PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A stack-based buffer overflow flaw was found in the way the xmlrpc
extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC
request or response could possibly cause a PHP application to crash or
execute arbitrary code with the privileges of the user running that PHP
application. (CVE-2014-8626)
All php users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | ia64 | php-pgsql | < 4.3.9-3.38.el4 | php-pgsql-4.3.9-3.38.el4.ia64.rpm |
RedHat | 4 | x86_64 | php-domxml | < 4.3.9-3.38.el4 | php-domxml-4.3.9-3.38.el4.x86_64.rpm |
RedHat | 4 | i386 | php-mysql | < 4.3.9-3.38.el4 | php-mysql-4.3.9-3.38.el4.i386.rpm |
RedHat | 4 | i386 | php | < 4.3.9-3.38.el4 | php-4.3.9-3.38.el4.i386.rpm |
RedHat | 4 | x86_64 | php-ldap | < 4.3.9-3.38.el4 | php-ldap-4.3.9-3.38.el4.x86_64.rpm |
RedHat | 4 | x86_64 | php-gd | < 4.3.9-3.38.el4 | php-gd-4.3.9-3.38.el4.x86_64.rpm |
RedHat | 4 | x86_64 | php-pgsql | < 4.3.9-3.38.el4 | php-pgsql-4.3.9-3.38.el4.x86_64.rpm |
RedHat | 4 | i386 | php-ldap | < 4.3.9-3.38.el4 | php-ldap-4.3.9-3.38.el4.i386.rpm |
RedHat | 4 | x86_64 | php-snmp | < 4.3.9-3.38.el4 | php-snmp-4.3.9-3.38.el4.x86_64.rpm |
RedHat | 4 | x86_64 | php-pear | < 4.3.9-3.38.el4 | php-pear-4.3.9-3.38.el4.x86_64.rpm |