#PHP 5.5.13 Updated for Two Security #Vulnerabilities


The open-source PHP programming language project has released the PHP 5.5.13 and 5.4.29 updates, each providing numerous bug fixes and both providing fixes for a pair of security vulnerabilities.
The two security vulnerabilities are identified as:
  • Bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
  • Bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)
Neither of these bugs look to be highly critical to me, but both could lead to Denial of Service conditions which always need to be mitigated. Server admins and php developer should get updated packages from their respective Linux distros or from php.net