[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WksFg-0006VE-KC@titan.mandriva.com>
Date: Thu, 15 May 2014 11:47:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:087 ] php
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:087
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : php
Date : May 15, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in php:
PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain
socket with world-writable permissions by default, which allows any
local user to connect to it and execute PHP scripts as the apache user
(CVE-2014-0185).
The updated php packages have been upgraded to the 5.5.12 version
which is not vulnerable to this issue.
Additionally, the timezonedb packages has been upgraded to the latest
2014.3 version, the php-suhosin packages has been upgraded to the
latest 0.9.35 version which has better support for php-5.5 and the
PECL packages which requires so has been rebuilt for php-5.5.12.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
df283b0fbf1a40933a09a0437306e077 mbs1/x86_64/apache-mod_php-5.5.12-1.mbs1.x86_64.rpm
1abe9798b925025ec94da9a485644258 mbs1/x86_64/lib64php5_common5-5.5.12-1.mbs1.x86_64.rpm
3fd588f458b56959797fb5d014eae48f mbs1/x86_64/php-apc-3.1.15-1.6.mbs1.x86_64.rpm
7e619dee2e92ff3c380f6c4ef501d0df mbs1/x86_64/php-apc-admin-3.1.15-1.6.mbs1.x86_64.rpm
11f54447e5427fbf752b4f71b9970ce5 mbs1/x86_64/php-bcmath-5.5.12-1.mbs1.x86_64.rpm
c062cda26132b4ac6c4e148c6a68734e mbs1/x86_64/php-bz2-5.5.12-1.mbs1.x86_64.rpm
881589dad906c2fb85c3a33d7fea378c mbs1/x86_64/php-calendar-5.5.12-1.mbs1.x86_64.rpm
ef0d051de99575d3c71b87800ee246e5 mbs1/x86_64/php-cgi-5.5.12-1.mbs1.x86_64.rpm
4c5204cac61750016c59580d6fe12f17 mbs1/x86_64/php-cli-5.5.12-1.mbs1.x86_64.rpm
a0cff9488526e5c1ea6f9cde930bf5d8 mbs1/x86_64/php-ctype-5.5.12-1.mbs1.x86_64.rpm
5b79423cbb3649eedfaadee4b7773fe6 mbs1/x86_64/php-curl-5.5.12-1.mbs1.x86_64.rpm
f009622fdfd3825dc76573bea38fd269 mbs1/x86_64/php-dba-5.5.12-1.mbs1.x86_64.rpm
24a229cfcf39dc8642678b5a3c7c3cc2 mbs1/x86_64/php-devel-5.5.12-1.mbs1.x86_64.rpm
32560ad8808014a67496e34398f68922 mbs1/x86_64/php-doc-5.5.12-1.mbs1.noarch.rpm
e2c2566d0b502ad2c42de98a70820e42 mbs1/x86_64/php-dom-5.5.12-1.mbs1.x86_64.rpm
4c54ba0d5daa7ed0428e687fe2ee7e44 mbs1/x86_64/php-enchant-5.5.12-1.mbs1.x86_64.rpm
c240f95cec3fdc7637bff950472dad68 mbs1/x86_64/php-exif-5.5.12-1.mbs1.x86_64.rpm
e6aa382fd8013fb0c7f18b0f4158e414 mbs1/x86_64/php-fileinfo-5.5.12-1.mbs1.x86_64.rpm
c57d83072dfcac793e712c673991f950 mbs1/x86_64/php-filter-5.5.12-1.mbs1.x86_64.rpm
5c66528ecfd9e43979cd30e5877f8a16 mbs1/x86_64/php-fpm-5.5.12-1.mbs1.x86_64.rpm
0b69a5b8f87f5d60f9277a930ae684f5 mbs1/x86_64/php-ftp-5.5.12-1.mbs1.x86_64.rpm
bdcf28c0c14570960fa1ac3831e60d60 mbs1/x86_64/php-gd-5.5.12-1.mbs1.x86_64.rpm
b292b8323de1bfa84f6343374ecd2cd6 mbs1/x86_64/php-gettext-5.5.12-1.mbs1.x86_64.rpm
d398f4e3d479241d7965742c3fc998ef mbs1/x86_64/php-gmp-5.5.12-1.mbs1.x86_64.rpm
6ad902976dbb65029eaec9545090efba mbs1/x86_64/php-hash-5.5.12-1.mbs1.x86_64.rpm
1f70ab02036654143b0600ada836ae75 mbs1/x86_64/php-iconv-5.5.12-1.mbs1.x86_64.rpm
43b8d3119abaebe97cd131581ad0bce7 mbs1/x86_64/php-imap-5.5.12-1.mbs1.x86_64.rpm
8a036900183251f4533a7448bb31578e mbs1/x86_64/php-ini-5.5.12-1.mbs1.x86_64.rpm
6d955beac6cd6d100e1733c463f0ec1b mbs1/x86_64/php-intl-5.5.12-1.mbs1.x86_64.rpm
31da57129ac268f8b1ee761d00229c76 mbs1/x86_64/php-json-5.5.12-1.mbs1.x86_64.rpm
982f16d428b26491fa076144cd87f7cf mbs1/x86_64/php-ldap-5.5.12-1.mbs1.x86_64.rpm
efbad629641d00c18a5694108d29dc1f mbs1/x86_64/php-mbstring-5.5.12-1.mbs1.x86_64.rpm
1297ae3e46bb0916c57be1623b0b5934 mbs1/x86_64/php-mcrypt-5.5.12-1.mbs1.x86_64.rpm
857fd2c635ccbe2864300f57c4e325e1 mbs1/x86_64/php-mssql-5.5.12-1.mbs1.x86_64.rpm
43a8813edf9337c2078180cb64f40b92 mbs1/x86_64/php-mysql-5.5.12-1.mbs1.x86_64.rpm
8483d8e011ecf13b20525632c6b0f7ec mbs1/x86_64/php-mysqli-5.5.12-1.mbs1.x86_64.rpm
49ba506cc6c659b6bafa5a8c60cd98d7 mbs1/x86_64/php-mysqlnd-5.5.12-1.mbs1.x86_64.rpm
d4441bd727920f3bc2a813c205b07269 mbs1/x86_64/php-odbc-5.5.12-1.mbs1.x86_64.rpm
7078d869b8ac7c0f18e5e80d31133e9d mbs1/x86_64/php-opcache-5.5.12-1.mbs1.x86_64.rpm
b5e4314436efa86f825d8bd3a05a1bb2 mbs1/x86_64/php-openssl-5.5.12-1.mbs1.x86_64.rpm
2bae715891c7cba2d0f5d89b341b6f8d mbs1/x86_64/php-pcntl-5.5.12-1.mbs1.x86_64.rpm
e2867aee0bcc74c716906b95313874e9 mbs1/x86_64/php-pdo-5.5.12-1.mbs1.x86_64.rpm
2d2606c285e7b1143587dcea2e6bf684 mbs1/x86_64/php-pdo_dblib-5.5.12-1.mbs1.x86_64.rpm
d9258f65a971bb39b2bb0cc48029ef15 mbs1/x86_64/php-pdo_mysql-5.5.12-1.mbs1.x86_64.rpm
58c336a04c095c2f80b6b5f5b324493b mbs1/x86_64/php-pdo_odbc-5.5.12-1.mbs1.x86_64.rpm
1958077abb09515aea71df8c9e4eb9a8 mbs1/x86_64/php-pdo_pgsql-5.5.12-1.mbs1.x86_64.rpm
34bae52fb02a338dbf92548ba8efb0b1 mbs1/x86_64/php-pdo_sqlite-5.5.12-1.mbs1.x86_64.rpm
f0dabb11d738cfa10d5f0d01bde9fcac mbs1/x86_64/php-pgsql-5.5.12-1.mbs1.x86_64.rpm
b6f47c1173da6eea7f9f6ab20b4a7c9a mbs1/x86_64/php-phar-5.5.12-1.mbs1.x86_64.rpm
1eb21c1d019a8f348454af89e16f78f2 mbs1/x86_64/php-posix-5.5.12-1.mbs1.x86_64.rpm
8ad4a51b9662004ff2ebad4f51b56117 mbs1/x86_64/php-readline-5.5.12-1.mbs1.x86_64.rpm
a94de78681035b08063137cc5cf32437 mbs1/x86_64/php-recode-5.5.12-1.mbs1.x86_64.rpm
1dfac2b5345421cb192f0534681cf6af mbs1/x86_64/php-session-5.5.12-1.mbs1.x86_64.rpm
645fb72f38521f91b9dc1a1c7e575942 mbs1/x86_64/php-shmop-5.5.12-1.mbs1.x86_64.rpm
c1fd2e2ad98402c7315a68b2717aac16 mbs1/x86_64/php-snmp-5.5.12-1.mbs1.x86_64.rpm
752a8cc39ce2d0f82bd2c07a2dbb4ba5 mbs1/x86_64/php-soap-5.5.12-1.mbs1.x86_64.rpm
a6a62275ea481a0fbcd7737578f33455 mbs1/x86_64/php-sockets-5.5.12-1.mbs1.x86_64.rpm
22c717901d4212c67e87ed2174e6e845 mbs1/x86_64/php-sqlite3-5.5.12-1.mbs1.x86_64.rpm
f7e6386efcd2a97a5490a3109bd70600 mbs1/x86_64/php-suhosin-0.9.35-1.mbs1.x86_64.rpm
f9f6a9c19af8ecd5fe0ba8b7e2f526ee mbs1/x86_64/php-sybase_ct-5.5.12-1.mbs1.x86_64.rpm
b60b2d77fa1e2b10644df9c86e3fdac1 mbs1/x86_64/php-sysvmsg-5.5.12-1.mbs1.x86_64.rpm
fb7d815b81a40865cd54588f977a6827 mbs1/x86_64/php-sysvsem-5.5.12-1.mbs1.x86_64.rpm
e3bb6a42b7062245009a3e64e9c3ab53 mbs1/x86_64/php-sysvshm-5.5.12-1.mbs1.x86_64.rpm
809dffd53a7653ea04958f6c6c86579a mbs1/x86_64/php-tidy-5.5.12-1.mbs1.x86_64.rpm
d8e2ceee78d3b8b77011ff274fec13da mbs1/x86_64/php-timezonedb-2014.3-1.mbs1.x86_64.rpm
7462feb0b6b1c1027739300256811425 mbs1/x86_64/php-tokenizer-5.5.12-1.mbs1.x86_64.rpm
b412ccbf40f642242ce946ab6dc5057d mbs1/x86_64/php-wddx-5.5.12-1.mbs1.x86_64.rpm
56aefd73ef297dd2752a94ca43b9368d mbs1/x86_64/php-xml-5.5.12-1.mbs1.x86_64.rpm
36728ade4afc041e4b4cdc8adae5b51c mbs1/x86_64/php-xmlreader-5.5.12-1.mbs1.x86_64.rpm
96928243c5bcb9b13df45ee473f2bba5 mbs1/x86_64/php-xmlrpc-5.5.12-1.mbs1.x86_64.rpm
03560a70d16bd0ab39192f286fca26ea mbs1/x86_64/php-xmlwriter-5.5.12-1.mbs1.x86_64.rpm
f73bffd35d1e327a71949167deeb6fa4 mbs1/x86_64/php-xsl-5.5.12-1.mbs1.x86_64.rpm
a69a5c5c8ff300e0ddaa5965462476cd mbs1/x86_64/php-zip-5.5.12-1.mbs1.x86_64.rpm
043104c0742e0b8d662ffdfe4863dfba mbs1/x86_64/php-zlib-5.5.12-1.mbs1.x86_64.rpm
a7d10f16e1386c594f431001c48a0917 mbs1/SRPMS/php-5.5.12-1.mbs1.src.rpm
69977bb13b343ece8ee1fd6b6d82729f mbs1/SRPMS/php-apc-3.1.15-1.6.mbs1.src.rpm
49af4a438fa6eebf439741dd0575fb37 mbs1/SRPMS/php-suhosin-0.9.35-1.mbs1.src.rpm
eecd1584f6cb9dba6c88c3b29ea692bc mbs1/SRPMS/php-timezonedb-2014.3-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD4DBQFTdGLcmqjQ0CJFipgRAt/SAKD2bOJ+Od3npvQEop5sKD27dzqRyACYvP65
dJiEmD7K3fatPFHMJZnewQ==
=nwr2
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists