DSA-3074-1 php5 -- php5ID: oval:org.secpod.oval:def:601840 | Date: (C)2014-11-25 (M)2023-12-07 |
Class: PATCH | Family: unix |
Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service by supplying a specially crafted ELF file. As announced in DSA-3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerability is addressed by upgrading PHP to a new upstream version 5.4.35, which includes additional bug fixes, new features and possibly incompatible changes