lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WksFg-0006VE-KC@titan.mandriva.com>
Date: Thu, 15 May 2014 11:47:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:087 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:087
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : May 15, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in php:
 
 PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain
 socket with world-writable permissions by default, which allows any
 local user to connect to it and execute PHP scripts as the apache user
 (CVE-2014-0185).
 
 The updated php packages have been upgraded to the 5.5.12 version
 which is not vulnerable to this issue.
 
 Additionally, the timezonedb packages has been upgraded to the latest
 2014.3 version, the php-suhosin packages has been upgraded to the
 latest 0.9.35 version which has better support for php-5.5 and the
 PECL packages which requires so has been rebuilt for php-5.5.12.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 df283b0fbf1a40933a09a0437306e077  mbs1/x86_64/apache-mod_php-5.5.12-1.mbs1.x86_64.rpm
 1abe9798b925025ec94da9a485644258  mbs1/x86_64/lib64php5_common5-5.5.12-1.mbs1.x86_64.rpm
 3fd588f458b56959797fb5d014eae48f  mbs1/x86_64/php-apc-3.1.15-1.6.mbs1.x86_64.rpm
 7e619dee2e92ff3c380f6c4ef501d0df  mbs1/x86_64/php-apc-admin-3.1.15-1.6.mbs1.x86_64.rpm
 11f54447e5427fbf752b4f71b9970ce5  mbs1/x86_64/php-bcmath-5.5.12-1.mbs1.x86_64.rpm
 c062cda26132b4ac6c4e148c6a68734e  mbs1/x86_64/php-bz2-5.5.12-1.mbs1.x86_64.rpm
 881589dad906c2fb85c3a33d7fea378c  mbs1/x86_64/php-calendar-5.5.12-1.mbs1.x86_64.rpm
 ef0d051de99575d3c71b87800ee246e5  mbs1/x86_64/php-cgi-5.5.12-1.mbs1.x86_64.rpm
 4c5204cac61750016c59580d6fe12f17  mbs1/x86_64/php-cli-5.5.12-1.mbs1.x86_64.rpm
 a0cff9488526e5c1ea6f9cde930bf5d8  mbs1/x86_64/php-ctype-5.5.12-1.mbs1.x86_64.rpm
 5b79423cbb3649eedfaadee4b7773fe6  mbs1/x86_64/php-curl-5.5.12-1.mbs1.x86_64.rpm
 f009622fdfd3825dc76573bea38fd269  mbs1/x86_64/php-dba-5.5.12-1.mbs1.x86_64.rpm
 24a229cfcf39dc8642678b5a3c7c3cc2  mbs1/x86_64/php-devel-5.5.12-1.mbs1.x86_64.rpm
 32560ad8808014a67496e34398f68922  mbs1/x86_64/php-doc-5.5.12-1.mbs1.noarch.rpm
 e2c2566d0b502ad2c42de98a70820e42  mbs1/x86_64/php-dom-5.5.12-1.mbs1.x86_64.rpm
 4c54ba0d5daa7ed0428e687fe2ee7e44  mbs1/x86_64/php-enchant-5.5.12-1.mbs1.x86_64.rpm
 c240f95cec3fdc7637bff950472dad68  mbs1/x86_64/php-exif-5.5.12-1.mbs1.x86_64.rpm
 e6aa382fd8013fb0c7f18b0f4158e414  mbs1/x86_64/php-fileinfo-5.5.12-1.mbs1.x86_64.rpm
 c57d83072dfcac793e712c673991f950  mbs1/x86_64/php-filter-5.5.12-1.mbs1.x86_64.rpm
 5c66528ecfd9e43979cd30e5877f8a16  mbs1/x86_64/php-fpm-5.5.12-1.mbs1.x86_64.rpm
 0b69a5b8f87f5d60f9277a930ae684f5  mbs1/x86_64/php-ftp-5.5.12-1.mbs1.x86_64.rpm
 bdcf28c0c14570960fa1ac3831e60d60  mbs1/x86_64/php-gd-5.5.12-1.mbs1.x86_64.rpm
 b292b8323de1bfa84f6343374ecd2cd6  mbs1/x86_64/php-gettext-5.5.12-1.mbs1.x86_64.rpm
 d398f4e3d479241d7965742c3fc998ef  mbs1/x86_64/php-gmp-5.5.12-1.mbs1.x86_64.rpm
 6ad902976dbb65029eaec9545090efba  mbs1/x86_64/php-hash-5.5.12-1.mbs1.x86_64.rpm
 1f70ab02036654143b0600ada836ae75  mbs1/x86_64/php-iconv-5.5.12-1.mbs1.x86_64.rpm
 43b8d3119abaebe97cd131581ad0bce7  mbs1/x86_64/php-imap-5.5.12-1.mbs1.x86_64.rpm
 8a036900183251f4533a7448bb31578e  mbs1/x86_64/php-ini-5.5.12-1.mbs1.x86_64.rpm
 6d955beac6cd6d100e1733c463f0ec1b  mbs1/x86_64/php-intl-5.5.12-1.mbs1.x86_64.rpm
 31da57129ac268f8b1ee761d00229c76  mbs1/x86_64/php-json-5.5.12-1.mbs1.x86_64.rpm
 982f16d428b26491fa076144cd87f7cf  mbs1/x86_64/php-ldap-5.5.12-1.mbs1.x86_64.rpm
 efbad629641d00c18a5694108d29dc1f  mbs1/x86_64/php-mbstring-5.5.12-1.mbs1.x86_64.rpm
 1297ae3e46bb0916c57be1623b0b5934  mbs1/x86_64/php-mcrypt-5.5.12-1.mbs1.x86_64.rpm
 857fd2c635ccbe2864300f57c4e325e1  mbs1/x86_64/php-mssql-5.5.12-1.mbs1.x86_64.rpm
 43a8813edf9337c2078180cb64f40b92  mbs1/x86_64/php-mysql-5.5.12-1.mbs1.x86_64.rpm
 8483d8e011ecf13b20525632c6b0f7ec  mbs1/x86_64/php-mysqli-5.5.12-1.mbs1.x86_64.rpm
 49ba506cc6c659b6bafa5a8c60cd98d7  mbs1/x86_64/php-mysqlnd-5.5.12-1.mbs1.x86_64.rpm
 d4441bd727920f3bc2a813c205b07269  mbs1/x86_64/php-odbc-5.5.12-1.mbs1.x86_64.rpm
 7078d869b8ac7c0f18e5e80d31133e9d  mbs1/x86_64/php-opcache-5.5.12-1.mbs1.x86_64.rpm
 b5e4314436efa86f825d8bd3a05a1bb2  mbs1/x86_64/php-openssl-5.5.12-1.mbs1.x86_64.rpm
 2bae715891c7cba2d0f5d89b341b6f8d  mbs1/x86_64/php-pcntl-5.5.12-1.mbs1.x86_64.rpm
 e2867aee0bcc74c716906b95313874e9  mbs1/x86_64/php-pdo-5.5.12-1.mbs1.x86_64.rpm
 2d2606c285e7b1143587dcea2e6bf684  mbs1/x86_64/php-pdo_dblib-5.5.12-1.mbs1.x86_64.rpm
 d9258f65a971bb39b2bb0cc48029ef15  mbs1/x86_64/php-pdo_mysql-5.5.12-1.mbs1.x86_64.rpm
 58c336a04c095c2f80b6b5f5b324493b  mbs1/x86_64/php-pdo_odbc-5.5.12-1.mbs1.x86_64.rpm
 1958077abb09515aea71df8c9e4eb9a8  mbs1/x86_64/php-pdo_pgsql-5.5.12-1.mbs1.x86_64.rpm
 34bae52fb02a338dbf92548ba8efb0b1  mbs1/x86_64/php-pdo_sqlite-5.5.12-1.mbs1.x86_64.rpm
 f0dabb11d738cfa10d5f0d01bde9fcac  mbs1/x86_64/php-pgsql-5.5.12-1.mbs1.x86_64.rpm
 b6f47c1173da6eea7f9f6ab20b4a7c9a  mbs1/x86_64/php-phar-5.5.12-1.mbs1.x86_64.rpm
 1eb21c1d019a8f348454af89e16f78f2  mbs1/x86_64/php-posix-5.5.12-1.mbs1.x86_64.rpm
 8ad4a51b9662004ff2ebad4f51b56117  mbs1/x86_64/php-readline-5.5.12-1.mbs1.x86_64.rpm
 a94de78681035b08063137cc5cf32437  mbs1/x86_64/php-recode-5.5.12-1.mbs1.x86_64.rpm
 1dfac2b5345421cb192f0534681cf6af  mbs1/x86_64/php-session-5.5.12-1.mbs1.x86_64.rpm
 645fb72f38521f91b9dc1a1c7e575942  mbs1/x86_64/php-shmop-5.5.12-1.mbs1.x86_64.rpm
 c1fd2e2ad98402c7315a68b2717aac16  mbs1/x86_64/php-snmp-5.5.12-1.mbs1.x86_64.rpm
 752a8cc39ce2d0f82bd2c07a2dbb4ba5  mbs1/x86_64/php-soap-5.5.12-1.mbs1.x86_64.rpm
 a6a62275ea481a0fbcd7737578f33455  mbs1/x86_64/php-sockets-5.5.12-1.mbs1.x86_64.rpm
 22c717901d4212c67e87ed2174e6e845  mbs1/x86_64/php-sqlite3-5.5.12-1.mbs1.x86_64.rpm
 f7e6386efcd2a97a5490a3109bd70600  mbs1/x86_64/php-suhosin-0.9.35-1.mbs1.x86_64.rpm
 f9f6a9c19af8ecd5fe0ba8b7e2f526ee  mbs1/x86_64/php-sybase_ct-5.5.12-1.mbs1.x86_64.rpm
 b60b2d77fa1e2b10644df9c86e3fdac1  mbs1/x86_64/php-sysvmsg-5.5.12-1.mbs1.x86_64.rpm
 fb7d815b81a40865cd54588f977a6827  mbs1/x86_64/php-sysvsem-5.5.12-1.mbs1.x86_64.rpm
 e3bb6a42b7062245009a3e64e9c3ab53  mbs1/x86_64/php-sysvshm-5.5.12-1.mbs1.x86_64.rpm
 809dffd53a7653ea04958f6c6c86579a  mbs1/x86_64/php-tidy-5.5.12-1.mbs1.x86_64.rpm
 d8e2ceee78d3b8b77011ff274fec13da  mbs1/x86_64/php-timezonedb-2014.3-1.mbs1.x86_64.rpm
 7462feb0b6b1c1027739300256811425  mbs1/x86_64/php-tokenizer-5.5.12-1.mbs1.x86_64.rpm
 b412ccbf40f642242ce946ab6dc5057d  mbs1/x86_64/php-wddx-5.5.12-1.mbs1.x86_64.rpm
 56aefd73ef297dd2752a94ca43b9368d  mbs1/x86_64/php-xml-5.5.12-1.mbs1.x86_64.rpm
 36728ade4afc041e4b4cdc8adae5b51c  mbs1/x86_64/php-xmlreader-5.5.12-1.mbs1.x86_64.rpm
 96928243c5bcb9b13df45ee473f2bba5  mbs1/x86_64/php-xmlrpc-5.5.12-1.mbs1.x86_64.rpm
 03560a70d16bd0ab39192f286fca26ea  mbs1/x86_64/php-xmlwriter-5.5.12-1.mbs1.x86_64.rpm
 f73bffd35d1e327a71949167deeb6fa4  mbs1/x86_64/php-xsl-5.5.12-1.mbs1.x86_64.rpm
 a69a5c5c8ff300e0ddaa5965462476cd  mbs1/x86_64/php-zip-5.5.12-1.mbs1.x86_64.rpm
 043104c0742e0b8d662ffdfe4863dfba  mbs1/x86_64/php-zlib-5.5.12-1.mbs1.x86_64.rpm 
 a7d10f16e1386c594f431001c48a0917  mbs1/SRPMS/php-5.5.12-1.mbs1.src.rpm
 69977bb13b343ece8ee1fd6b6d82729f  mbs1/SRPMS/php-apc-3.1.15-1.6.mbs1.src.rpm
 49af4a438fa6eebf439741dd0575fb37  mbs1/SRPMS/php-suhosin-0.9.35-1.mbs1.src.rpm
 eecd1584f6cb9dba6c88c3b29ea692bc  mbs1/SRPMS/php-timezonedb-2014.3-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD4DBQFTdGLcmqjQ0CJFipgRAt/SAKD2bOJ+Od3npvQEop5sKD27dzqRyACYvP65
dJiEmD7K3fatPFHMJZnewQ==
=nwr2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ