Scope:
ScopServ, ScopTEL installations could be vulnerable to CVE-2014-1691.
Description:
Unsanitized variables are passed to the unserialize() PHP function. A
remote attacker could specially-craft one of those variables allowing to
load and execute code.
Required Action:
In order to protect a ScopTEL installation from this vulnerability you
must update to scopserv-5.0.0-2 scopserv-core-5.1.0.8.20150126-1
scopserv-framework-5.0.0.7.20150126-1 and meet all other dependencies
including php-pecl-json-1.2.1-5
Immediate Recommendations:
It is highly recommended to perform a full update on each ScopServ,
ScopTEL installation in order to simplify the upgrade procedure and also
ensure all dependencies are met.
It is also highly recommended to reboot your server after the updates in
order to ensure all services and scripts and have been updated.
From the Linux shell execute (without quotations) ‘scopserv_yum update’
And after the updates are completed execute (without quotations) ‘reboot’