
CVE-2013-4635: Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP allowed context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.
CVE-2013-1635: ext/soap/soap.c in PHP did not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allowed remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.
CVE-2013-1643: The SOAP parser in PHP allowed remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
CVE-2011-1398 / CVE-2012-4388: The sapi_header_op function in main/SAPI.c in PHP did not check for %0D sequences (aka carriage return characters), which allowed remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.
A hardening measure has been implemented without CVE:
* use FilesMatch with 'SetHandler' rather than
* fixed php bug #43200 (Interface implementation /
inheritence not possible in abstract classes) [bnc#783239]
Security Issue reference:
'PHP5' package(s) on SUSE Linux Enterprise Server 11 SP1
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2011-1398|
RedHat Security Advisories: RHSA-2013:1307
SuSE Security Announcement: SUSE-SU-2013:1315 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-4388
Common Vulnerability Exposure (CVE) ID: CVE-2013-1635
Debian Security Information: DSA-2639 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1285 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-1643
RedHat Security Advisories: RHSA-2013:1615
Common Vulnerability Exposure (CVE) ID: CVE-2013-4113
Debian Security Information: DSA-2723 (Google Search)
RedHat Security Advisories: RHSA-2013:1049
RedHat Security Advisories: RHSA-2013:1050
RedHat Security Advisories: RHSA-2013:1061
RedHat Security Advisories: RHSA-2013:1062
RedHat Security Advisories: RHSA-2013:1063
SuSE Security Announcement: SUSE-SU-2013:1316 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4635
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.