Bug 3577 - [UPDATE REQUEST] [UPSTREAM UPDATE] php
: [UPDATE REQUEST] [UPSTREAM UPDATE] php
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-13 15:18 MSK by Andrew Lukoshko
Modified: 2014-01-14 16:10 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
alexander.petryakov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2014-01-13 15:18:51 MSK
A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420)

https://abf.rosalinux.ru/build_lists/1513316
https://abf.rosalinux.ru/build_lists/1513317
Comment 1 Andrew Lukoshko 2014-01-13 15:19:13 MSK
https://rhn.redhat.com/errata/RHSA-2013-1813.html
Comment 2 Alexander Petryakov 2014-01-14 03:20:12 MSK
php-5.3.3-27.res6
*********************** RHEL Advisory *************************
A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420)

https://rhn.redhat.com/errata/RHSA-2013-1813.html
***************************************************************
QA Verified