Remi

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.42 PHP versions 5.5.x prior to 5.5.26 PHP versions 5.6.x prior to 5.6.10 **Description** The issue is related to the php pgsql meta data function in the PostgreSQL extension in PHP, which does not properly validate token extraction for table names. This could allow remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted name. **Recommendations** For PHP versions prior to 5.4.42, update to version 5.4.42 or later. For PHP versions 5.5.x prior to 5.5.26, update to version 5.5.26 or later. For PHP versions 5.6.x prior to 5.6.10, update to version 5.6.10 or later.

**Name of the Vulnerable Software and Affected Versions** file versions prior to 5.04 PHP versions prior to 5.4.29 and 5.5.x prior to 5.5.13 Red Hat Enterprise Linux file-5.04, file-debuginfo-5.04, file-libs-5.04, file-devel-5.04, file-static-5.04 **Description** The issue concerns multiple vulnerabilities in the file package of Debian GNU/Linux and Red Hat Enterprise Linux, as well as a vulnerability in the cdf unpack summary info function in the cdf.c component of PHP's Fileinfo. These vulnerabilities can lead to a denial of service due to performance degradation, which can be triggered remotely. The vulnerability in PHP's Fileinfo component allows remote attackers to cause a denial of service by triggering many file printf calls, potentially leading to resource exhaustion. **Recommendations** For file versions prior to 5.04, update to a version that includes the fix for this issue. For PHP versions prior to 5.4.29, update to version 5.4.29 or later. For PHP versions prior to 5.5.13, update to version 5.5.13 or later. For Red Hat Enterprise Linux, update the file-5.04, file-debuginfo-5.04, file-libs-5.04, file-devel-5.04, and file-static-5.04 packages to versions that include the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable functions or components until a patch is available.

**Name of the Vulnerable Software and Affected Versions** file-static-5.04 versions 5.04 file-devel-5.04 versions 5.04 file versions prior to 5.04 file-debuginfo-5.04 versions 5.04 file-libs-5.04 versions 5.04 PHP versions prior to 5.4.29 and 5.5.x prior to 5.5.13 **Description** The issue concerns multiple vulnerabilities in the file package of various operating systems, including Red Hat Enterprise Linux and Debian GNU/Linux, which can lead to disruption of protected information availability. These vulnerabilities can be exploited remotely. Additionally, a vulnerability in the cdf read property info function in the cdf.c component of PHP's Fileinfo allows remote attackers to cause a denial of service via specially crafted CDF files, potentially resulting in an infinite loop or out-of-bounds memory access. **Recommendations** For file-static-5.04 version 5.04, update to a version that contains a fix for this issue. For file-devel-5.04 version 5.04, update to a version that contains a fix for this issue. For file versions prior to 5.04, update to version 5.04 or later. For file-debuginfo-5.04 version 5.04, update to a version that contains a fix for this issue. For file-libs-5.04 version 5.04, update to a version that contains a fix for this issue. For PHP versions prior to 5.4.29, update to version 5.4.29 or later. For PHP versions 5.5.x prior to 5.5.13, update to version 5.5.13 or later. As a temporary workaround, consider restricting access to the cdf read property info function in PHP until a patch is available.

**Name of the Vulnerable Software and Affected Versions** file versions through 5.19 PHP versions prior to 5.4.32 PHP versions 5.5.x prior to 5.5.16 **Description** The issue is related to an integer overflow in the `cdf read property info` function in `cdf.c` in the file component, as used in the Fileinfo component in PHP. This allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. The vulnerability exists because of an incomplete fix for a previous issue. **Recommendations** For file versions through 5.19, update to a version that includes the complete fix for the integer overflow in the `cdf read property info` function. For PHP versions prior to 5.4.32, update to version 5.4.32 or later. For PHP versions 5.5.x prior to 5.5.16, update to version 5.5.16 or later. As a temporary workaround, consider restricting access to the `cdf read property info` function in the Fileinfo component until a patch is available.