[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WORES-0003fs-GT@titan.mandriva.com>
Date: Fri, 14 Mar 2014 13:29:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2014:059 ] php
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:059
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : php
Date : March 14, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in php:
Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)).
Fixed bug #66820 (out-of-bounds memory access in fileinfo
(CVE-2014-2270)).
Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer
(CVE-2013-7327)).
The updated php packages have been upgraded to the 5.5.10 version
which is not vulnerable to these issues.
The php-xdebug packages has been upgraded to the latest 2.2.4 version
that resolves numerous upstream bugs.
Additionally, the PECL packages which requires so has been rebuilt
for php-5.5.10.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7327
http://www.php.net/ChangeLog-5.php#5.5.10
https://bugs.php.net/bug.php?id=66731
https://bugs.php.net/bug.php?id=66820
https://bugs.php.net/bug.php?id=66815
http://pecl.php.net/package-changelog.php?package=xdebug&release=2.2.4
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
24737449ee336d5e9824e2f2ae543292 mbs1/x86_64/apache-mod_php-5.5.10-1.1.mbs1.x86_64.rpm
0b922c54fa9223fecc8d35a5c7c8599e mbs1/x86_64/lib64php5_common5-5.5.10-1.1.mbs1.x86_64.rpm
7ee561479c57d59fd98a5501e9586500 mbs1/x86_64/php-apc-3.1.15-1.4.mbs1.x86_64.rpm
eb7de5759296f86517f5edfd9d4436ca mbs1/x86_64/php-apc-admin-3.1.15-1.4.mbs1.x86_64.rpm
a1d9c94696da01a54ef8fdc514e87eeb mbs1/x86_64/php-bcmath-5.5.10-1.1.mbs1.x86_64.rpm
1b2cd506955bff2be731071a094c722f mbs1/x86_64/php-bz2-5.5.10-1.1.mbs1.x86_64.rpm
8960e53771c38895428275376133ad80 mbs1/x86_64/php-calendar-5.5.10-1.1.mbs1.x86_64.rpm
76ae075f4cb8bbd735289a6c1d06fd7a mbs1/x86_64/php-cgi-5.5.10-1.1.mbs1.x86_64.rpm
12b695df15e1f8cb7b0a4dfe6c9aa088 mbs1/x86_64/php-cli-5.5.10-1.1.mbs1.x86_64.rpm
f8f5f6b8ed7afaffe4893ee713198f96 mbs1/x86_64/php-ctype-5.5.10-1.1.mbs1.x86_64.rpm
1950d33f015eefc8014070526758ee8e mbs1/x86_64/php-curl-5.5.10-1.1.mbs1.x86_64.rpm
9497d5da046377151644e93733cb074e mbs1/x86_64/php-dba-5.5.10-1.1.mbs1.x86_64.rpm
ac662e5ef7059d81cccb62c7bbe97901 mbs1/x86_64/php-devel-5.5.10-1.1.mbs1.x86_64.rpm
87a743ba4947af120c24da6115c7e6db mbs1/x86_64/php-doc-5.5.10-1.1.mbs1.noarch.rpm
b941027ff5051dc2811b4263f6bf20b1 mbs1/x86_64/php-dom-5.5.10-1.1.mbs1.x86_64.rpm
77c456007f9d6e330bfa514dc7e2c71c mbs1/x86_64/php-enchant-5.5.10-1.1.mbs1.x86_64.rpm
e14bbbfe6cbd0027eb92f2de676bda2b mbs1/x86_64/php-exif-5.5.10-1.1.mbs1.x86_64.rpm
016db3c40dafc614f69ed163870d0ba9 mbs1/x86_64/php-fileinfo-5.5.10-1.1.mbs1.x86_64.rpm
800722c1127bf7f835fed88d5805612a mbs1/x86_64/php-filter-5.5.10-1.1.mbs1.x86_64.rpm
c25709c616879f64ca095493a250e49a mbs1/x86_64/php-fpm-5.5.10-1.1.mbs1.x86_64.rpm
dd3b14133c3e5e299976709acaba36f1 mbs1/x86_64/php-ftp-5.5.10-1.1.mbs1.x86_64.rpm
33285cc7d2f89640c84a89c2d78d4c1c mbs1/x86_64/php-gd-5.5.10-1.1.mbs1.x86_64.rpm
98815ed19f6a439995c257c86d3fd8e7 mbs1/x86_64/php-gettext-5.5.10-1.1.mbs1.x86_64.rpm
2c34c8d28d2bcf105deced29a743ce10 mbs1/x86_64/php-gmp-5.5.10-1.1.mbs1.x86_64.rpm
66f17761f797c9ba5b9f64359df0e444 mbs1/x86_64/php-hash-5.5.10-1.1.mbs1.x86_64.rpm
a9679cf58298c91fe11e9065888f3ecf mbs1/x86_64/php-iconv-5.5.10-1.1.mbs1.x86_64.rpm
44c8fd8cbd7a749ce405eafcb5cfaba0 mbs1/x86_64/php-imap-5.5.10-1.1.mbs1.x86_64.rpm
de60f25c3e3da02a1ed96ea3c6b7d146 mbs1/x86_64/php-ini-5.5.10-1.1.mbs1.x86_64.rpm
674171b2daf508b7709ec0fa39f3dadb mbs1/x86_64/php-intl-5.5.10-1.1.mbs1.x86_64.rpm
b4b75e252c03be45e1ea42d93cbb559d mbs1/x86_64/php-json-5.5.10-1.1.mbs1.x86_64.rpm
10071e1f44d3ec6500559211168c3b4a mbs1/x86_64/php-ldap-5.5.10-1.1.mbs1.x86_64.rpm
4b7e7d0a0b6adcca257a2fd124e62c58 mbs1/x86_64/php-mbstring-5.5.10-1.1.mbs1.x86_64.rpm
19345fe51062884bd7c9ff80f49dcbdb mbs1/x86_64/php-mcrypt-5.5.10-1.1.mbs1.x86_64.rpm
e2a844b656f9ab03b731ad2f272b5d2b mbs1/x86_64/php-mssql-5.5.10-1.1.mbs1.x86_64.rpm
4fcf706c941176818fdfc995fba8209c mbs1/x86_64/php-mysql-5.5.10-1.1.mbs1.x86_64.rpm
46c3635f1e79e351b2d63d7be993557b mbs1/x86_64/php-mysqli-5.5.10-1.1.mbs1.x86_64.rpm
6b652b39093992140614a97e4633ee52 mbs1/x86_64/php-mysqlnd-5.5.10-1.1.mbs1.x86_64.rpm
d8712b4ec5533dd53c3e1a6854a41612 mbs1/x86_64/php-odbc-5.5.10-1.1.mbs1.x86_64.rpm
58da4457f76d98468fbc2216a82a6210 mbs1/x86_64/php-opcache-5.5.10-1.1.mbs1.x86_64.rpm
67847c07b4d21ef262864d25a633d70a mbs1/x86_64/php-openssl-5.5.10-1.1.mbs1.x86_64.rpm
daf97d8271493a2ecbd18ad20a857bcf mbs1/x86_64/php-pcntl-5.5.10-1.1.mbs1.x86_64.rpm
4a6aed5d64de832c986caa41d4a99919 mbs1/x86_64/php-pdo-5.5.10-1.1.mbs1.x86_64.rpm
38358c84106e4f5c86704c92f09a4852 mbs1/x86_64/php-pdo_dblib-5.5.10-1.1.mbs1.x86_64.rpm
f5f013d46693b257672a53333c1d2aef mbs1/x86_64/php-pdo_mysql-5.5.10-1.1.mbs1.x86_64.rpm
a052eca4ad1c2fa1aa2cc5a492864959 mbs1/x86_64/php-pdo_odbc-5.5.10-1.1.mbs1.x86_64.rpm
e5e592546df1d334c3bd8e26be14784e mbs1/x86_64/php-pdo_pgsql-5.5.10-1.1.mbs1.x86_64.rpm
bfe91133e7dd8ecd326d033f09156fd5 mbs1/x86_64/php-pdo_sqlite-5.5.10-1.1.mbs1.x86_64.rpm
cec3e2d7281150e42c138375c7047392 mbs1/x86_64/php-pgsql-5.5.10-1.1.mbs1.x86_64.rpm
45a7eefb527a69d733e121d6814e4294 mbs1/x86_64/php-phar-5.5.10-1.1.mbs1.x86_64.rpm
093b385f0d0b46e3f6fd33f914548a0a mbs1/x86_64/php-posix-5.5.10-1.1.mbs1.x86_64.rpm
5864c26cd75dbe4f3c78b369081f0438 mbs1/x86_64/php-readline-5.5.10-1.1.mbs1.x86_64.rpm
d0f41537a40bd91a5f1f3a8ca5fde200 mbs1/x86_64/php-recode-5.5.10-1.1.mbs1.x86_64.rpm
ad5ab348291e6b2e5a4eb3bb33ce8a2f mbs1/x86_64/php-session-5.5.10-1.1.mbs1.x86_64.rpm
cf9882756cfc5ca36ceffe23a148bb47 mbs1/x86_64/php-shmop-5.5.10-1.1.mbs1.x86_64.rpm
74b1621ca81142e93046925bed22a5e8 mbs1/x86_64/php-snmp-5.5.10-1.1.mbs1.x86_64.rpm
80e3ba9497626214b3bcc2712f60ac5f mbs1/x86_64/php-soap-5.5.10-1.1.mbs1.x86_64.rpm
9de06a2dee1e54d7f42a33a17ca8205b mbs1/x86_64/php-sockets-5.5.10-1.1.mbs1.x86_64.rpm
c030bff618bbcb037e812ddb94649eb5 mbs1/x86_64/php-sqlite3-5.5.10-1.1.mbs1.x86_64.rpm
b65a0c3e62630b815656e80da43a2480 mbs1/x86_64/php-sybase_ct-5.5.10-1.1.mbs1.x86_64.rpm
be0694c255784a0a4f35f0e8d15f201b mbs1/x86_64/php-sysvmsg-5.5.10-1.1.mbs1.x86_64.rpm
80ad06376f143a770cfb5cba1d848af2 mbs1/x86_64/php-sysvsem-5.5.10-1.1.mbs1.x86_64.rpm
20ee2f4ab2344649920c7ea75d251229 mbs1/x86_64/php-sysvshm-5.5.10-1.1.mbs1.x86_64.rpm
756a95f3f9caf872ca3e656ae2c8f6e1 mbs1/x86_64/php-tidy-5.5.10-1.1.mbs1.x86_64.rpm
ea69b8f0630a5016589c5340e9f8cb08 mbs1/x86_64/php-tokenizer-5.5.10-1.1.mbs1.x86_64.rpm
9120358796e07a057bcb49b3f7a3287a mbs1/x86_64/php-wddx-5.5.10-1.1.mbs1.x86_64.rpm
140204bf0eb22cbaa71392c87217730b mbs1/x86_64/php-xdebug-2.2.4-1.mbs1.x86_64.rpm
d8f2b85bd082332a608612deeee0a527 mbs1/x86_64/php-xml-5.5.10-1.1.mbs1.x86_64.rpm
1373b28914b0e1fc52d98e8599ab5286 mbs1/x86_64/php-xmlreader-5.5.10-1.1.mbs1.x86_64.rpm
24767241f254b25cf40f22c5b42009d4 mbs1/x86_64/php-xmlrpc-5.5.10-1.1.mbs1.x86_64.rpm
ebe5805c7fc2ba228019f461f666d53f mbs1/x86_64/php-xmlwriter-5.5.10-1.1.mbs1.x86_64.rpm
d8e5137af8780fb2aa1588d926ea5214 mbs1/x86_64/php-xsl-5.5.10-1.1.mbs1.x86_64.rpm
8e7ec6219aa8ec67b7e34752266fd0c3 mbs1/x86_64/php-zip-5.5.10-1.1.mbs1.x86_64.rpm
02eaebe931a02fa3b7aeee6f90078b59 mbs1/x86_64/php-zlib-5.5.10-1.1.mbs1.x86_64.rpm
d32d95daec74ca968d0143f9bb4c39aa mbs1/SRPMS/php-5.5.10-1.1.mbs1.src.rpm
cef70e625abea16578f7234743896bae mbs1/SRPMS/php-apc-3.1.15-1.4.mbs1.src.rpm
015ce9f2892ee94a3a73a8a15bdc58fd mbs1/SRPMS/php-xdebug-2.2.4-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTIsvKmqjQ0CJFipgRApfjAKDHpy/8XvFn1A9/+/8RG+R6WCKbiwCfdgcv
HD1vXz3eegn3ApmAVUKBfiE=
=+nza
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists