{"id":"MGASA-2013-0264","summary":"Updated php packages fix CVE-2013-4248 and prevent the two gd packages being installed at once","details":"Updated php packages fix security vulnerability:\n\nThe openssl_x509_parse function in openssl.c in the OpenSSL module in PHP\nbefore 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\\0' character\nin a domain name in the Subject Alternative Name field of an X.509 certificate,\nwhich allows man-in-the-middle attackers to spoof arbitrary SSL servers via a\ncrafted certificate issued by a legitimate Certification Authority\n(CVE-2013-4248).\n\nAdditionally it prevents php-gd and php-gd-bundled packages being installed\nat the same time, which causes errors.\n","modified":"2026-04-16T06:23:03.497352300Z","published":"2013-08-30T17:30:10Z","upstream":["CVE-2013-4248"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0264.html"},{"type":"WEB","url":"http://www.php.net/ChangeLog-5.php"},{"type":"WEB","url":"http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755"},{"type":"WEB","url":"http://git.php.net/?p=php-src.git;a=commit;h=c1c49d6e3983c9ce0b43ffe7bf6e03b809ed048b"},{"type":"ADVISORY","url":"http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:221/"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10997"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.27-1.2.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0264.json"}},{"package":{"name":"php","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.19-1.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0264.json"}},{"package":{"name":"php-apc","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-apc?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.14-7.3.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0264.json"}},{"package":{"name":"php-gd-bundled","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-gd-bundled?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.19-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0264.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}