[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1XP5Ae-0003u3-BT@titan.mandriva.com>
Date: Wed, 03 Sep 2014 09:40:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:172 ] php
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:172
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : php
Date : September 3, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in php:
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in
PHP 5.4.26 and earlier, allows remote attackers to cause a denial
of service (NULL pointer dereference and application crash) via a
crafted color table in an XPM file (CVE-2014-2497).
file before 5.19 does not properly restrict the amount of data read
during a regex search, which allows remote attackers to cause a
denial of service (CPU consumption) via a crafted file that triggers
backtracking during processing of an awk rule. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2013-7345 (CVE-2014-3538).
Integer overflow in the cdf_read_property_info function in cdf.c
in file through 5.19, as used in the Fileinfo component in PHP
before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to
cause a denial of service (application crash) via a crafted CDF
file. NOTE: this vulnerability exists because of an incomplete fix
for CVE-2012-1571 (CVE-2014-3587).
Multiple buffer overflows in the php_parserr function in
ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow
remote DNS servers to cause a denial of service (application crash)
or possibly execute arbitrary code via a crafted DNS record, related
to the dns_get_record function and the dn_expand function. NOTE:
this issue exists because of an incomplete fix for CVE-2014-4049
(CVE-2014-3597).
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x
before 5.5.16 does not ensure that pathnames lack \%00 sequences,
which might allow remote attackers to overwrite arbitrary files
via crafted input to an application that calls the (1) imagegd, (2)
imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp,
or (7) imagewebp function (CVE-2014-5120).
The updated php packages have been upgraded to the 5.5.16 version
resolve these security flaws.
Additionally, php-apc has been rebuilt against the updated php
packages and the php-timezonedb packages has been upgraded to the
2014.6 version.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5120
http://php.net/ChangeLog-5.php#5.5.16
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
433eb634fe50fe3ff86d436c0497605d mbs1/x86_64/apache-mod_php-5.5.16-1.mbs1.x86_64.rpm
79d3cfc2a2058b85d14f26b5c4ca87d6 mbs1/x86_64/lib64php5_common5-5.5.16-1.mbs1.x86_64.rpm
89f21a0c9d049f19afaf05924db29c95 mbs1/x86_64/php-apc-3.1.15-1.10.mbs1.x86_64.rpm
4d54db20660b9e69c4003ab3f6fbaafd mbs1/x86_64/php-apc-admin-3.1.15-1.10.mbs1.x86_64.rpm
2cbeda50f9676a164fdf71978840afe0 mbs1/x86_64/php-bcmath-5.5.16-1.mbs1.x86_64.rpm
16e8f1aaca457fc59d1ab10f4987cbde mbs1/x86_64/php-bz2-5.5.16-1.mbs1.x86_64.rpm
28fad27392a15363870342e9c5554b46 mbs1/x86_64/php-calendar-5.5.16-1.mbs1.x86_64.rpm
4831b8dcdedc1bfbd7672129480a8458 mbs1/x86_64/php-cgi-5.5.16-1.mbs1.x86_64.rpm
5842d4359440f8f127187d3b2140092d mbs1/x86_64/php-cli-5.5.16-1.mbs1.x86_64.rpm
c2d69cd834c1fef68b6290b66cabcb1c mbs1/x86_64/php-ctype-5.5.16-1.mbs1.x86_64.rpm
e3aadee16e901121a3e97ac37c89e4df mbs1/x86_64/php-curl-5.5.16-1.mbs1.x86_64.rpm
e8fda909a56f6899b92d9723df249734 mbs1/x86_64/php-dba-5.5.16-1.mbs1.x86_64.rpm
0752c9bcd5010e2804f9b90e20deb645 mbs1/x86_64/php-devel-5.5.16-1.mbs1.x86_64.rpm
7c98733aafc0ed2e8f9c6f9eb4ab91fa mbs1/x86_64/php-doc-5.5.16-1.mbs1.noarch.rpm
d222ee99d4211cff16fe1bcb72cb7daa mbs1/x86_64/php-dom-5.5.16-1.mbs1.x86_64.rpm
3beb05cf9ac010ba4c4ef4bc4c27a4f7 mbs1/x86_64/php-enchant-5.5.16-1.mbs1.x86_64.rpm
47638df2d264ad2f964b98a8d4998080 mbs1/x86_64/php-exif-5.5.16-1.mbs1.x86_64.rpm
aeb17c94752bc571de7f9ff6260767d2 mbs1/x86_64/php-fileinfo-5.5.16-1.mbs1.x86_64.rpm
a80033111ac33a9da3b2d83c98502242 mbs1/x86_64/php-filter-5.5.16-1.mbs1.x86_64.rpm
f67911d7a2db9dde572efbdfe3111791 mbs1/x86_64/php-fpm-5.5.16-1.mbs1.x86_64.rpm
2b75ea66721e2cd6a92b1eca104fdb61 mbs1/x86_64/php-ftp-5.5.16-1.mbs1.x86_64.rpm
413d5216d02bf29b781a5e9d91e37b80 mbs1/x86_64/php-gd-5.5.16-1.mbs1.x86_64.rpm
50c06ad0eb94b45e71d042b8340a4e1b mbs1/x86_64/php-gettext-5.5.16-1.mbs1.x86_64.rpm
95e4a1d6e68e45076e64ee2cf3573aba mbs1/x86_64/php-gmp-5.5.16-1.mbs1.x86_64.rpm
ec75d0814ea1ffe23339ee58e60f055e mbs1/x86_64/php-hash-5.5.16-1.mbs1.x86_64.rpm
201cdd9e4de39be3027eedf10b49f91b mbs1/x86_64/php-iconv-5.5.16-1.mbs1.x86_64.rpm
bdf2832e051923f0e889d5df9723f027 mbs1/x86_64/php-imap-5.5.16-1.mbs1.x86_64.rpm
55802406b502ee990e05fb39c7cda2c1 mbs1/x86_64/php-ini-5.5.16-1.mbs1.x86_64.rpm
1de8d86ba7547663ef13ef4cb89eb352 mbs1/x86_64/php-intl-5.5.16-1.mbs1.x86_64.rpm
3d3fbe17e9b815c335b1c52d5835275d mbs1/x86_64/php-json-5.5.16-1.mbs1.x86_64.rpm
41740118f86130ba240e78fdd15f99ba mbs1/x86_64/php-ldap-5.5.16-1.mbs1.x86_64.rpm
c5846e514fd3b883d643fe21778e1a2b mbs1/x86_64/php-mbstring-5.5.16-1.mbs1.x86_64.rpm
a3dcf8a6966183325cea9de32684cf67 mbs1/x86_64/php-mcrypt-5.5.16-1.mbs1.x86_64.rpm
ba8927d9e38a24ebbab3387946825c71 mbs1/x86_64/php-mssql-5.5.16-1.mbs1.x86_64.rpm
58014a1050c94f0ad9fbbe744c7b920e mbs1/x86_64/php-mysql-5.5.16-1.mbs1.x86_64.rpm
2d68e871d1947e8fe92c1378a9cf25c6 mbs1/x86_64/php-mysqli-5.5.16-1.mbs1.x86_64.rpm
3ec5ddfb16e161a0ce1f4a3b7af693ae mbs1/x86_64/php-mysqlnd-5.5.16-1.mbs1.x86_64.rpm
598d588b909f19bee99e5f4477fd1d5e mbs1/x86_64/php-odbc-5.5.16-1.mbs1.x86_64.rpm
cc224fa39dafe9366d2d1204bc957d2d mbs1/x86_64/php-opcache-5.5.16-1.mbs1.x86_64.rpm
7f892b4b6887c3be7db91da3c4e1246b mbs1/x86_64/php-openssl-5.5.16-1.mbs1.x86_64.rpm
960a2989cb5fda35c154d141fbef1b4d mbs1/x86_64/php-pcntl-5.5.16-1.mbs1.x86_64.rpm
fc4163872cc9a71f404bd2f213ce599e mbs1/x86_64/php-pdo-5.5.16-1.mbs1.x86_64.rpm
ca105e1b9d88d426e2477170f53a9bd8 mbs1/x86_64/php-pdo_dblib-5.5.16-1.mbs1.x86_64.rpm
d6cdd1d87b57425b9b75834faa9f8130 mbs1/x86_64/php-pdo_mysql-5.5.16-1.mbs1.x86_64.rpm
4cce3105da5e33e0287a0c66bfc6ade2 mbs1/x86_64/php-pdo_odbc-5.5.16-1.mbs1.x86_64.rpm
4f4ba24e39a2018a14fe439a252e1269 mbs1/x86_64/php-pdo_pgsql-5.5.16-1.mbs1.x86_64.rpm
0ab163003fd11610cb21ef3e81df2c04 mbs1/x86_64/php-pdo_sqlite-5.5.16-1.mbs1.x86_64.rpm
c1c70eba52274fe39880d13062db55f8 mbs1/x86_64/php-pgsql-5.5.16-1.mbs1.x86_64.rpm
180bb8ed41b3d2ae5080c6e5b9577598 mbs1/x86_64/php-phar-5.5.16-1.mbs1.x86_64.rpm
7b0ba8398fa985b3f190e5474dc148ac mbs1/x86_64/php-posix-5.5.16-1.mbs1.x86_64.rpm
c7f7f7f48ac656e6f5e54fcd7127a6c9 mbs1/x86_64/php-readline-5.5.16-1.mbs1.x86_64.rpm
1c40ca8fff58061d8dc8de435b43ad1c mbs1/x86_64/php-recode-5.5.16-1.mbs1.x86_64.rpm
fe775f45b9a3bdc8eafd5e9a0f6b74e4 mbs1/x86_64/php-session-5.5.16-1.mbs1.x86_64.rpm
6d844fba6fd8507e4cfc7f5e7ff4f0d4 mbs1/x86_64/php-shmop-5.5.16-1.mbs1.x86_64.rpm
9c9dd4875aab74bd499c1ebe5eff5d60 mbs1/x86_64/php-snmp-5.5.16-1.mbs1.x86_64.rpm
c2845141985242c37ae6c19cdc493a87 mbs1/x86_64/php-soap-5.5.16-1.mbs1.x86_64.rpm
33c94af2772e7cce2a9600c381ad679e mbs1/x86_64/php-sockets-5.5.16-1.mbs1.x86_64.rpm
0128cc41371d6526afa9639b57d27c58 mbs1/x86_64/php-sqlite3-5.5.16-1.mbs1.x86_64.rpm
b871c0b922535c32e0a76b04cae66adb mbs1/x86_64/php-sybase_ct-5.5.16-1.mbs1.x86_64.rpm
f329458f3db86e8fb4fa059ad6a17135 mbs1/x86_64/php-sysvmsg-5.5.16-1.mbs1.x86_64.rpm
aeb2f714adc7bf2296717a7a426f42f3 mbs1/x86_64/php-sysvsem-5.5.16-1.mbs1.x86_64.rpm
14060c6616bdee4d0188a586c416b6a9 mbs1/x86_64/php-sysvshm-5.5.16-1.mbs1.x86_64.rpm
613df062eb4d347b1f20333fae292d37 mbs1/x86_64/php-tidy-5.5.16-1.mbs1.x86_64.rpm
cec56e387e6ce4e2fa0a6e51edde77c5 mbs1/x86_64/php-timezonedb-2014.6-1.mbs1.x86_64.rpm
64aa70974bdd2639ebe8f9411d5100d0 mbs1/x86_64/php-tokenizer-5.5.16-1.mbs1.x86_64.rpm
b49c9ce454cdc48df9f485afc76f4087 mbs1/x86_64/php-wddx-5.5.16-1.mbs1.x86_64.rpm
6fdedd713c803782873b9394258c8579 mbs1/x86_64/php-xml-5.5.16-1.mbs1.x86_64.rpm
7c4760fd65a2de04f4531c75f0e3a975 mbs1/x86_64/php-xmlreader-5.5.16-1.mbs1.x86_64.rpm
29fd9f17d7c17753786013c47948561b mbs1/x86_64/php-xmlrpc-5.5.16-1.mbs1.x86_64.rpm
a945405ae46da1076ef672e91480d6eb mbs1/x86_64/php-xmlwriter-5.5.16-1.mbs1.x86_64.rpm
d66a977cf51d7db4abc800dbc4fbb06c mbs1/x86_64/php-xsl-5.5.16-1.mbs1.x86_64.rpm
ab850aa37132b2999ad6c7e6eb83ee9d mbs1/x86_64/php-zip-5.5.16-1.mbs1.x86_64.rpm
4fb4296da210a539b1456dc218996493 mbs1/x86_64/php-zlib-5.5.16-1.mbs1.x86_64.rpm
4211f1c92e96005e07f233f13bc7d4c2 mbs1/SRPMS/php-5.5.16-1.mbs1.src.rpm
b70fc470a6b52a9ffd8e3194e42e75dc mbs1/SRPMS/php-apc-3.1.15-1.10.mbs1.src.rpm
9b56499519fac7535d5161a7f99ded79 mbs1/SRPMS/php-timezonedb-2014.6-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUBrfcmqjQ0CJFipgRAnh/AKDFzrGTG7tlObINam2/SLFVRnHXWgCg2l3d
0Zdcd4CjzfFIxbAJc26GimU=
=Rs9l
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists