[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WuKNM-0002dC-A5@titan.mandriva.com>
Date: Tue, 10 Jun 2014 13:38:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:115 ] php
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:115
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : php
Date : June 10, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated php packages fix security vulnerabilities:
A flaw was found in the way file's Composite Document Files (CDF)
format parser handle CDF files with many summary info entries.
The cdf_unpack_summary_info() function unnecessarily repeatedly read
the info from the same offset. This led to many file_printf() calls in
cdf_file_property_info(), which caused file to use an excessive amount
of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237).
A flaw was found in the way file parsed property information from
Composite Document Files (CDF) files. A property entry with 0 elements
triggers an infinite loop (CVE-2014-0238).
PHP contains a bundled copy of the file utility's libmagic library,
so it was vulnerable to this issue. It has been updated to the 5.5.13
version, which fixes this issue and several other bugs.
Additionally, php-apc has been rebuilt against the updated php
packages.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
http://advisories.mageia.org/MGASA-2014-0258.html
http://www.php.net/ChangeLog-5.php#5.5.13
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
8711779e81a50a4904aa865b48524e29 mbs1/x86_64/apache-mod_php-5.5.13-1.mbs1.x86_64.rpm
5b6fa6fe481a7599d5c4e597c1d9bc66 mbs1/x86_64/lib64php5_common5-5.5.13-1.mbs1.x86_64.rpm
d7595fc5c03fcda523a6b55ab356a208 mbs1/x86_64/php-apc-3.1.15-1.7.mbs1.x86_64.rpm
7d2e903f283e23fc24dc3a1ff4f74806 mbs1/x86_64/php-apc-admin-3.1.15-1.7.mbs1.x86_64.rpm
e684cb737d10d699ac3ee8300158fb20 mbs1/x86_64/php-bcmath-5.5.13-1.mbs1.x86_64.rpm
0896588cd4d217382fe7edce11936b80 mbs1/x86_64/php-bz2-5.5.13-1.mbs1.x86_64.rpm
14e6355367c688176676f53e62981d12 mbs1/x86_64/php-calendar-5.5.13-1.mbs1.x86_64.rpm
19a4cc762f8b05ff9e0f9a489d630859 mbs1/x86_64/php-cgi-5.5.13-1.mbs1.x86_64.rpm
9f548d3786c32b85fff6bb51f25968df mbs1/x86_64/php-cli-5.5.13-1.mbs1.x86_64.rpm
b8db5525d09f49a55b8e2b65d5de5769 mbs1/x86_64/php-ctype-5.5.13-1.mbs1.x86_64.rpm
c17a7e419e090c6e87f6042e0a0d4df1 mbs1/x86_64/php-curl-5.5.13-1.mbs1.x86_64.rpm
e298564d779b0ec06b1ebfed4afa4e8d mbs1/x86_64/php-dba-5.5.13-1.mbs1.x86_64.rpm
2b3e212dd4dd34bc7c018e43f3d8b2f7 mbs1/x86_64/php-devel-5.5.13-1.mbs1.x86_64.rpm
ee061099f739a00b9b614c9c36893020 mbs1/x86_64/php-doc-5.5.13-1.mbs1.noarch.rpm
b212b1fecde3a01d3cf9e428e5b94c22 mbs1/x86_64/php-dom-5.5.13-1.mbs1.x86_64.rpm
eaec7f6df84daecc5e5f76b3d068b5e4 mbs1/x86_64/php-enchant-5.5.13-1.mbs1.x86_64.rpm
026b7278237e38d979f6cca904cedeaa mbs1/x86_64/php-exif-5.5.13-1.mbs1.x86_64.rpm
8c3bab218b68f119e81e4b32a88a3cf9 mbs1/x86_64/php-fileinfo-5.5.13-1.mbs1.x86_64.rpm
bfba6c5ecb0ad7fca62d698e16bc591e mbs1/x86_64/php-filter-5.5.13-1.mbs1.x86_64.rpm
ef0ad0dce52f6032ab818f8f116bb63c mbs1/x86_64/php-fpm-5.5.13-1.mbs1.x86_64.rpm
7fba1e0c6fd5966917a0ef29308320f6 mbs1/x86_64/php-ftp-5.5.13-1.mbs1.x86_64.rpm
9c5d684587774f46288190ebcb667a83 mbs1/x86_64/php-gd-5.5.13-1.mbs1.x86_64.rpm
3e50a38dc3647e63ca9f569043ddee4c mbs1/x86_64/php-gettext-5.5.13-1.mbs1.x86_64.rpm
7160d5a371b1d10938896b3a349bbbe7 mbs1/x86_64/php-gmp-5.5.13-1.mbs1.x86_64.rpm
6cdbb890f3bd4e79f294b93e01f056e3 mbs1/x86_64/php-hash-5.5.13-1.mbs1.x86_64.rpm
aadfb4c1e93043956ac535756deeb484 mbs1/x86_64/php-iconv-5.5.13-1.mbs1.x86_64.rpm
55c55ab806e72434bb51f440af6e670a mbs1/x86_64/php-imap-5.5.13-1.mbs1.x86_64.rpm
6d8171c9e50dc93ffb96086888e18df6 mbs1/x86_64/php-ini-5.5.13-1.mbs1.x86_64.rpm
0ae0ae0fd51b352ded35e67d98945a21 mbs1/x86_64/php-intl-5.5.13-1.mbs1.x86_64.rpm
d2a501a6fe260527dfcf9b7a1a10bf4a mbs1/x86_64/php-json-5.5.13-1.mbs1.x86_64.rpm
b289596cfbff32fa727d1a6f1e4f91bc mbs1/x86_64/php-ldap-5.5.13-1.mbs1.x86_64.rpm
ff980b8a060fee4f0b7f5cdbc1186487 mbs1/x86_64/php-mbstring-5.5.13-1.mbs1.x86_64.rpm
970047da4f0e8520a00b5f2ae8e5a2dd mbs1/x86_64/php-mcrypt-5.5.13-1.mbs1.x86_64.rpm
08cb4e6b70bb5d8c988b626c62d37510 mbs1/x86_64/php-mssql-5.5.13-1.mbs1.x86_64.rpm
e1b13a6b4f448304d60568bdf390f74f mbs1/x86_64/php-mysql-5.5.13-1.mbs1.x86_64.rpm
756d526191c09b5c1163b648d2955399 mbs1/x86_64/php-mysqli-5.5.13-1.mbs1.x86_64.rpm
7ce3b6d6f5e05747c8dc29afd1dab49b mbs1/x86_64/php-mysqlnd-5.5.13-1.mbs1.x86_64.rpm
19dfa9eaececdd180f6a0f07347932cd mbs1/x86_64/php-odbc-5.5.13-1.mbs1.x86_64.rpm
8ca0d0b4b46cf1d37443a55b96e05754 mbs1/x86_64/php-opcache-5.5.13-1.mbs1.x86_64.rpm
2471c8af7a847b3d13c8a519fa78ed90 mbs1/x86_64/php-openssl-5.5.13-1.mbs1.x86_64.rpm
69b5a4852f380bd1f83f45021960fac4 mbs1/x86_64/php-pcntl-5.5.13-1.mbs1.x86_64.rpm
48b2a529902592be79fda68adf791ba1 mbs1/x86_64/php-pdo-5.5.13-1.mbs1.x86_64.rpm
f490ec2b03038f9dfb07c7baf80b9664 mbs1/x86_64/php-pdo_dblib-5.5.13-1.mbs1.x86_64.rpm
9d3c2aadfc6b570c0e3a096214d44d52 mbs1/x86_64/php-pdo_mysql-5.5.13-1.mbs1.x86_64.rpm
e996d335c93727f93f295dd5e7e62aea mbs1/x86_64/php-pdo_odbc-5.5.13-1.mbs1.x86_64.rpm
edb94ed0076da44690b2bae5763bdc43 mbs1/x86_64/php-pdo_pgsql-5.5.13-1.mbs1.x86_64.rpm
4baddbb93b3f3762e418fab8ba8bd902 mbs1/x86_64/php-pdo_sqlite-5.5.13-1.mbs1.x86_64.rpm
b21e5a3f672f8cc7ca952d0a38660f76 mbs1/x86_64/php-pgsql-5.5.13-1.mbs1.x86_64.rpm
cd37ec13b2908d246ec96a22ad22faec mbs1/x86_64/php-phar-5.5.13-1.mbs1.x86_64.rpm
3683391016afb537b91b17113f8605c5 mbs1/x86_64/php-posix-5.5.13-1.mbs1.x86_64.rpm
7d318534a12a7a8ffbdabd79775c82f8 mbs1/x86_64/php-readline-5.5.13-1.mbs1.x86_64.rpm
4b631eb7e2c745751abfb58710e4562d mbs1/x86_64/php-recode-5.5.13-1.mbs1.x86_64.rpm
6a2ec65e4fad9af3cc8f8ba0f63a7aa9 mbs1/x86_64/php-session-5.5.13-1.mbs1.x86_64.rpm
883dc6088ec2f1c720b74327dffeef03 mbs1/x86_64/php-shmop-5.5.13-1.mbs1.x86_64.rpm
ae0f47fb7c0f1e44b2ff5ec0fb3e8afc mbs1/x86_64/php-snmp-5.5.13-1.mbs1.x86_64.rpm
a5b4e4b42414a9e2cdb21df3536e9f80 mbs1/x86_64/php-soap-5.5.13-1.mbs1.x86_64.rpm
60f2ff75f09c0cd16fc6b6aad1742ad6 mbs1/x86_64/php-sockets-5.5.13-1.mbs1.x86_64.rpm
f8deb4a7555238285c37d4c60480958c mbs1/x86_64/php-sqlite3-5.5.13-1.mbs1.x86_64.rpm
bde8d1303001a649802d4d3c370af035 mbs1/x86_64/php-sybase_ct-5.5.13-1.mbs1.x86_64.rpm
30854dc35b450154e23fbd1cd8ec48ed mbs1/x86_64/php-sysvmsg-5.5.13-1.mbs1.x86_64.rpm
a2c8af3e1a951d36eaebf1b58b756376 mbs1/x86_64/php-sysvsem-5.5.13-1.mbs1.x86_64.rpm
6f0530e3ea94463b826f77da51b65963 mbs1/x86_64/php-sysvshm-5.5.13-1.mbs1.x86_64.rpm
7680c4d7bc14e8960954b23564a2a57c mbs1/x86_64/php-tidy-5.5.13-1.mbs1.x86_64.rpm
d63c45b031eac0d51cfe42d445d33607 mbs1/x86_64/php-tokenizer-5.5.13-1.mbs1.x86_64.rpm
aa1c71889b8e6a95be194f402cd659b2 mbs1/x86_64/php-wddx-5.5.13-1.mbs1.x86_64.rpm
12f25f419fa8652c55c1a47bd64e1853 mbs1/x86_64/php-xml-5.5.13-1.mbs1.x86_64.rpm
9ca69fe4dc9d28f9651c2f2448bfde43 mbs1/x86_64/php-xmlreader-5.5.13-1.mbs1.x86_64.rpm
7354023fdbe9c756fae68fb2649facdb mbs1/x86_64/php-xmlrpc-5.5.13-1.mbs1.x86_64.rpm
59f0f3169959c31adb8333f1e597a796 mbs1/x86_64/php-xmlwriter-5.5.13-1.mbs1.x86_64.rpm
35ff0c499c20239387daef7f60cec4c6 mbs1/x86_64/php-xsl-5.5.13-1.mbs1.x86_64.rpm
bec63d966cc6b9e756272baf66815045 mbs1/x86_64/php-zip-5.5.13-1.mbs1.x86_64.rpm
dc2e485d9587eb28a7b8b1915dd0f40c mbs1/x86_64/php-zlib-5.5.13-1.mbs1.x86_64.rpm
4c530928dfecb79e8de977555cb38f37 mbs1/SRPMS/php-5.5.13-1.mbs1.src.rpm
cf24973b34d24e31942a1e04b63125c3 mbs1/SRPMS/php-apc-3.1.15-1.7.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTlsPomqjQ0CJFipgRAg1qAJ0YBZob4nXqZms0MkA/1T74J2VLYgCfRsp6
cJwFAWk8ttlBXch5pCInVCs=
=1IOZ
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists