blob: 9a63b733220b18cb0e0bdbcee4a8065cdd0f2f35 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3538">CVE-2014-3538</a>
<p>It was discovered that the original fix for <a href="https://security-tracker.debian.org/tracker/CVE-2013-7345">CVE-2013-7345</a> did not
sufficiently address the problem. A remote attacker could still
cause a denial of service (CPU consumption) via a specially-crafted
input file that triggers backtracking during processing of an awk
regular expression rule.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3587">CVE-2014-3587</a>
<p>It was discovered that the CDF parser of the fileinfo module does
not properly process malformed files in the Composite Document File
(CDF) format, leading to crashes.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-3597">CVE-2014-3597</a>
<p>It was discovered that the original fix for <a href="https://security-tracker.debian.org/tracker/CVE-2014-4049">CVE-2014-4049</a> did not
completely address the issue. A malicious server or
man-in-the-middle attacker could cause a denial of service (crash)
and possibly execute arbitrary code via a crafted DNS TXT record.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-4670">CVE-2014-4670</a>
<p>It was discovered that PHP incorrectly handled certain SPL
Iterators. A local attacker could use this flaw to cause PHP to
crash, resulting in a denial of service.</p></li>
</ul>
<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in php5 version 5.3.3-7+squeeze22</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2014/dla-67.data"
# $Id$
|
