USN-1905-1: PHP vulnerabilities
16 July 2013
Several security issues were fixed in PHP.
- php5 - HTML-embedded scripting language interpreter
It was discovered that PHP incorrectly handled the xml_parse_into_struct
function. If a PHP application parsed untrusted XML, an attacker could use
this flaw with a specially-crafted XML document to cause PHP to crash,
resulting in a denial of service, or to possibly execute arbitrary code.
It was discovered that PHP incorrectly handled the jdtojewish function. An
attacker could use this flaw to cause PHP to crash, resulting in a denial
of service. (CVE-2013-4635)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.