RealTime IT News

PHP 5.5.13 Updated for Two Security Vulnerabilities

From the 'time to patch' files:

The open-source PHP programming language project has phpreleased the PHP 5.5.13 and 5.4.29 updates, each providing numerous bug fixes and both providing fixes for a pair of security vulnerabilities.

The two security vulnerabilities are identified as:

  • Bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
  • Bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)

Neither of these bugs look to be highly critical to me, but both could lead to Denial of Service conditions which always need to be mitigated. Server admins and php developer should get updated packages from their respective Linux distros or from php.net

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist