| Filename | PHP has fixed several vulnerabilities allowing remote code execution |
| Permission | rw-r--r-- |
| Author | Asylum |
| Date and Time | 9:49 PM |
| Label | E Hacking News - Hacker News and Latest IT Security News| free| google| hacking| IFTTT| new| news| PHP has fixed several vulnerabilities allowing remote code execution |
| Action |
The PHP development team has released new versions in order to fix three security vulnerabilities -one of them is said to be a critical one and leads to remote code execution.
The vulnerability identified as "CVE-2014-3669" can cause an integer overflow when parsing specially crafted serialized data with the unserialize ().The vulnerability is only a 32-bit system, but the danger is caused by the breach and that the serialized data often come from user-controlled channels.
In addition, the updates have been corrected errors associated with the introduction of a null byte in the library cURL, calling the damage dynamic memory during processing of the modified data as a function of exif_thumbnail () in image processing (CVE-2014-3670), as well as buffer overflow in the function mkgmtime () from the module XMLRPC (CVE-2014-3668).
These vulnerabilities were discovered by the Research lab of IT security company High-Tech Bridge.
The new versions 5.6.2,5.5.18 and 5.4.34 address these three vulnerabilities.
via E Hacking News - Hacker News and Latest IT Security News PHP has fixed several vulnerabilities allowing remote code execution http://ift.tt/1Fk6n5K
0 comments:
Post a Comment