Red Hat Customer Portal

Skip to main content

Security Advisory Important: php54-php security update

Advisory: RHSA-2014:1765-1
Type: Security Advisory
Severity: Important
Issued on: 2014-10-30
Last updated on: 2014-10-30
Affected Products: Red Hat Software Collections 1 for RHEL 6
Red Hat Software Collections 1 for RHEL 7
CVEs (cve.mitre.org): CVE-2013-6712
CVE-2013-7345
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-1943
CVE-2014-2270
CVE-2014-2497
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3515
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
CVE-2014-3710
CVE-2014-4049
CVE-2014-4670
CVE-2014-4698
CVE-2014-4721
CVE-2014-5120

Details

Updated php54-php packages that fix multiple security issues are now
available for Red Hat Software Collections 1.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A buffer overflow flaw was found in the Exif extension. A specially crafted
JPEG or TIFF file could cause a PHP application using the exif_thumbnail()
function to crash or, possibly, execute arbitrary code. (CVE-2014-3670)

Multiple buffer overflow flaws were found in the way PHP parsed DNS
responses. A malicious DNS server or a man-in-the-middle attacker could
use these flaws to crash or, possibly, execute arbitrary code with the
privileges of a PHP application that uses the dns_get_record() function.
(CVE-2014-4049, CVE-2014-3597)

Multiple denial of service flaws were found in the File Information
(fileinfo) extension. A remote attacker could use these flaws to cause a
PHP application using fileinfo to consume an excessive amount of CPU and
possibly crash. (CVE-2013-7345, CVE-2014-0237, CVE-2014-0238,
CVE-2014-1943, CVE-2014-3538)

Multiple boundary check flaws were found in the File Information
(fileinfo) extension. A remote attacker could use these flaws to cause a
PHP application using fileinfo to crash. (CVE-2014-0207, CVE-2014-2270,
CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587,
CVE-2014-3710)

A type confusion issue was found in PHP's phpinfo() function. A malicious
script author could possibly use this flaw to disclose certain portions of
server memory. (CVE-2014-4721)

A type confusion issue was found in the SPL ArrayObject and
SPLObjectStorage classes' unserialize() method. A remote attacker able to
submit specially crafted input to a PHP application, which would then
unserialize this input using one of the aforementioned methods, could use
this flaw to execute arbitrary code with the privileges of the user running
that PHP application. (CVE-2014-3515)

Two use-after-free flaws were found in the way PHP handled certain Standard
PHP Library (SPL) Iterators and ArrayIterators. A malicious script author
could possibly use either of these flaws to disclose certain portions of
server memory. (CVE-2014-4670, CVE-2014-4698)

An integer overflow flaw was found in the way custom objects were
unserialized. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash. (CVE-2014-3669)

It was found that PHP's gd extension did not properly handle file names
with a null character. A remote attacker could possibly use this flaw to
make a PHP application access unexpected files and bypass intended file
system access restrictions. (CVE-2014-5120)

A NULL pointer dereference flaw was found in the gdImageCreateFromXpm()
function of PHP's gd extension. A remote attacker could use this flaw to
crash a PHP application using gd via a specially crafted X PixMap (XPM)
file. (CVE-2014-2497)

A buffer over-read flaw was found in the way the DateInterval class parsed
interval specifications. An attacker able to make a PHP application parse a
specially crafted specification using DateInterval could possibly cause the
PHP interpreter to crash. (CVE-2013-6712)

An out of bounds read flaw was found in the way the xmlrpc extension parsed
dates in the ISO 8601 format. A specially crafted XML-RPC request or
response could possibly cause a PHP application to crash. (CVE-2014-3668)

The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478,
CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were
discovered by Francisco Alonso of Red Hat Product Security; the
CVE-2014-3538 issue was discovered by Jan Kaluža of the Red Hat Web Stack
Team; the CVE-2014-3597 issue was discovered by David Kutálek of Red Hat
BaseOS QE.

All php54-php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd service must be restarted for the update to
take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Updated packages

Red Hat Software Collections 1 for RHEL 6

SRPMS:
php54-php-5.4.16-22.el6.src.rpm
File outdated by:  RHSA-2015:1219
    MD5: 0b919fc0895222297fc661b6f3634eff
SHA-256: 7a14a667c862996eac3cdac153251f20d8740584f762c73b77c88fbe1449e9fa
 
x86_64:
php54-php-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: cc0c2a58a27058279991d295b1951e9c
SHA-256: 2041a5a2cf9cf5f23890dfb6eb56b1235ca3a8bf43ab75ed1480f12c32ceca8f
php54-php-bcmath-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: e1f5299df87e906bc4df1bd89f82a544
SHA-256: 80048e4084eedd49485555f7598b87fae722843fa37b93106f7f8c9c03b328ca
php54-php-cli-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: c7078bd0a9c15d64edec9a708526d8e2
SHA-256: bb8c06a6286698426093c6c53b10831fd90ea2e21a8d1e3ad3c77caf0e98d174
php54-php-common-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 2c7578cabc70a8ac31b2ecc849e3b53f
SHA-256: c2acb2e6f66790d75b51e8a772eddaf018b893fead4d01d568c610b4923e9e75
php54-php-dba-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 4987636c74f6fab70fc7d23026a08bb6
SHA-256: b7af2777c49f26066f64df63d8ebe37f6c88924a26764ae1b060b735781d6169
php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 332778ee333ad75866a7dfbbda5b5009
SHA-256: 2edd6f545a075d6433940cf77d0c1b2daca05be5a6ef7b119ea4e051ad74006d
php54-php-devel-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: e5c7ee637c907ed66dbcab347545039d
SHA-256: d972989be5404f880ba301a294f6e9a3315f4e3de4e4124f3063000b83d4d27d
php54-php-enchant-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 6c238d453eaf57d701f6af1800186f63
SHA-256: 9e0498e39139c4eedfaa14a5fbade2248bb730e739045a22d90fd1764527f69c
php54-php-fpm-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 06b45c36feb016c2f3a9edc59c2b0db3
SHA-256: 33146f08e21c6e3e4355fc2c5c3388c9b3b8bdc843c7c73a48ec7309a73661eb
php54-php-gd-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 9e574c78ad84b61882f78c64d0330e2f
SHA-256: ac74b4e9f623348d0e0c690b95d865fe623a166cfb512a6bda070477885e684b
php54-php-imap-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 2873e7218c523006b13435fe4705c92d
SHA-256: c144195394d15b3e83c4b0d4e2bf56afe2c8bfda4e7e475917adbcf8e779138e
php54-php-intl-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: b281aee74a65ddbbc2768e19c91c3370
SHA-256: b7923d17e33e0d4617bc4372b120c8f26ddc78a96ae42ce95902b985c97d16d4
php54-php-ldap-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 62277927933208c6d86d530dbbb4441f
SHA-256: b6f8413f595c9e3993405a9c2ef63f875adf98a6330b282668b645f348325a7b
php54-php-mbstring-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 69d2a74a0f76878c7e9e7b42edefc3ab
SHA-256: 42a4adb79d6e5ebf2a2c98d6ce32744ddd0e4f78140b7c7c3d27ad3cb68f288c
php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 2d52b97ecc5ee09b9fe7c68b84eada28
SHA-256: 07a21d73e32bd2e29e0af486fd2a551b59ba1f43b4392bc9c1585a4373a7eec2
php54-php-odbc-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 482d0432de4a12f4e6903dbf960cdbf7
SHA-256: 3c345c5b3a16f92bfe139e55aff56bea21cc6dfa46f122027764bc7686b92244
php54-php-pdo-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: e828b6fa57db8a366d41ff654c126d03
SHA-256: 7ece685501351414f1c5f7429181ca8538bcb051ad21f69740cc47ee5b564533
php54-php-pgsql-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 3e684382d07c9df315ef1873734ccf71
SHA-256: 7827ff9f91c69f6a3a90bbd82638eefcb8bb28be795d001168f10a249c125ba8
php54-php-process-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 09c0af563ecc76797b19f56b1447a14e
SHA-256: 17f9881fd88960a8a47d8160658934d3891c2d6a379ba92e6b32d1db4dff69f2
php54-php-pspell-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: ba87a921267f900824463e220bf8ac8f
SHA-256: 9f98082df0f5f46122a49a5c8b7dad663d16cbd35cf00451f52bb0bd3748e6a8
php54-php-recode-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 29e2ca1169f864952f3c79a280428158
SHA-256: 9107011ffab56dab1a565670d358f2528395c9ef8f8b69f25041d2b255b5cedf
php54-php-snmp-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 975813581576803cb14cb47900da0d20
SHA-256: 8a62f5d16fa2af2c89811a4351af11e0270cc17245a484a1b9cf6d47e4cef3aa
php54-php-soap-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 70c947a7f5012ffe82a85792b1555f97
SHA-256: 418457c4e9f7924a2a1d0f179b8b5a5f318b47a626e46addb8d163eab6afe226
php54-php-tidy-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 84209766d99c3b3e41d87b782017ce53
SHA-256: c6e14021a1f085b5eff031dbd98c2e8a447b30989396d62e1f40f17e800edae1
php54-php-xml-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 3e8951435a376e4b6876f4c7c4b13318
SHA-256: 708a3e061365f93f24c513fcbff58e1d87a9845861f5b2e903224b01d1d5ef59
php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: fcdfe4ee6df2484486d4082242d18906
SHA-256: 73cae53bdfe807373f2ce820f505499b8736572d8b4b9b4dc3c603ec4c66ef71
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
php54-php-5.4.16-22.el7.src.rpm
File outdated by:  RHSA-2015:1219
    MD5: c7c8e9d31b61c7468ad49d4b508d8f15
SHA-256: d2ea7ff22cfb5f79253aa54248e7be14e96f20b834fecfbff09f4a61eb368c30
 
x86_64:
php54-php-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: e88f76d4788a94ab9bafa6b18dca1c2b
SHA-256: bb837c670b91712f980b2751ef49cf373c91b8da98801e1b440be311b6cfa904
php54-php-bcmath-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 772fd3d820f4c5cc33edce2cbe8903fa
SHA-256: 81360a3b3965354c5d72d20f5094d065741e0b9b9d6567c9c3e94d571eacbdd2
php54-php-cli-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: f280ade7a42c1033ba6437e45b87b8c9
SHA-256: 1abec2fc31413f3fdc98d907fe19d21471853f514c42ffcda9d1b7dd2cb75bd2
php54-php-common-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: f9b4aae86519e4e4f19ed93c13b43fcc
SHA-256: ebb3946a5ef9c6dfe9c06a97514b62620ce7221fd258b94d4247888d661bf111
php54-php-dba-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 14c00833c697d1a708e7652e5cefce22
SHA-256: 38210a0acd488e19d06bcfad0e001db02478b34579309fb5cfe8aeaad4a5c6b1
php54-php-debuginfo-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 02ab1ef486f0c9f466165558976a172d
SHA-256: e219e26f5cd5a4ac2f96ab1eaac664c108cc7f16f04ecb05ce1c4d96f78c05bc
php54-php-devel-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 29659451350ee0472128c1865fd72f09
SHA-256: 9b3518b810e0af2e938756662373831dca19a592d7ff2e5434ccc78f2aa8c648
php54-php-enchant-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 7eec5520409fdff7b6bbf941477070a6
SHA-256: 73f028b39872abedae28a94739c4e538713e3649e8f943940971b2e4778533f7
php54-php-fpm-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: f53f425557d7b3533e727f936f6c92d5
SHA-256: 1918d9193aa89acf34b6e8b677c6ff633b42a8238a327617a5d107a27f5d1181
php54-php-gd-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 679af99d9a69a1dd7dd4b0bc1c3ef395
SHA-256: 5fa0372edc6cc6d1ebb69e3af026054d8cfb0c0268bf5c0ba5ae1fd6a26d5a7d
php54-php-intl-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: a3cbe6693e708da427f557c83d56438d
SHA-256: 12d9755fa6abd71ab72edbaf0b0d4a71fff1d64923263aa509e5e4779975a64f
php54-php-ldap-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 464d00c67f0b5c021bf40fb4be04b4f4
SHA-256: 82ad501a4d829105d289fe0639e4518c54f4b597132062da272a00f6475037fd
php54-php-mbstring-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: f243c087089497004c768836d58ee2bc
SHA-256: 66e19731fabd028aaf8a50e35ba8c74e958a8e2c10beee13a8aad4aea27c3b70
php54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: ddc2253ed77516a475551f9b2d349363
SHA-256: b67bf591a38cb948a981a2d37d923e4b1d69b4aec5f457f440d430b891701451
php54-php-odbc-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: ae4d33fdc4cc7bc82575cf67bc9fafe5
SHA-256: 09432f63c9766344b0381d4cc8d5b3a6dd15571b56378ca58e3f58723b8aa83c
php54-php-pdo-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 5cbcc5f981d20207af8b181b1db39d69
SHA-256: 33cf0518531a96842e35e04fdf66675b31aae91b6cdffa5893cd64664f986d03
php54-php-pgsql-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: be7fc1fb92859705a0cd3b84ef0c193c
SHA-256: 19f8606b18fbfdb73e0d2fa6e8e6d7cefac72cf02df47a8ab2b3a02eecaf8b1e
php54-php-process-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 971328106c001a5b1195da05510bc43a
SHA-256: 4a48d7a8129f47c97837458d21c25f97f87cb247a610a89d19c72b927da27c4b
php54-php-pspell-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: a2d7386ef1d95798bdcba41afa122953
SHA-256: 81ad7540c3cd6f0752080d4792691e80d37c50b97156aec9756282fbba92324a
php54-php-recode-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 37035457b2d9de902d60ff17ed216188
SHA-256: cbc83d192b56dd8585e469a17e37e84aaa616da00cc18d8b780ceb6a6443bff3
php54-php-snmp-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: ef24111719e8fa98c4e0163944e1a719
SHA-256: e6770c8f3b56e02f81aeaebb3f30c1ab842af56eff5a85ef4187379e7526f9b9
php54-php-soap-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: bfda8acac469d66490c3d436b5fe8836
SHA-256: f2376fb707af5055d317affd49e1afcab4bf088bfd2ff31a9979f0b499c1f13f
php54-php-xml-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: f231c7e0032b8a4819653a5a76c158ed
SHA-256: 0f8ec8b540b56ce0ecf698f8ccae4556901b990cd540e16db5a8415c664c4416
php54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm
File outdated by:  RHSA-2015:1219
    MD5: 134789ce34190302f4e4d1e8a71a2c4b
SHA-256: da942cca7ed4a56e3dc713f642c427c07f18d5be04142d0899ea0b71390da0e5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1035670 - CVE-2013-6712 php: heap-based buffer over-read in DateInterval
1065836 - CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules
1072220 - CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file
1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm()
1079846 - CVE-2013-7345 file: extensive backtracking in awk rule regular expression
1091842 - CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check
1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop
1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS
1098222 - CVE-2014-3538 file: unrestricted regular expression matching
1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check
1104863 - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size
1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check
1107544 - CVE-2014-3487 file: cdf_read_property_info insufficient boundary check
1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing
1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw
1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak
1120259 - CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting
1120266 - CVE-2014-4670 php: SPL Iterators use-after-free
1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
1132589 - CVE-2014-3597 php: multiple buffer over-reads in php_parserr
1132793 - CVE-2014-5120 php: gd extension NUL byte injection in file names
1154500 - CVE-2014-3669 php: integer overflow in unserialize()
1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail()
1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers


References

https://www.redhat.com/security/data/cve/CVE-2013-6712.html
https://www.redhat.com/security/data/cve/CVE-2013-7345.html
https://www.redhat.com/security/data/cve/CVE-2014-0207.html
https://www.redhat.com/security/data/cve/CVE-2014-0237.html
https://www.redhat.com/security/data/cve/CVE-2014-0238.html
https://www.redhat.com/security/data/cve/CVE-2014-1943.html
https://www.redhat.com/security/data/cve/CVE-2014-2270.html
https://www.redhat.com/security/data/cve/CVE-2014-2497.html
https://www.redhat.com/security/data/cve/CVE-2014-3478.html
https://www.redhat.com/security/data/cve/CVE-2014-3479.html
https://www.redhat.com/security/data/cve/CVE-2014-3480.html
https://www.redhat.com/security/data/cve/CVE-2014-3487.html
https://www.redhat.com/security/data/cve/CVE-2014-3515.html
https://www.redhat.com/security/data/cve/CVE-2014-3538.html
https://www.redhat.com/security/data/cve/CVE-2014-3587.html
https://www.redhat.com/security/data/cve/CVE-2014-3597.html
https://www.redhat.com/security/data/cve/CVE-2014-3668.html
https://www.redhat.com/security/data/cve/CVE-2014-3669.html
https://www.redhat.com/security/data/cve/CVE-2014-3670.html
https://www.redhat.com/security/data/cve/CVE-2014-3710.html
https://www.redhat.com/security/data/cve/CVE-2014-4049.html
https://www.redhat.com/security/data/cve/CVE-2014-4670.html
https://www.redhat.com/security/data/cve/CVE-2014-4698.html
https://www.redhat.com/security/data/cve/CVE-2014-4721.html
https://www.redhat.com/security/data/cve/CVE-2014-5120.html
https://access.redhat.com/security/updates/classification/#important


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/