lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 06 Aug 2014 12:41:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:149 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:149
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : August 6, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in php:
 
 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL
 component in PHP through 5.5.14 allows context-dependent attackers to
 cause a denial of service or possibly have unspecified other impact via
 crafted ArrayIterator usage within applications in certain web-hosting
 environments (CVE-2014-4698).
 
 Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL
 component in PHP through 5.5.14 allows context-dependent attackers to
 cause a denial of service or possibly have unspecified other impact
 via crafted iterator usage within applications in certain web-hosting
 environments (CVE-2014-4670).
 
 file before 5.19 does not properly restrict the amount of data read
 during a regex search, which allows remote attackers to cause a
 denial of service (CPU consumption) via a crafted file that triggers
 backtracking during processing of an awk rule. NOTE: this vulnerability
 exists because of an incomplete fix for CVE-2013-7345 (CVE-2014-3538).
 
 The updated php packages have been upgraded to the 5.5.15 version
 and patched to resolve these security flaws.
 
 Additionally, the jsonc extension has been upgraded to the 1.3.6
 version and the PECL packages which requires so has been rebuilt
 for php-5.5.15.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
 http://php.net/ChangeLog-5.php#5.5.15
 http://pecl.php.net/package-changelog.php?package=jsonc&release=1.3.6
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 a8f1a14a82942bc714d6a099be8e5185  mbs1/x86_64/apache-mod_php-5.5.15-1.2.mbs1.x86_64.rpm
 b985fbddf2bc3242ca7a2b9fa59d435a  mbs1/x86_64/lib64php5_common5-5.5.15-1.2.mbs1.x86_64.rpm
 4096874876026f741813d42aabc7fc77  mbs1/x86_64/php-apc-3.1.15-1.9.mbs1.x86_64.rpm
 8fa4bca573ff32baa586e21900c990bd  mbs1/x86_64/php-apc-admin-3.1.15-1.9.mbs1.x86_64.rpm
 1e1e9b04d4e864b89c6ee72401d19f07  mbs1/x86_64/php-bcmath-5.5.15-1.2.mbs1.x86_64.rpm
 33bf033aaa30e10913a577c7bf056edb  mbs1/x86_64/php-bz2-5.5.15-1.2.mbs1.x86_64.rpm
 30d344da1d8d979376b9ffed01ac756d  mbs1/x86_64/php-calendar-5.5.15-1.2.mbs1.x86_64.rpm
 119e13214a525f356965aab9a5e87819  mbs1/x86_64/php-cgi-5.5.15-1.2.mbs1.x86_64.rpm
 d77ce1bb2c2a73774c5ea8a8a94322bd  mbs1/x86_64/php-cli-5.5.15-1.2.mbs1.x86_64.rpm
 b6fa475c440644e4844644fd2d0f4bd4  mbs1/x86_64/php-ctype-5.5.15-1.2.mbs1.x86_64.rpm
 0941ee03a5e9a7378b4b01432ca99007  mbs1/x86_64/php-curl-5.5.15-1.2.mbs1.x86_64.rpm
 c0e67e0418764df9c0124aecc6d27c71  mbs1/x86_64/php-dba-5.5.15-1.2.mbs1.x86_64.rpm
 b4df22a9a0ec0e276e09dd30b63934ee  mbs1/x86_64/php-devel-5.5.15-1.2.mbs1.x86_64.rpm
 574920252543de382a55387b2446f9f4  mbs1/x86_64/php-doc-5.5.15-1.2.mbs1.noarch.rpm
 e6ea55d91a757b2a9bd7115ee3caafb0  mbs1/x86_64/php-dom-5.5.15-1.2.mbs1.x86_64.rpm
 7059a143838f8b38ec0847de3530cc7d  mbs1/x86_64/php-enchant-5.5.15-1.2.mbs1.x86_64.rpm
 1b83052b9a3360afe0ce7d9d8c0516d1  mbs1/x86_64/php-exif-5.5.15-1.2.mbs1.x86_64.rpm
 851123d71e3de3194ecc030f37fb31b7  mbs1/x86_64/php-fileinfo-5.5.15-1.2.mbs1.x86_64.rpm
 2ad566bd050fb268e9e0c13354b24b07  mbs1/x86_64/php-filter-5.5.15-1.2.mbs1.x86_64.rpm
 6607d2b46f3c32340fd6fa15471c75ee  mbs1/x86_64/php-fpm-5.5.15-1.2.mbs1.x86_64.rpm
 800d0e33e959b44e3705a081eac37707  mbs1/x86_64/php-ftp-5.5.15-1.2.mbs1.x86_64.rpm
 c5efe218dee0a5f8f685fe4887121df6  mbs1/x86_64/php-gd-5.5.15-1.2.mbs1.x86_64.rpm
 c0a2ff63842df51a013346920cd85633  mbs1/x86_64/php-gettext-5.5.15-1.2.mbs1.x86_64.rpm
 6a8a00249372f1822a1028ea003badda  mbs1/x86_64/php-gmp-5.5.15-1.2.mbs1.x86_64.rpm
 3d782e96ec768e2fbfdcb4966c17e4c5  mbs1/x86_64/php-hash-5.5.15-1.2.mbs1.x86_64.rpm
 03302374100cbef6b17b36040b97df46  mbs1/x86_64/php-iconv-5.5.15-1.2.mbs1.x86_64.rpm
 67ef91b4144597a8eee105d8d9e39785  mbs1/x86_64/php-imap-5.5.15-1.2.mbs1.x86_64.rpm
 9d79601ac46b53eb93848bbdb91ae588  mbs1/x86_64/php-ini-5.5.15-1.2.mbs1.x86_64.rpm
 9d36114cf05a452aa807a7e546e9f0d2  mbs1/x86_64/php-intl-5.5.15-1.2.mbs1.x86_64.rpm
 fe3164ded9c067c86da9abba22c179c7  mbs1/x86_64/php-json-5.5.15-1.2.mbs1.x86_64.rpm
 3514239c38af0dc7d9365e8b174903f4  mbs1/x86_64/php-ldap-5.5.15-1.2.mbs1.x86_64.rpm
 3a9080553c9d0389c4b209c7a66136d6  mbs1/x86_64/php-mbstring-5.5.15-1.2.mbs1.x86_64.rpm
 2e28885f866774b3a314839dc30cb753  mbs1/x86_64/php-mcrypt-5.5.15-1.2.mbs1.x86_64.rpm
 4960ddc660751ade994774117d09350a  mbs1/x86_64/php-mssql-5.5.15-1.2.mbs1.x86_64.rpm
 002346daef828dc391ca3c9f9abb9202  mbs1/x86_64/php-mysql-5.5.15-1.2.mbs1.x86_64.rpm
 e8b7bdb3428d132287751dbb2864a6cb  mbs1/x86_64/php-mysqli-5.5.15-1.2.mbs1.x86_64.rpm
 b9374638ca9b9cdcf5945e5a51fe3998  mbs1/x86_64/php-mysqlnd-5.5.15-1.2.mbs1.x86_64.rpm
 2c5dcdb7c6dd6c380cdb3378c0ffa798  mbs1/x86_64/php-odbc-5.5.15-1.2.mbs1.x86_64.rpm
 842b7243df7c44bc7ded4cc8dbf6bc0f  mbs1/x86_64/php-opcache-5.5.15-1.2.mbs1.x86_64.rpm
 29c7721a8124a6850f3797ebe65fd1ab  mbs1/x86_64/php-openssl-5.5.15-1.2.mbs1.x86_64.rpm
 8c189b29533a3607a255857be721d061  mbs1/x86_64/php-pcntl-5.5.15-1.2.mbs1.x86_64.rpm
 e8ae5b17760d973411a9638ed8b67142  mbs1/x86_64/php-pdo-5.5.15-1.2.mbs1.x86_64.rpm
 ffff28eafa9f41e4e045577b111e091d  mbs1/x86_64/php-pdo_dblib-5.5.15-1.2.mbs1.x86_64.rpm
 b5a90904dc3df3671df1937927181e47  mbs1/x86_64/php-pdo_mysql-5.5.15-1.2.mbs1.x86_64.rpm
 0eebd25c2cbe39bc9ed1b6c84ea4e636  mbs1/x86_64/php-pdo_odbc-5.5.15-1.2.mbs1.x86_64.rpm
 e8273d4181167213145e7a7682227274  mbs1/x86_64/php-pdo_pgsql-5.5.15-1.2.mbs1.x86_64.rpm
 44dec8ad4b772d9c89944c3c4424c5a4  mbs1/x86_64/php-pdo_sqlite-5.5.15-1.2.mbs1.x86_64.rpm
 943ed26187a3a5073014263018251eee  mbs1/x86_64/php-pgsql-5.5.15-1.2.mbs1.x86_64.rpm
 2789e51cc768ea3ac5184cca3ddea2eb  mbs1/x86_64/php-phar-5.5.15-1.2.mbs1.x86_64.rpm
 501fac63e7ec95c8dd2c6af9dec94bd6  mbs1/x86_64/php-posix-5.5.15-1.2.mbs1.x86_64.rpm
 9fa10c1aa3db7a2c3529480b9a6615e7  mbs1/x86_64/php-readline-5.5.15-1.2.mbs1.x86_64.rpm
 228da7b34f95e5a5de65d55dd3a83ef9  mbs1/x86_64/php-recode-5.5.15-1.2.mbs1.x86_64.rpm
 1c463d4247e08f9b543e0cccae4e998f  mbs1/x86_64/php-session-5.5.15-1.2.mbs1.x86_64.rpm
 14d63fcafd6c7de0ee19f93e83067975  mbs1/x86_64/php-shmop-5.5.15-1.2.mbs1.x86_64.rpm
 ad069c46d67274dec72c65eaa37770ae  mbs1/x86_64/php-snmp-5.5.15-1.2.mbs1.x86_64.rpm
 bd542c561fcacee6d1536044418b712d  mbs1/x86_64/php-soap-5.5.15-1.2.mbs1.x86_64.rpm
 52a6c80fb00752f4642b0376c76651fb  mbs1/x86_64/php-sockets-5.5.15-1.2.mbs1.x86_64.rpm
 d548586123a66ac3d4dc2f4db3c67427  mbs1/x86_64/php-sqlite3-5.5.15-1.2.mbs1.x86_64.rpm
 0ff1e1b38f3c9a4e28ff13b91bcaa374  mbs1/x86_64/php-sybase_ct-5.5.15-1.2.mbs1.x86_64.rpm
 4693d5e0aef85ab23390bb671788857d  mbs1/x86_64/php-sysvmsg-5.5.15-1.2.mbs1.x86_64.rpm
 ba9fd1a164298a79b4013380200f1eba  mbs1/x86_64/php-sysvsem-5.5.15-1.2.mbs1.x86_64.rpm
 7ee3e362aa88cfebbccbeef4dc8e8426  mbs1/x86_64/php-sysvshm-5.5.15-1.2.mbs1.x86_64.rpm
 b9b6ead8e979a87f501a2b7302860db4  mbs1/x86_64/php-tidy-5.5.15-1.2.mbs1.x86_64.rpm
 25de207b2d6ef7b4ac127874d80060fa  mbs1/x86_64/php-tokenizer-5.5.15-1.2.mbs1.x86_64.rpm
 7143d2b5bb4731d78f474788b4872930  mbs1/x86_64/php-wddx-5.5.15-1.2.mbs1.x86_64.rpm
 b365a335827c42c7f9df6f425dfc4ec0  mbs1/x86_64/php-xml-5.5.15-1.2.mbs1.x86_64.rpm
 daf5a2a4f62d0a2627b965ce22bd5361  mbs1/x86_64/php-xmlreader-5.5.15-1.2.mbs1.x86_64.rpm
 dc127c9e655876584af86975b59e228d  mbs1/x86_64/php-xmlrpc-5.5.15-1.2.mbs1.x86_64.rpm
 3f6300aa39367c97305fb28f03db82e0  mbs1/x86_64/php-xmlwriter-5.5.15-1.2.mbs1.x86_64.rpm
 bc940bf9eb010e3b400442a7f2ea1082  mbs1/x86_64/php-xsl-5.5.15-1.2.mbs1.x86_64.rpm
 0182998fa478cacac8e6e036f6e910a4  mbs1/x86_64/php-zip-5.5.15-1.2.mbs1.x86_64.rpm
 c3af540e3596b126a0b9ba4c4dccafe6  mbs1/x86_64/php-zlib-5.5.15-1.2.mbs1.x86_64.rpm 
 7619610a141a2d051dccf3a5ad05be04  mbs1/SRPMS/php-5.5.15-1.2.mbs1.src.rpm
 19c9a0c5a6cf7f42d26989bab0a826d5  mbs1/SRPMS/php-apc-3.1.15-1.9.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFT4dwGmqjQ0CJFipgRAhHrAKCvRKwurJLUDoDK1bEA53EN56UazgCfU+Fy
8J3pIbBMt4OgLcC9mR1U9pM=
=wN9t
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists