lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WDgDw-0004fU-Vw@titan.mandriva.com>
Date: Wed, 12 Feb 2014 21:16:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2014:027 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:027
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : February 12, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in php:
 
 * Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop())
 (CVE-2013-7226).
 
 The updated php packages have been upgraded to the 5.5.9 version
 which is not vulnerable to this issue.
 
 Additionally, the PECL packages which requires so has been rebuilt for
 php-5.5.9. The libmbfl packages has been synced with the changes as of
 php-5.5.9 and the onig packages has been upgraded to the 5.9.5 version.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7226
 http://www.php.net/ChangeLog-5.php#5.5.9
 http://git.php.net/?p=php-src.git;a=commitdiff;h=8f4a5373bb71590352fd934028d6dde5bc18530b
 https://bugs.php.net/bug.php?id=66356
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 f68e9cde917fe443e9e441d0c9d66ce8  mbs1/x86_64/apache-mod_php-5.5.9-1.mbs1.x86_64.rpm
 7d10a339a073e79141312df4c9ca80aa  mbs1/x86_64/lib64mbfl1-1.2.0-1.1.mbs1.x86_64.rpm
 4dfdb36268a4643b62314bd3b75219b6  mbs1/x86_64/lib64mbfl-devel-1.2.0-1.1.mbs1.x86_64.rpm
 2cf508b8892b0a23d6fb981bcdddb41f  mbs1/x86_64/lib64onig2-5.9.5-1.mbs1.x86_64.rpm
 7b0dc040e7713261fb799dcb32e82c0e  mbs1/x86_64/lib64onig-devel-5.9.5-1.mbs1.x86_64.rpm
 70b8fd8096d66f171efb55ae05f456a3  mbs1/x86_64/lib64php5_common5-5.5.9-1.mbs1.x86_64.rpm
 0fd3276c68104c57d28a6e18fea826d0  mbs1/x86_64/php-apc-3.1.15-1.3.mbs1.x86_64.rpm
 7800323fc65b42caa674e7396af2a4e1  mbs1/x86_64/php-apc-admin-3.1.15-1.3.mbs1.x86_64.rpm
 5d70731fa91073490f37ca42398c608e  mbs1/x86_64/php-bcmath-5.5.9-1.mbs1.x86_64.rpm
 212fc2be9f276372bbfbc64f6439e2b2  mbs1/x86_64/php-bz2-5.5.9-1.mbs1.x86_64.rpm
 45686258cb550c4f88c396162e6780fd  mbs1/x86_64/php-calendar-5.5.9-1.mbs1.x86_64.rpm
 45b23276ead2e0c29eb3558e2255e993  mbs1/x86_64/php-cgi-5.5.9-1.mbs1.x86_64.rpm
 d3106420622d1e8acdb7e90862ece84e  mbs1/x86_64/php-cli-5.5.9-1.mbs1.x86_64.rpm
 3ad121278fd62309e6f74780006c43ae  mbs1/x86_64/php-ctype-5.5.9-1.mbs1.x86_64.rpm
 df2513d9d0b3419c627cc59454a8d7c3  mbs1/x86_64/php-curl-5.5.9-1.mbs1.x86_64.rpm
 551edd728468a317b708916cc966060f  mbs1/x86_64/php-dba-5.5.9-1.mbs1.x86_64.rpm
 f718f7207e681d82d63c2bd8cceaaa54  mbs1/x86_64/php-devel-5.5.9-1.mbs1.x86_64.rpm
 5bb0bc339d01f573d0d8a0de9d9234d4  mbs1/x86_64/php-doc-5.5.9-1.mbs1.noarch.rpm
 3db6e08c25717fed5c997c07883e88b0  mbs1/x86_64/php-dom-5.5.9-1.mbs1.x86_64.rpm
 4d9c5351d500add57174c5900a47a0c3  mbs1/x86_64/php-enchant-5.5.9-1.mbs1.x86_64.rpm
 46dbf9383d34d95af4792cfb82ac73d8  mbs1/x86_64/php-exif-5.5.9-1.mbs1.x86_64.rpm
 87cd6dc4cb42b8aef1d98cc65173ce4d  mbs1/x86_64/php-fileinfo-5.5.9-1.mbs1.x86_64.rpm
 b694bf03a1a46a981f27d73dcf547666  mbs1/x86_64/php-filter-5.5.9-1.mbs1.x86_64.rpm
 4b4e7ccf4c358ef349355a2ad6ce191a  mbs1/x86_64/php-fpm-5.5.9-1.mbs1.x86_64.rpm
 5af9b30649f5a66b7fa3f0219ed61e8e  mbs1/x86_64/php-ftp-5.5.9-1.mbs1.x86_64.rpm
 3a141efc96b7cf3a5f23b07be5299410  mbs1/x86_64/php-gd-5.5.9-1.mbs1.x86_64.rpm
 a679a6b91e879cea954e2da8a9aed576  mbs1/x86_64/php-gettext-5.5.9-1.mbs1.x86_64.rpm
 a43329af2e0c6a86eab88a4cf953b1c2  mbs1/x86_64/php-gmp-5.5.9-1.mbs1.x86_64.rpm
 1e7313076b1bbf6921da6e08880ee34f  mbs1/x86_64/php-hash-5.5.9-1.mbs1.x86_64.rpm
 88753c2cac7139338c48cc6b6255d189  mbs1/x86_64/php-iconv-5.5.9-1.mbs1.x86_64.rpm
 f9030b302aab1ccb4768504c976029ff  mbs1/x86_64/php-imap-5.5.9-1.mbs1.x86_64.rpm
 d1764ebab05662d9c4f70ab6a4c161e6  mbs1/x86_64/php-ini-5.5.9-1.mbs1.x86_64.rpm
 9096c1ac1cb73c52c041f0326089413f  mbs1/x86_64/php-intl-5.5.9-1.mbs1.x86_64.rpm
 145b4b3c23f91c6d649abe4ce37dbff3  mbs1/x86_64/php-json-5.5.9-1.mbs1.x86_64.rpm
 45d6f9b9c85e41cea60ace17da9a53b5  mbs1/x86_64/php-ldap-5.5.9-1.mbs1.x86_64.rpm
 e9eaacd6b95eff0c7d2a183c37e85b9d  mbs1/x86_64/php-mbstring-5.5.9-1.mbs1.x86_64.rpm
 960056fb90c4696618a2c7db08c49752  mbs1/x86_64/php-mcrypt-5.5.9-1.mbs1.x86_64.rpm
 1a849355c2c2356a29c35bf92c6c9e14  mbs1/x86_64/php-mssql-5.5.9-1.mbs1.x86_64.rpm
 6b8960494d45a16271862b3a04bbf7b0  mbs1/x86_64/php-mysql-5.5.9-1.mbs1.x86_64.rpm
 dd1a58aeeb51962139211ef4f7dc2b13  mbs1/x86_64/php-mysqli-5.5.9-1.mbs1.x86_64.rpm
 9b8f5797d7f1372c3a863bed7dfe18db  mbs1/x86_64/php-mysqlnd-5.5.9-1.mbs1.x86_64.rpm
 a2ea2e43581521ebb20cedd36c08b843  mbs1/x86_64/php-odbc-5.5.9-1.mbs1.x86_64.rpm
 b1f61e8f0a9d359cfebfaed8371e118b  mbs1/x86_64/php-opcache-5.5.9-1.mbs1.x86_64.rpm
 d798dc1028db4ec202ee62251ba2c03f  mbs1/x86_64/php-openssl-5.5.9-1.mbs1.x86_64.rpm
 f44d23b9246334075e0c8638e2b6a22a  mbs1/x86_64/php-pcntl-5.5.9-1.mbs1.x86_64.rpm
 4840c15fcc22eecd135ef875da8916be  mbs1/x86_64/php-pdo-5.5.9-1.mbs1.x86_64.rpm
 64df58d48706619b95f7000c6c383156  mbs1/x86_64/php-pdo_dblib-5.5.9-1.mbs1.x86_64.rpm
 8f8d9ad6402b31dc9d72df2e177b3260  mbs1/x86_64/php-pdo_mysql-5.5.9-1.mbs1.x86_64.rpm
 0fb6a04d878cc560fd190d641e32a112  mbs1/x86_64/php-pdo_odbc-5.5.9-1.mbs1.x86_64.rpm
 2a53840e6069601f00dc2a2f028812f3  mbs1/x86_64/php-pdo_pgsql-5.5.9-1.mbs1.x86_64.rpm
 9dd469b49e2f4180e287d865085d67a3  mbs1/x86_64/php-pdo_sqlite-5.5.9-1.mbs1.x86_64.rpm
 73bc741ed863f91a2b631cebaca51538  mbs1/x86_64/php-pgsql-5.5.9-1.mbs1.x86_64.rpm
 b4c34c384f8b1c0d5712f097a7ceb9b3  mbs1/x86_64/php-phar-5.5.9-1.mbs1.x86_64.rpm
 2f6b4cfa026e219cdfdcc5f747a1ab2f  mbs1/x86_64/php-posix-5.5.9-1.mbs1.x86_64.rpm
 63956b13457474922d59267b635fb3ab  mbs1/x86_64/php-readline-5.5.9-1.mbs1.x86_64.rpm
 886cac0a00ed8d0a81e6a6afc8776975  mbs1/x86_64/php-recode-5.5.9-1.mbs1.x86_64.rpm
 ca50f61c91525fdd6077bf7fed7e1c27  mbs1/x86_64/php-session-5.5.9-1.mbs1.x86_64.rpm
 85e064d4f70e78f8173db80da8a6916b  mbs1/x86_64/php-shmop-5.5.9-1.mbs1.x86_64.rpm
 f99c2dab5ebf35d89411a5b0ba05a7ac  mbs1/x86_64/php-snmp-5.5.9-1.mbs1.x86_64.rpm
 5301436da2b972a7758a80af6c4f44f8  mbs1/x86_64/php-soap-5.5.9-1.mbs1.x86_64.rpm
 d0a922646c282b7411f58a8b9adc2b44  mbs1/x86_64/php-sockets-5.5.9-1.mbs1.x86_64.rpm
 b109490592fdc197522dd62b5e97fb2a  mbs1/x86_64/php-sqlite3-5.5.9-1.mbs1.x86_64.rpm
 a74c73e1696f578ca185704374413f59  mbs1/x86_64/php-sybase_ct-5.5.9-1.mbs1.x86_64.rpm
 177f5ccf33daa9f1e7352869f3fcc3f6  mbs1/x86_64/php-sysvmsg-5.5.9-1.mbs1.x86_64.rpm
 8e8e6cb82a339aa09f5810246a9422f7  mbs1/x86_64/php-sysvsem-5.5.9-1.mbs1.x86_64.rpm
 e306cce3ba732b1daf7da6941cd27cf5  mbs1/x86_64/php-sysvshm-5.5.9-1.mbs1.x86_64.rpm
 08e1ac2728b9bf1970d2f70d99119549  mbs1/x86_64/php-tidy-5.5.9-1.mbs1.x86_64.rpm
 c4025853a80fc52be76d953f48e1ae0a  mbs1/x86_64/php-tokenizer-5.5.9-1.mbs1.x86_64.rpm
 0a984220395180703783e0984f5c8efb  mbs1/x86_64/php-wddx-5.5.9-1.mbs1.x86_64.rpm
 200f2881cdac801c4cbb98cbfa1a8962  mbs1/x86_64/php-xml-5.5.9-1.mbs1.x86_64.rpm
 21b441d8a5c388a5797385d93fef7c3c  mbs1/x86_64/php-xmlreader-5.5.9-1.mbs1.x86_64.rpm
 3bc7a3306ad3cd9a619b98546d07984b  mbs1/x86_64/php-xmlrpc-5.5.9-1.mbs1.x86_64.rpm
 6ef136d5b038cce4ab312fff2eddc8ab  mbs1/x86_64/php-xmlwriter-5.5.9-1.mbs1.x86_64.rpm
 5c29616bdf753ea75c0051cf1b3947ef  mbs1/x86_64/php-xsl-5.5.9-1.mbs1.x86_64.rpm
 d563abe3d1df86758017141b7b5c48be  mbs1/x86_64/php-zip-5.5.9-1.mbs1.x86_64.rpm
 f0699450fd75ba272986d7216d587612  mbs1/x86_64/php-zlib-5.5.9-1.mbs1.x86_64.rpm 
 51adcf2e7af653bb7790ca8635a3ba1d  mbs1/SRPMS/libmbfl-1.2.0-1.1.mbs1.src.rpm
 63324c0795249a4b0f676c0d5001d662  mbs1/SRPMS/onig-5.9.5-1.mbs1.src.rpm
 8cbd391940b08a46917f80602ff08361  mbs1/SRPMS/php-5.5.9-1.mbs1.src.rpm
 07a919df4c13206e40996b0499ee2d6f  mbs1/SRPMS/php-apc-3.1.15-1.3.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS+6xbmqjQ0CJFipgRAmxBAJ0eaiYl2YBWhO7jmIsjlU0smdLDPgCgq/sG
EzegIph8PV3CL1rb1kZf7aY=
=Sc2t
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ