CentOS Update For Php CESA-2013:1049 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

Affected

php on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2013-July/019852.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4113

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0437-02 (seamonkey)
CentOS Security Advisory CESA-2009:0361 (NetworkManager)
CentOS Update for apr CESA-2011:0844 centos5 i386
CentOS Security Advisory CESA-2009:1337 (gfs2-utils)
CentOS Security Advisory CESA-2009:1122 (icu)

CentOS Update for php CESA-2013:1049 centos6

Take action and discover your vulnerabilities