lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 05 Feb 2015 18:04:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:032 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:032
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : February 5, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in php:
 
 sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x
 through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read
 a .php file, does not properly consider the mapping&#039;s length during
 processing of an invalid file that begins with a # character and lacks
 a newline character, which causes an out-of-bounds read and might (1)
 allow remote attackers to obtain sensitive information from php-cgi
 process memory by leveraging the ability to upload a .php file or (2)
 trigger unexpected code execution if a valid PHP script is present
 in memory locations adjacent to the mapping (CVE-2014-9427).
 
 Use-after-free vulnerability in the process_nested_data function in
 ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before
 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute
 arbitrary code via a crafted unserialize call that leverages improper
 handling of duplicate numerical keys within the serialized properties
 of an object. NOTE: this vulnerability exists because of an incomplete
 fix for CVE-2014-8142 (CVE-2015-0231).
 
 The exif_process_unicode function in ext/exif/exif.c in PHP before
 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote
 attackers to execute arbitrary code or cause a denial of service
 (uninitialized pointer free and application crash) via crafted EXIF
 data in a JPEG image (CVE-2015-0232).
 
 The updated php packages have been upgraded to the 5.5.21 version
 which is not vulnerable to these issues.
 
 Additionally, the timezonedb package has been upgraded to the latest
 2015.1 version, the php-suhosin package has been upgraded to the
 latest 0.9.37.1 and the PECL packages which requires so has been
 rebuilt for php-5.5.21.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
 http://php.net/ChangeLog-5.php#5.5.21
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 e10b93bf56ffd9de6bc3dc7097186d0d  mbs1/x86_64/apache-mod_php-5.5.21-1.mbs1.x86_64.rpm
 35cf46d3f0b04ec4e4ce251658817967  mbs1/x86_64/lib64php5_common5-5.5.21-1.mbs1.x86_64.rpm
 380fbb305decb415730164df5966c5db  mbs1/x86_64/php-apc-3.1.15-1.15.mbs1.x86_64.rpm
 cf2f06ade39ba0e5bc8c672dbfc6ff77  mbs1/x86_64/php-apc-admin-3.1.15-1.15.mbs1.x86_64.rpm
 15d498fd2fa763f5b1b2a09432b3834f  mbs1/x86_64/php-bcmath-5.5.21-1.mbs1.x86_64.rpm
 80c239999520eb885150c193856969be  mbs1/x86_64/php-bz2-5.5.21-1.mbs1.x86_64.rpm
 3305d51bd901f85d93b4ffb85d9fb55a  mbs1/x86_64/php-calendar-5.5.21-1.mbs1.x86_64.rpm
 37430aab4267b1577333a52591ef483c  mbs1/x86_64/php-cgi-5.5.21-1.mbs1.x86_64.rpm
 7610a03c06613e9a342983b0cfc3e04b  mbs1/x86_64/php-cli-5.5.21-1.mbs1.x86_64.rpm
 5962886825c659cf7aa66bbf0e7bcdc7  mbs1/x86_64/php-ctype-5.5.21-1.mbs1.x86_64.rpm
 a2870a53aeec993e0d73aff6b147002d  mbs1/x86_64/php-curl-5.5.21-1.mbs1.x86_64.rpm
 d8212e3ff340631b76c1f2ee570f39a2  mbs1/x86_64/php-dba-5.5.21-1.mbs1.x86_64.rpm
 aa760f1a74519f33d412234c6b46b5a2  mbs1/x86_64/php-devel-5.5.21-1.mbs1.x86_64.rpm
 b0e1edd28c8946b8f70f904ad74f6196  mbs1/x86_64/php-doc-5.5.21-1.mbs1.noarch.rpm
 1ab05b3b4f388fe169a1665f845708b3  mbs1/x86_64/php-dom-5.5.21-1.mbs1.x86_64.rpm
 8df5513d5170a461c8c2c94cab77d673  mbs1/x86_64/php-enchant-5.5.21-1.mbs1.x86_64.rpm
 5a21e187f513214c1203de6ca92bb0d5  mbs1/x86_64/php-exif-5.5.21-1.mbs1.x86_64.rpm
 74c5e7af8d5ef99fba456636d11dbc5b  mbs1/x86_64/php-fileinfo-5.5.21-1.mbs1.x86_64.rpm
 eac42ef4b3b6dfdf5ffa2e0aefc214de  mbs1/x86_64/php-filter-5.5.21-1.mbs1.x86_64.rpm
 deb876cfeda3f9a8eb8682f8a1acbd44  mbs1/x86_64/php-fpm-5.5.21-1.mbs1.x86_64.rpm
 22a24f2ace7196206f5d412bb0d0c283  mbs1/x86_64/php-ftp-5.5.21-1.mbs1.x86_64.rpm
 b9281f2d656ceb0362a085213798abec  mbs1/x86_64/php-gd-5.5.21-1.mbs1.x86_64.rpm
 4e55d36d0e9cdcbfe9f6f2b4a6694661  mbs1/x86_64/php-gettext-5.5.21-1.mbs1.x86_64.rpm
 39ca752f1ffb768cfe1117b6884359ba  mbs1/x86_64/php-gmp-5.5.21-1.mbs1.x86_64.rpm
 70d257981f63d37cd4416776f09b93e0  mbs1/x86_64/php-hash-5.5.21-1.mbs1.x86_64.rpm
 f138cbe8fefddc2fcf1bb6b4ef0e51c8  mbs1/x86_64/php-iconv-5.5.21-1.mbs1.x86_64.rpm
 a6f413cf6ac533ac2c863ca3edad35a0  mbs1/x86_64/php-imap-5.5.21-1.mbs1.x86_64.rpm
 e21379d08e795a07950612e759f31329  mbs1/x86_64/php-ini-5.5.21-1.mbs1.x86_64.rpm
 016b63d1bdac5c053f6c750f58a9587e  mbs1/x86_64/php-intl-5.5.21-1.mbs1.x86_64.rpm
 2aaba314e9d37fe4208d9cd41a889fef  mbs1/x86_64/php-json-5.5.21-1.mbs1.x86_64.rpm
 2400f52a1b4bc7c492905baa55276ab2  mbs1/x86_64/php-ldap-5.5.21-1.mbs1.x86_64.rpm
 f0d39fc248825c8b6d575be7ac77304d  mbs1/x86_64/php-mbstring-5.5.21-1.mbs1.x86_64.rpm
 a2e705d08022416e60ee865183485eda  mbs1/x86_64/php-mcrypt-5.5.21-1.mbs1.x86_64.rpm
 fd7b9e0d7c928547670bde3d41836a58  mbs1/x86_64/php-mssql-5.5.21-1.mbs1.x86_64.rpm
 c7c115d4b0b044b4a156719a952a3aa0  mbs1/x86_64/php-mysql-5.5.21-1.mbs1.x86_64.rpm
 72229e16ce7f25cebbfd32c9bf1279dc  mbs1/x86_64/php-mysqli-5.5.21-1.mbs1.x86_64.rpm
 6214401d42c419b786c53b07450d3102  mbs1/x86_64/php-mysqlnd-5.5.21-1.mbs1.x86_64.rpm
 051905065c0a836ad22a156ae8be38aa  mbs1/x86_64/php-odbc-5.5.21-1.mbs1.x86_64.rpm
 d0f60e037a0b2915938544ebf4a3b009  mbs1/x86_64/php-opcache-5.5.21-1.mbs1.x86_64.rpm
 51fa835f0b3fd0c2b6cbaf072049ad7c  mbs1/x86_64/php-openssl-5.5.21-1.mbs1.x86_64.rpm
 0444aab16fb7ec45249cde7c02259972  mbs1/x86_64/php-pcntl-5.5.21-1.mbs1.x86_64.rpm
 0073dd43664b44b837c6d7604d097d31  mbs1/x86_64/php-pdo-5.5.21-1.mbs1.x86_64.rpm
 ad00b9b7d118e7dd72234d4ae3937f8c  mbs1/x86_64/php-pdo_dblib-5.5.21-1.mbs1.x86_64.rpm
 c20479f9036d7b7a2c7b922547d98577  mbs1/x86_64/php-pdo_mysql-5.5.21-1.mbs1.x86_64.rpm
 14e356c11403107b7f07acf1ff3d8e91  mbs1/x86_64/php-pdo_odbc-5.5.21-1.mbs1.x86_64.rpm
 f43f6ffab9717cfbe63b6d44feadce69  mbs1/x86_64/php-pdo_pgsql-5.5.21-1.mbs1.x86_64.rpm
 83b4abb4f03504eaa9650dcb8afafcda  mbs1/x86_64/php-pdo_sqlite-5.5.21-1.mbs1.x86_64.rpm
 1a5965f09e247f2b61c62da716db2bc3  mbs1/x86_64/php-pgsql-5.5.21-1.mbs1.x86_64.rpm
 7bb8c80d39970eff0e91d70a628c1f6f  mbs1/x86_64/php-phar-5.5.21-1.mbs1.x86_64.rpm
 d7d1e4862e41d327668dcdbab17b16af  mbs1/x86_64/php-posix-5.5.21-1.mbs1.x86_64.rpm
 a8ffaebca7ac3d5cd68ea683fd96d355  mbs1/x86_64/php-readline-5.5.21-1.mbs1.x86_64.rpm
 47bfab007757c043a20869d9cfb3dfce  mbs1/x86_64/php-recode-5.5.21-1.mbs1.x86_64.rpm
 ef7b539f7b1bd362b0ab5132c1ed02e9  mbs1/x86_64/php-session-5.5.21-1.mbs1.x86_64.rpm
 c221a953b4d19aa1abbb1554e1dcba7f  mbs1/x86_64/php-shmop-5.5.21-1.mbs1.x86_64.rpm
 faa7f998119c8caeaf41633eebeda8cf  mbs1/x86_64/php-snmp-5.5.21-1.mbs1.x86_64.rpm
 76c9cce8476b0cc570feb5f559d41100  mbs1/x86_64/php-soap-5.5.21-1.mbs1.x86_64.rpm
 8ba094b373532be959ec091e170ec67f  mbs1/x86_64/php-sockets-5.5.21-1.mbs1.x86_64.rpm
 4ba897393ae80f5258904da4e674763e  mbs1/x86_64/php-sqlite3-5.5.21-1.mbs1.x86_64.rpm
 805a305e9bbe7aa4205bf2b161cfbed5  mbs1/x86_64/php-suhosin-0.9.37.1-1.1.mbs1.x86_64.rpm
 f9ce38cee5e9dae0093be89dace73264  mbs1/x86_64/php-sybase_ct-5.5.21-1.mbs1.x86_64.rpm
 69cf5f72855d32e5f482c61294e623ed  mbs1/x86_64/php-sysvmsg-5.5.21-1.mbs1.x86_64.rpm
 09b48a0e2d140c5a15b23cb2b5068ac0  mbs1/x86_64/php-sysvsem-5.5.21-1.mbs1.x86_64.rpm
 a6aa97b047afe2bf4069b72b4a5ddd78  mbs1/x86_64/php-sysvshm-5.5.21-1.mbs1.x86_64.rpm
 356b7bf2e5f41cce66698a359d8062ac  mbs1/x86_64/php-tidy-5.5.21-1.mbs1.x86_64.rpm
 5e7ad121c41731660209e6a3d003b142  mbs1/x86_64/php-timezonedb-2015.1-1.mbs1.x86_64.rpm
 dffe6910d0f170be5bf49fe4cd959883  mbs1/x86_64/php-tokenizer-5.5.21-1.mbs1.x86_64.rpm
 e2ad6ddab9e9ed43d3ad4979c6c4f86b  mbs1/x86_64/php-wddx-5.5.21-1.mbs1.x86_64.rpm
 26e46036e5a4d4cefb4fbde1c06100d7  mbs1/x86_64/php-xml-5.5.21-1.mbs1.x86_64.rpm
 8664c4fbce6fa50245edc216e6c8e959  mbs1/x86_64/php-xmlreader-5.5.21-1.mbs1.x86_64.rpm
 dba1da2ada8d7073f1d9e8bbf11b1ea7  mbs1/x86_64/php-xmlrpc-5.5.21-1.mbs1.x86_64.rpm
 2d68665ed632fa69e97cb9f8d2c7dc0b  mbs1/x86_64/php-xmlwriter-5.5.21-1.mbs1.x86_64.rpm
 94f4c00b2c83050b2c4c4713976940ee  mbs1/x86_64/php-xsl-5.5.21-1.mbs1.x86_64.rpm
 3afda2f608982df1faa4b6db3c1c9a55  mbs1/x86_64/php-zip-5.5.21-1.mbs1.x86_64.rpm
 88c51809d22c4e364ed70e1567eccac8  mbs1/x86_64/php-zlib-5.5.21-1.mbs1.x86_64.rpm 
 275b50c9dfa2cc7b5244a7bece61644a  mbs1/SRPMS/php-5.5.21-1.mbs1.src.rpm
 ef1cf8b05352ebf671b704ecc8e54c4b  mbs1/SRPMS/php-apc-3.1.15-1.15.mbs1.src.rpm
 84245bb31cf43e549fde22690802b44d  mbs1/SRPMS/php-suhosin-0.9.37.1-1.1.mbs1.src.rpm
 61203a18b4f0ac67117f5b0fcbf348a7  mbs1/SRPMS/php-timezonedb-2015.1-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU05RlmqjQ0CJFipgRArmOAKDKYyVQrC1CpH9JKrd8HAhddB7oZQCgtdL8
0rueIDnGzKxeJYZDOf8Kdvo=
=3Yt1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ