[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WDgDw-0004fU-Vw@titan.mandriva.com>
Date: Wed, 12 Feb 2014 21:16:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2014:027 ] php
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:027
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : php
Date : February 12, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in php:
* Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop())
(CVE-2013-7226).
The updated php packages have been upgraded to the 5.5.9 version
which is not vulnerable to this issue.
Additionally, the PECL packages which requires so has been rebuilt for
php-5.5.9. The libmbfl packages has been synced with the changes as of
php-5.5.9 and the onig packages has been upgraded to the 5.9.5 version.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7226
http://www.php.net/ChangeLog-5.php#5.5.9
http://git.php.net/?p=php-src.git;a=commitdiff;h=8f4a5373bb71590352fd934028d6dde5bc18530b
https://bugs.php.net/bug.php?id=66356
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
f68e9cde917fe443e9e441d0c9d66ce8 mbs1/x86_64/apache-mod_php-5.5.9-1.mbs1.x86_64.rpm
7d10a339a073e79141312df4c9ca80aa mbs1/x86_64/lib64mbfl1-1.2.0-1.1.mbs1.x86_64.rpm
4dfdb36268a4643b62314bd3b75219b6 mbs1/x86_64/lib64mbfl-devel-1.2.0-1.1.mbs1.x86_64.rpm
2cf508b8892b0a23d6fb981bcdddb41f mbs1/x86_64/lib64onig2-5.9.5-1.mbs1.x86_64.rpm
7b0dc040e7713261fb799dcb32e82c0e mbs1/x86_64/lib64onig-devel-5.9.5-1.mbs1.x86_64.rpm
70b8fd8096d66f171efb55ae05f456a3 mbs1/x86_64/lib64php5_common5-5.5.9-1.mbs1.x86_64.rpm
0fd3276c68104c57d28a6e18fea826d0 mbs1/x86_64/php-apc-3.1.15-1.3.mbs1.x86_64.rpm
7800323fc65b42caa674e7396af2a4e1 mbs1/x86_64/php-apc-admin-3.1.15-1.3.mbs1.x86_64.rpm
5d70731fa91073490f37ca42398c608e mbs1/x86_64/php-bcmath-5.5.9-1.mbs1.x86_64.rpm
212fc2be9f276372bbfbc64f6439e2b2 mbs1/x86_64/php-bz2-5.5.9-1.mbs1.x86_64.rpm
45686258cb550c4f88c396162e6780fd mbs1/x86_64/php-calendar-5.5.9-1.mbs1.x86_64.rpm
45b23276ead2e0c29eb3558e2255e993 mbs1/x86_64/php-cgi-5.5.9-1.mbs1.x86_64.rpm
d3106420622d1e8acdb7e90862ece84e mbs1/x86_64/php-cli-5.5.9-1.mbs1.x86_64.rpm
3ad121278fd62309e6f74780006c43ae mbs1/x86_64/php-ctype-5.5.9-1.mbs1.x86_64.rpm
df2513d9d0b3419c627cc59454a8d7c3 mbs1/x86_64/php-curl-5.5.9-1.mbs1.x86_64.rpm
551edd728468a317b708916cc966060f mbs1/x86_64/php-dba-5.5.9-1.mbs1.x86_64.rpm
f718f7207e681d82d63c2bd8cceaaa54 mbs1/x86_64/php-devel-5.5.9-1.mbs1.x86_64.rpm
5bb0bc339d01f573d0d8a0de9d9234d4 mbs1/x86_64/php-doc-5.5.9-1.mbs1.noarch.rpm
3db6e08c25717fed5c997c07883e88b0 mbs1/x86_64/php-dom-5.5.9-1.mbs1.x86_64.rpm
4d9c5351d500add57174c5900a47a0c3 mbs1/x86_64/php-enchant-5.5.9-1.mbs1.x86_64.rpm
46dbf9383d34d95af4792cfb82ac73d8 mbs1/x86_64/php-exif-5.5.9-1.mbs1.x86_64.rpm
87cd6dc4cb42b8aef1d98cc65173ce4d mbs1/x86_64/php-fileinfo-5.5.9-1.mbs1.x86_64.rpm
b694bf03a1a46a981f27d73dcf547666 mbs1/x86_64/php-filter-5.5.9-1.mbs1.x86_64.rpm
4b4e7ccf4c358ef349355a2ad6ce191a mbs1/x86_64/php-fpm-5.5.9-1.mbs1.x86_64.rpm
5af9b30649f5a66b7fa3f0219ed61e8e mbs1/x86_64/php-ftp-5.5.9-1.mbs1.x86_64.rpm
3a141efc96b7cf3a5f23b07be5299410 mbs1/x86_64/php-gd-5.5.9-1.mbs1.x86_64.rpm
a679a6b91e879cea954e2da8a9aed576 mbs1/x86_64/php-gettext-5.5.9-1.mbs1.x86_64.rpm
a43329af2e0c6a86eab88a4cf953b1c2 mbs1/x86_64/php-gmp-5.5.9-1.mbs1.x86_64.rpm
1e7313076b1bbf6921da6e08880ee34f mbs1/x86_64/php-hash-5.5.9-1.mbs1.x86_64.rpm
88753c2cac7139338c48cc6b6255d189 mbs1/x86_64/php-iconv-5.5.9-1.mbs1.x86_64.rpm
f9030b302aab1ccb4768504c976029ff mbs1/x86_64/php-imap-5.5.9-1.mbs1.x86_64.rpm
d1764ebab05662d9c4f70ab6a4c161e6 mbs1/x86_64/php-ini-5.5.9-1.mbs1.x86_64.rpm
9096c1ac1cb73c52c041f0326089413f mbs1/x86_64/php-intl-5.5.9-1.mbs1.x86_64.rpm
145b4b3c23f91c6d649abe4ce37dbff3 mbs1/x86_64/php-json-5.5.9-1.mbs1.x86_64.rpm
45d6f9b9c85e41cea60ace17da9a53b5 mbs1/x86_64/php-ldap-5.5.9-1.mbs1.x86_64.rpm
e9eaacd6b95eff0c7d2a183c37e85b9d mbs1/x86_64/php-mbstring-5.5.9-1.mbs1.x86_64.rpm
960056fb90c4696618a2c7db08c49752 mbs1/x86_64/php-mcrypt-5.5.9-1.mbs1.x86_64.rpm
1a849355c2c2356a29c35bf92c6c9e14 mbs1/x86_64/php-mssql-5.5.9-1.mbs1.x86_64.rpm
6b8960494d45a16271862b3a04bbf7b0 mbs1/x86_64/php-mysql-5.5.9-1.mbs1.x86_64.rpm
dd1a58aeeb51962139211ef4f7dc2b13 mbs1/x86_64/php-mysqli-5.5.9-1.mbs1.x86_64.rpm
9b8f5797d7f1372c3a863bed7dfe18db mbs1/x86_64/php-mysqlnd-5.5.9-1.mbs1.x86_64.rpm
a2ea2e43581521ebb20cedd36c08b843 mbs1/x86_64/php-odbc-5.5.9-1.mbs1.x86_64.rpm
b1f61e8f0a9d359cfebfaed8371e118b mbs1/x86_64/php-opcache-5.5.9-1.mbs1.x86_64.rpm
d798dc1028db4ec202ee62251ba2c03f mbs1/x86_64/php-openssl-5.5.9-1.mbs1.x86_64.rpm
f44d23b9246334075e0c8638e2b6a22a mbs1/x86_64/php-pcntl-5.5.9-1.mbs1.x86_64.rpm
4840c15fcc22eecd135ef875da8916be mbs1/x86_64/php-pdo-5.5.9-1.mbs1.x86_64.rpm
64df58d48706619b95f7000c6c383156 mbs1/x86_64/php-pdo_dblib-5.5.9-1.mbs1.x86_64.rpm
8f8d9ad6402b31dc9d72df2e177b3260 mbs1/x86_64/php-pdo_mysql-5.5.9-1.mbs1.x86_64.rpm
0fb6a04d878cc560fd190d641e32a112 mbs1/x86_64/php-pdo_odbc-5.5.9-1.mbs1.x86_64.rpm
2a53840e6069601f00dc2a2f028812f3 mbs1/x86_64/php-pdo_pgsql-5.5.9-1.mbs1.x86_64.rpm
9dd469b49e2f4180e287d865085d67a3 mbs1/x86_64/php-pdo_sqlite-5.5.9-1.mbs1.x86_64.rpm
73bc741ed863f91a2b631cebaca51538 mbs1/x86_64/php-pgsql-5.5.9-1.mbs1.x86_64.rpm
b4c34c384f8b1c0d5712f097a7ceb9b3 mbs1/x86_64/php-phar-5.5.9-1.mbs1.x86_64.rpm
2f6b4cfa026e219cdfdcc5f747a1ab2f mbs1/x86_64/php-posix-5.5.9-1.mbs1.x86_64.rpm
63956b13457474922d59267b635fb3ab mbs1/x86_64/php-readline-5.5.9-1.mbs1.x86_64.rpm
886cac0a00ed8d0a81e6a6afc8776975 mbs1/x86_64/php-recode-5.5.9-1.mbs1.x86_64.rpm
ca50f61c91525fdd6077bf7fed7e1c27 mbs1/x86_64/php-session-5.5.9-1.mbs1.x86_64.rpm
85e064d4f70e78f8173db80da8a6916b mbs1/x86_64/php-shmop-5.5.9-1.mbs1.x86_64.rpm
f99c2dab5ebf35d89411a5b0ba05a7ac mbs1/x86_64/php-snmp-5.5.9-1.mbs1.x86_64.rpm
5301436da2b972a7758a80af6c4f44f8 mbs1/x86_64/php-soap-5.5.9-1.mbs1.x86_64.rpm
d0a922646c282b7411f58a8b9adc2b44 mbs1/x86_64/php-sockets-5.5.9-1.mbs1.x86_64.rpm
b109490592fdc197522dd62b5e97fb2a mbs1/x86_64/php-sqlite3-5.5.9-1.mbs1.x86_64.rpm
a74c73e1696f578ca185704374413f59 mbs1/x86_64/php-sybase_ct-5.5.9-1.mbs1.x86_64.rpm
177f5ccf33daa9f1e7352869f3fcc3f6 mbs1/x86_64/php-sysvmsg-5.5.9-1.mbs1.x86_64.rpm
8e8e6cb82a339aa09f5810246a9422f7 mbs1/x86_64/php-sysvsem-5.5.9-1.mbs1.x86_64.rpm
e306cce3ba732b1daf7da6941cd27cf5 mbs1/x86_64/php-sysvshm-5.5.9-1.mbs1.x86_64.rpm
08e1ac2728b9bf1970d2f70d99119549 mbs1/x86_64/php-tidy-5.5.9-1.mbs1.x86_64.rpm
c4025853a80fc52be76d953f48e1ae0a mbs1/x86_64/php-tokenizer-5.5.9-1.mbs1.x86_64.rpm
0a984220395180703783e0984f5c8efb mbs1/x86_64/php-wddx-5.5.9-1.mbs1.x86_64.rpm
200f2881cdac801c4cbb98cbfa1a8962 mbs1/x86_64/php-xml-5.5.9-1.mbs1.x86_64.rpm
21b441d8a5c388a5797385d93fef7c3c mbs1/x86_64/php-xmlreader-5.5.9-1.mbs1.x86_64.rpm
3bc7a3306ad3cd9a619b98546d07984b mbs1/x86_64/php-xmlrpc-5.5.9-1.mbs1.x86_64.rpm
6ef136d5b038cce4ab312fff2eddc8ab mbs1/x86_64/php-xmlwriter-5.5.9-1.mbs1.x86_64.rpm
5c29616bdf753ea75c0051cf1b3947ef mbs1/x86_64/php-xsl-5.5.9-1.mbs1.x86_64.rpm
d563abe3d1df86758017141b7b5c48be mbs1/x86_64/php-zip-5.5.9-1.mbs1.x86_64.rpm
f0699450fd75ba272986d7216d587612 mbs1/x86_64/php-zlib-5.5.9-1.mbs1.x86_64.rpm
51adcf2e7af653bb7790ca8635a3ba1d mbs1/SRPMS/libmbfl-1.2.0-1.1.mbs1.src.rpm
63324c0795249a4b0f676c0d5001d662 mbs1/SRPMS/onig-5.9.5-1.mbs1.src.rpm
8cbd391940b08a46917f80602ff08361 mbs1/SRPMS/php-5.5.9-1.mbs1.src.rpm
07a919df4c13206e40996b0499ee2d6f mbs1/SRPMS/php-apc-3.1.15-1.3.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFS+6xbmqjQ0CJFipgRAmxBAJ0eaiYl2YBWhO7jmIsjlU0smdLDPgCgq/sG
EzegIph8PV3CL1rb1kZf7aY=
=Sc2t
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists