Monthly Archives: December 2014

NVD

CVE-2014-8142

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.

Fedora

Fedora 20 Security Update: ntp-4.2.6p5-19.fc20

Resolved Bugs
1176191 – CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
1176032 – CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
1176035 – CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys
1176037 – CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets
1176040 – CVE-2014-9296 ntp: receive() missing return on error<br
Security fix for CVE-2014-9294, CVE-2014-9295, CVE-2014-9293, CVE-2014-9296

Fedora

Fedora 21 Security Update: ntp-4.2.6p5-25.fc21

Resolved Bugs
1176191 – CVE-2014-9296 CVE-2014-9294 CVE-2014-9295 CVE-2014-9293 ntp: various flaws [fedora-all]
1176032 – CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
1176035 – CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys
1176037 – CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets
1176040 – CVE-2014-9296 ntp: receive() missing return on error<br
Security fix for CVE-2014-9294, CVE-2014-9295, CVE-2014-9293, CVE-2014-9296