Arch Linux Security Advisory ASA-201411-13 ========================================== Severity: Medium Date : 2014-11-13 CVE-ID : CVE-2014-3710 Package : php Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The package php before version 5.6.3-1 is vulnerable to denial of service through out-of-bounds read. Resolution ========== Upgrade to 5.6.3-1. # pacman -Syu "php>=5.6.3-1" The problem has been fixed upstream [0] in version 5.6.3. Workaround ========== None. Description =========== An out-of-bounds read flaw was found in the way the file information (fileinfo) extension parsed executable and linkable format (ELF) files. Impact ====== A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. References ========== [0] http://git.php.net/?p=php-src.git;a=patch;h=180322 https://access.redhat.com/security/cve/CVE-2014-3710 https://bugzilla.redhat.com/show_bug.cgi?id=1155071 https://bugs.archlinux.org/task/42764 https://bugs.php.net/bug.php?id=68283