Zend Server 7.0.0 CVE Log

Follow

Applies to: Zend Server 7 LTS (PHP 5.4)

Product Info: http://www.zend.com/en/products/server

Downloads: http://www.zend.com/en/products/server/downloads



ZendServer 7.0.0 GA

PHP 5.4.29 (See http://php.net/ChangeLog-5.php#5.4.29)

Has fixes from PHP 5.4.30:

  • Fileinfo:
    • Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
    • Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
    • Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
    • Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
    • Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
  • Network:

 

PHP 5.5.13 (See http://php.net/ChangeLog-5.php#5.5.13)

 

Has fixes from PHP 5.5.14:

  • Fileinfo
    • Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
    • Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
    • Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
    • Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
    • Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
  • Network:

 

OpenSSL

OpenSSL 0.9.8za (See https://www.openssl.org/news/secadv_20140605.txt)



ZendServer 7.0.0 hotfix 1

Has fixes from PHP 5.4.30:

  • SPL
    • Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).

 

Has fixes from PHP 5.4.32:

  • Fileinfo
  • GD
  • Network
  • SPL

 

Has fixes from PHP 5.5.14:

  • SPL
    • Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).

 

Has fixes from PHP 5.5.15:

  • SPL

 

Has fixes from PHP 5.5.16:

  • Fileinfo
  • GD:
  • Network:

 

OpenSSL 0.9.8zb (See https://www.openssl.org/news/secadv_20140605.txt and https://www.openssl.org/news/secadv_20140806.txt):



ZendServer 7.0.0 hotfix 2

PHP 5.4.34 (See http://php.net/ChangeLog-5.php#5.4.34)

 

Has fixes from PHP 5.5.18:

  • Core:
  • EXIF:
  • XMLRPC:

 



ZendServer 7.0.0 hotfix 3

 

PHP 5.4.36 (See http://php.net/ChangeLog-5.php#5.4.36)



ZendServer 7.0.0 hotfix 4

PHP 5.4.37 (See http://php.net/ChangeLog-5.php#5.4.37)

  • Core:
  • CGI:
  • EXIF:



ZendServer 7.0.0 hotfix 5

PHP 5.4.39 (See http://php.net/ChangeLog-5.php#5.4.39)




ZendServer 7 accumulative: GA to hotfix 5

PHP 5.4.39 (See http://php.net/ChangeLog-5.php#5.4.39)

  • Core:
  • CGI:
  • SPL:
  • GD:
  • EXIF:
  • XMLRPC:

 

 

OpenSSL 0.9.8zb (See https://www.openssl.org/news/secadv_20140605.txt and https://www.openssl.org/news/secadv_20140806.txt):



Have more questions? Submit a request

Comments

  • Avatar
    Gilberto Melendez

    This will be useful if we can have a direct link to download the version of Zend Server with described changes. Thanks

Powered by Zendesk