lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 23 Oct 2014 12:31:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:202 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:202
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : October 23, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in php:
 
 A heap corruption issue was reported in PHP&#039;s exif_thumbnail()
 function. A specially-crafted JPEG image could cause the PHP
 interpreter to crash or, potentially, execute arbitrary code
 (CVE-2014-3670).
 
 The updated php packages have been upgraded to the 5.5.18 version
 resolve this security flaw.
 
 Additionally, php-apc has been rebuilt against the updated php
 packages.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
 http://php.net/ChangeLog-5.php#5.5.18
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 b84db9e325102ccc20006f5e6ccb74a1  mbs1/x86_64/apache-mod_php-5.5.18-1.mbs1.x86_64.rpm
 3ae59a3a698c2739ec14f1f148b92f29  mbs1/x86_64/lib64php5_common5-5.5.18-1.mbs1.x86_64.rpm
 ade8aaab55f610c54bc39aa68e56d153  mbs1/x86_64/php-apc-3.1.15-1.12.mbs1.x86_64.rpm
 78169707954ef896c52611c354b79368  mbs1/x86_64/php-apc-admin-3.1.15-1.12.mbs1.x86_64.rpm
 ab9faf90ad2cbee0d595c3536757b1b2  mbs1/x86_64/php-bcmath-5.5.18-1.mbs1.x86_64.rpm
 bc0cc28f753e3d389b49974795ce2ccc  mbs1/x86_64/php-bz2-5.5.18-1.mbs1.x86_64.rpm
 1162526089cb1fb9fce42c26646e605d  mbs1/x86_64/php-calendar-5.5.18-1.mbs1.x86_64.rpm
 5760732b5f73910e6465e8ccbb765c1d  mbs1/x86_64/php-cgi-5.5.18-1.mbs1.x86_64.rpm
 6e38ac768c2085960c3aa0dc39e4d7a0  mbs1/x86_64/php-cli-5.5.18-1.mbs1.x86_64.rpm
 985a2cae71704a360f607b4c2850eb2c  mbs1/x86_64/php-ctype-5.5.18-1.mbs1.x86_64.rpm
 c8d1546ad51a8a5cd74d578333d89e0f  mbs1/x86_64/php-curl-5.5.18-1.mbs1.x86_64.rpm
 366687605290ff08a905f7b4ae67e5ca  mbs1/x86_64/php-dba-5.5.18-1.mbs1.x86_64.rpm
 0ae24b75bb2c73d57455610579ca6438  mbs1/x86_64/php-devel-5.5.18-1.mbs1.x86_64.rpm
 18c5288d2420077c3d472c0eff231372  mbs1/x86_64/php-doc-5.5.18-1.mbs1.noarch.rpm
 53fe9ddfe1ecc35b09da6ab4042844cb  mbs1/x86_64/php-dom-5.5.18-1.mbs1.x86_64.rpm
 78b98a326094e361314deba320d73584  mbs1/x86_64/php-enchant-5.5.18-1.mbs1.x86_64.rpm
 8746b68c71c917878ec07c9891672c80  mbs1/x86_64/php-exif-5.5.18-1.mbs1.x86_64.rpm
 8c998a6b4af589404d9d34a6a3cb8784  mbs1/x86_64/php-fileinfo-5.5.18-1.mbs1.x86_64.rpm
 a9215efa31cdcd8ca97e33f189aad25b  mbs1/x86_64/php-filter-5.5.18-1.mbs1.x86_64.rpm
 6dc0b37ef6ecf4f72176457a412d971b  mbs1/x86_64/php-fpm-5.5.18-1.mbs1.x86_64.rpm
 141583776c38c25fe198f42fe99ee2c4  mbs1/x86_64/php-ftp-5.5.18-1.mbs1.x86_64.rpm
 3f3f9dea5d6e1ec1561d0b108ec6a0ba  mbs1/x86_64/php-gd-5.5.18-1.mbs1.x86_64.rpm
 a9951b26680e9e4652101113007febf2  mbs1/x86_64/php-gettext-5.5.18-1.mbs1.x86_64.rpm
 29c8abcd2df356cac390194290ce7c3b  mbs1/x86_64/php-gmp-5.5.18-1.mbs1.x86_64.rpm
 3194410dd2d76511732211bb40d5d9b0  mbs1/x86_64/php-hash-5.5.18-1.mbs1.x86_64.rpm
 2e3953de46a8334dbcec5264a4f0a12e  mbs1/x86_64/php-iconv-5.5.18-1.mbs1.x86_64.rpm
 2928e4e3fe91bb55562b6b65aaba3ae7  mbs1/x86_64/php-imap-5.5.18-1.mbs1.x86_64.rpm
 d7d3c35bfbccca665919bc5943397bb5  mbs1/x86_64/php-ini-5.5.18-1.mbs1.x86_64.rpm
 0913099a2defd61e8398fe0e20f66c4d  mbs1/x86_64/php-intl-5.5.18-1.mbs1.x86_64.rpm
 8ba4ebc4f791d030de275468938617df  mbs1/x86_64/php-json-5.5.18-1.mbs1.x86_64.rpm
 141fcf13af5eab6ca869017a7d59c8c9  mbs1/x86_64/php-ldap-5.5.18-1.mbs1.x86_64.rpm
 961df415435d9b4b38693119edabcd0b  mbs1/x86_64/php-mbstring-5.5.18-1.mbs1.x86_64.rpm
 60ffb2d50b6c5ed1abaa5654ef259c9e  mbs1/x86_64/php-mcrypt-5.5.18-1.mbs1.x86_64.rpm
 ab32e34ee6f479669be75492b62b1f82  mbs1/x86_64/php-mssql-5.5.18-1.mbs1.x86_64.rpm
 7681ccf2b0a6111cb104be83467b260e  mbs1/x86_64/php-mysql-5.5.18-1.mbs1.x86_64.rpm
 9de3dec1b62dc2044861723730167bc4  mbs1/x86_64/php-mysqli-5.5.18-1.mbs1.x86_64.rpm
 11c665b60f7e37c08d93d4b6b8f5cfcf  mbs1/x86_64/php-mysqlnd-5.5.18-1.mbs1.x86_64.rpm
 c4fed88774a92ce914db7abe80a9a61d  mbs1/x86_64/php-odbc-5.5.18-1.mbs1.x86_64.rpm
 c14cb622659a9931e2700ed236e68ae9  mbs1/x86_64/php-opcache-5.5.18-1.mbs1.x86_64.rpm
 fcd7e445e2212b08a8383f954a1df018  mbs1/x86_64/php-openssl-5.5.18-1.mbs1.x86_64.rpm
 5d47874839404826e411554318711555  mbs1/x86_64/php-pcntl-5.5.18-1.mbs1.x86_64.rpm
 0866b98e77b01c6f76618e9f3d76306d  mbs1/x86_64/php-pdo-5.5.18-1.mbs1.x86_64.rpm
 0a0f637484a3ddadccdfb11057f1fb5a  mbs1/x86_64/php-pdo_dblib-5.5.18-1.mbs1.x86_64.rpm
 e357a83cbf035c367440c873d25ba4f2  mbs1/x86_64/php-pdo_mysql-5.5.18-1.mbs1.x86_64.rpm
 0f1836cc0696ee375249aef058f0f245  mbs1/x86_64/php-pdo_odbc-5.5.18-1.mbs1.x86_64.rpm
 98bc2715b3c1bf0cdcad9f492227abae  mbs1/x86_64/php-pdo_pgsql-5.5.18-1.mbs1.x86_64.rpm
 41c360d01b68b3bc77a21a6086ef194e  mbs1/x86_64/php-pdo_sqlite-5.5.18-1.mbs1.x86_64.rpm
 299d6a500a7e011b3b5be40c1a7735f5  mbs1/x86_64/php-pgsql-5.5.18-1.mbs1.x86_64.rpm
 da24102ba2f7a63eaaef0fecaa55beb5  mbs1/x86_64/php-phar-5.5.18-1.mbs1.x86_64.rpm
 efc3c6b8de4b15d79ea4bdc519fc8a8a  mbs1/x86_64/php-posix-5.5.18-1.mbs1.x86_64.rpm
 d79178dae1c847185d8f7a5051a44825  mbs1/x86_64/php-readline-5.5.18-1.mbs1.x86_64.rpm
 368cea97143ba8c8d72c9e59e1c50913  mbs1/x86_64/php-recode-5.5.18-1.mbs1.x86_64.rpm
 68a93e38ecad3eaa241bc3cb2c0347cf  mbs1/x86_64/php-session-5.5.18-1.mbs1.x86_64.rpm
 9a0029d4250c30677ead8089acaf0c51  mbs1/x86_64/php-shmop-5.5.18-1.mbs1.x86_64.rpm
 8c76cd1bf9e440e9648c619724417371  mbs1/x86_64/php-snmp-5.5.18-1.mbs1.x86_64.rpm
 8f5693203a0d60f48e5619dbab2db416  mbs1/x86_64/php-soap-5.5.18-1.mbs1.x86_64.rpm
 01790d54888a2d87b15bd3331c571449  mbs1/x86_64/php-sockets-5.5.18-1.mbs1.x86_64.rpm
 85e4e04669bbe9c6e9de1ff78ff49274  mbs1/x86_64/php-sqlite3-5.5.18-1.mbs1.x86_64.rpm
 fc2bd0f9b54861470671f37a580a1d46  mbs1/x86_64/php-sybase_ct-5.5.18-1.mbs1.x86_64.rpm
 c3610251005ac7b319ed8f7bed344486  mbs1/x86_64/php-sysvmsg-5.5.18-1.mbs1.x86_64.rpm
 4b82dbc9eaeaa45cbf32ce5756b5c3d0  mbs1/x86_64/php-sysvsem-5.5.18-1.mbs1.x86_64.rpm
 3374366b7ea2ccc20308ed2adc8ec221  mbs1/x86_64/php-sysvshm-5.5.18-1.mbs1.x86_64.rpm
 636bc7a540ccd06282de2d7ed0ab3690  mbs1/x86_64/php-tidy-5.5.18-1.mbs1.x86_64.rpm
 16a11f259002930ee920440669445ff9  mbs1/x86_64/php-tokenizer-5.5.18-1.mbs1.x86_64.rpm
 a512fe6c82be2f4432b1ded3489edcbd  mbs1/x86_64/php-wddx-5.5.18-1.mbs1.x86_64.rpm
 ef4e52504eb75fae14f3cc3c38bd4603  mbs1/x86_64/php-xml-5.5.18-1.mbs1.x86_64.rpm
 4dea2a8396ac039df6d5959b9c39b63a  mbs1/x86_64/php-xmlreader-5.5.18-1.mbs1.x86_64.rpm
 947eb1384492d4aad886727ec8d9389c  mbs1/x86_64/php-xmlrpc-5.5.18-1.mbs1.x86_64.rpm
 b2ebbda90c808ae5fe8d842f94fe8364  mbs1/x86_64/php-xmlwriter-5.5.18-1.mbs1.x86_64.rpm
 a8412459476cc34131aad1002580c909  mbs1/x86_64/php-xsl-5.5.18-1.mbs1.x86_64.rpm
 cc4d955eb39fb64cc5206d24aab0acaa  mbs1/x86_64/php-zip-5.5.18-1.mbs1.x86_64.rpm
 0da49615c744294db6a8e603b833a91a  mbs1/x86_64/php-zlib-5.5.18-1.mbs1.x86_64.rpm 
 a6e71411ed5b80fa7e5b428eefb0cc4d  mbs1/SRPMS/php-5.5.18-1.mbs1.src.rpm
 b62ae9619949646fb87897dd48a59142  mbs1/SRPMS/php-apc-3.1.15-1.12.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUSMrXmqjQ0CJFipgRAplJAJsHiEWftELp+nDph3P7sO+yESmQiQCfb02E
OQ8AXlipI1KEvmS9qbcotMs=
=xNV7
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ