store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sun Oct 20, 2019 8:42 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: [Nucleus] PHP 5.3.29-27 (Security Update)
Unread postPosted: Tue May 12, 2015 12:46 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 8329
Location: earth
Please note this is an important security update. It is highly recommended to upgrade to to version 5.3.29-27 PHP, and PHP Panda.

Changelog:
- Security fix for CVE-2014-8142
- Security fix for CVE-2014-9425


Additionally, the following CVE does *NOT* effect Nucleus builds of PHP:

* CVE-2014-9427 -- PHP-CGI Out of Bounds Read Code Execution Vulnerability

Vulnerability scans reporting PHP 5.3.29 as being vulnerable to the above CVE are false positive results. The following test case can be used:

1)
printf "#" > CVE-2014-9427.php

2)
php-cgi CVE-2014-9427.php

A vulnerable version would return a Segmentation Fault.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group