cPanel, Inc. » News |
Posted: 20 Aug 2013 06:47 AM PDT SUMMARY The PHP development team announces the immediate availability of PHP 5.4.18. About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4248. All users of PHP are encouraged to upgrade to this release. cPanel has released EasyApache 3.22.5 with this updated version of PHP 5.4.18 to address this issue. AFFECTED VERSIONS All versions of PHP5 before 5.4.18 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity rating of these CVEs: PHP 5.4.18 CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27 (also 5.4.x) does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibility have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. CVE-2013-4248: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a “character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attacks to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SOLUTION cPanel, Inc. has released EasyApache 3.22.5 with updated version PHP5.4 to correct these issues. To update, please rebuild your EasyApache profile. For more information on rebuilding profiles, please consult our documentation (http://go.cpanel.net/ea). REFERENCES http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4248 For the PGP signed message, please go here. |
You are subscribed to email updates from cPanel, Inc. » News To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google Inc., 20 West Kinzie, Chicago IL USA 60610 |
No comments:
Post a Comment