PHP 5.5.14 released
27 Jun 2014 - "The PHP Development Team announces the immediate availability of PHP 5.5.14. This release fixes several bugs against PHP 5.5.13. Also, this release fixes a total of -8- CVEs, half of them concerning the FileInfo extension. All PHP users are encouraged to upgrade to this new version..."
PHP 5.4.30 Released
26 Jun 2014 - "The PHP development team announces the immediate availability of PHP 5.4.30. Over -20- bugs were fixed in this release, including the following security issues: CVE-2014-3981, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-4049, CVE-2014-3515. All PHP 5.4 users are encouraged to upgrade to this version..."
Release Date: 2014-06-27
Criticality: Moderately Critical
Where: From remote
Impact: Unknown, DoS, System access
Software: PHP 5.4.x, PHP 5.5.x
CVE Reference(s): CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487,
... vulnerabilities are reported in versions prior to 5.4.30 and 5.5.14.
Solution: Update to version 5.4.30 or 5.5.14.
CVE Reference: CVE-2014-3981
Jul 4 2014
Impact: Execution of arbitrary code via local system, Modification of system information, Root access via local system, User access via local system
Version(s): prior to versions 5.4.30, 5.5.14 ...
Solution: The vendor has issued a fix (5.4.30, 5.5.14)...
3 Jul 2014
New versions of PHP, 5.5.14 and 5.4.30, have been released, addressing numerous security issues and flaws, including two OpenSSL vulnerabilities.
Analysis: Additionally, this update addresses flaws that could be exploited to overwrite of arbitrary files by local users, cause denial of service, and execute arbitrary code... PHP is a widespread target often exploited by attackers; users should upgrade in a timely manner.
Edited by AplusWebMaster, 07 July 2014 - 03:33 AM.