lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WORES-0003fs-GT@titan.mandriva.com>
Date: Fri, 14 Mar 2014 13:29:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2014:059 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:059
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : March 14, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in php:
 
 Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)).
 
 Fixed bug #66820 (out-of-bounds memory access in fileinfo
 (CVE-2014-2270)).
 
 Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer
 (CVE-2013-7327)).
 
 The updated php packages have been upgraded to the 5.5.10 version
 which is not vulnerable to these issues.
 
 The php-xdebug packages has been upgraded to the latest 2.2.4 version
 that resolves numerous upstream bugs.
 
 Additionally, the PECL packages which requires so has been rebuilt
 for php-5.5.10.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7327
 http://www.php.net/ChangeLog-5.php#5.5.10
 https://bugs.php.net/bug.php?id=66731
 https://bugs.php.net/bug.php?id=66820
 https://bugs.php.net/bug.php?id=66815
 http://pecl.php.net/package-changelog.php?package=xdebug&release=2.2.4
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 24737449ee336d5e9824e2f2ae543292  mbs1/x86_64/apache-mod_php-5.5.10-1.1.mbs1.x86_64.rpm
 0b922c54fa9223fecc8d35a5c7c8599e  mbs1/x86_64/lib64php5_common5-5.5.10-1.1.mbs1.x86_64.rpm
 7ee561479c57d59fd98a5501e9586500  mbs1/x86_64/php-apc-3.1.15-1.4.mbs1.x86_64.rpm
 eb7de5759296f86517f5edfd9d4436ca  mbs1/x86_64/php-apc-admin-3.1.15-1.4.mbs1.x86_64.rpm
 a1d9c94696da01a54ef8fdc514e87eeb  mbs1/x86_64/php-bcmath-5.5.10-1.1.mbs1.x86_64.rpm
 1b2cd506955bff2be731071a094c722f  mbs1/x86_64/php-bz2-5.5.10-1.1.mbs1.x86_64.rpm
 8960e53771c38895428275376133ad80  mbs1/x86_64/php-calendar-5.5.10-1.1.mbs1.x86_64.rpm
 76ae075f4cb8bbd735289a6c1d06fd7a  mbs1/x86_64/php-cgi-5.5.10-1.1.mbs1.x86_64.rpm
 12b695df15e1f8cb7b0a4dfe6c9aa088  mbs1/x86_64/php-cli-5.5.10-1.1.mbs1.x86_64.rpm
 f8f5f6b8ed7afaffe4893ee713198f96  mbs1/x86_64/php-ctype-5.5.10-1.1.mbs1.x86_64.rpm
 1950d33f015eefc8014070526758ee8e  mbs1/x86_64/php-curl-5.5.10-1.1.mbs1.x86_64.rpm
 9497d5da046377151644e93733cb074e  mbs1/x86_64/php-dba-5.5.10-1.1.mbs1.x86_64.rpm
 ac662e5ef7059d81cccb62c7bbe97901  mbs1/x86_64/php-devel-5.5.10-1.1.mbs1.x86_64.rpm
 87a743ba4947af120c24da6115c7e6db  mbs1/x86_64/php-doc-5.5.10-1.1.mbs1.noarch.rpm
 b941027ff5051dc2811b4263f6bf20b1  mbs1/x86_64/php-dom-5.5.10-1.1.mbs1.x86_64.rpm
 77c456007f9d6e330bfa514dc7e2c71c  mbs1/x86_64/php-enchant-5.5.10-1.1.mbs1.x86_64.rpm
 e14bbbfe6cbd0027eb92f2de676bda2b  mbs1/x86_64/php-exif-5.5.10-1.1.mbs1.x86_64.rpm
 016db3c40dafc614f69ed163870d0ba9  mbs1/x86_64/php-fileinfo-5.5.10-1.1.mbs1.x86_64.rpm
 800722c1127bf7f835fed88d5805612a  mbs1/x86_64/php-filter-5.5.10-1.1.mbs1.x86_64.rpm
 c25709c616879f64ca095493a250e49a  mbs1/x86_64/php-fpm-5.5.10-1.1.mbs1.x86_64.rpm
 dd3b14133c3e5e299976709acaba36f1  mbs1/x86_64/php-ftp-5.5.10-1.1.mbs1.x86_64.rpm
 33285cc7d2f89640c84a89c2d78d4c1c  mbs1/x86_64/php-gd-5.5.10-1.1.mbs1.x86_64.rpm
 98815ed19f6a439995c257c86d3fd8e7  mbs1/x86_64/php-gettext-5.5.10-1.1.mbs1.x86_64.rpm
 2c34c8d28d2bcf105deced29a743ce10  mbs1/x86_64/php-gmp-5.5.10-1.1.mbs1.x86_64.rpm
 66f17761f797c9ba5b9f64359df0e444  mbs1/x86_64/php-hash-5.5.10-1.1.mbs1.x86_64.rpm
 a9679cf58298c91fe11e9065888f3ecf  mbs1/x86_64/php-iconv-5.5.10-1.1.mbs1.x86_64.rpm
 44c8fd8cbd7a749ce405eafcb5cfaba0  mbs1/x86_64/php-imap-5.5.10-1.1.mbs1.x86_64.rpm
 de60f25c3e3da02a1ed96ea3c6b7d146  mbs1/x86_64/php-ini-5.5.10-1.1.mbs1.x86_64.rpm
 674171b2daf508b7709ec0fa39f3dadb  mbs1/x86_64/php-intl-5.5.10-1.1.mbs1.x86_64.rpm
 b4b75e252c03be45e1ea42d93cbb559d  mbs1/x86_64/php-json-5.5.10-1.1.mbs1.x86_64.rpm
 10071e1f44d3ec6500559211168c3b4a  mbs1/x86_64/php-ldap-5.5.10-1.1.mbs1.x86_64.rpm
 4b7e7d0a0b6adcca257a2fd124e62c58  mbs1/x86_64/php-mbstring-5.5.10-1.1.mbs1.x86_64.rpm
 19345fe51062884bd7c9ff80f49dcbdb  mbs1/x86_64/php-mcrypt-5.5.10-1.1.mbs1.x86_64.rpm
 e2a844b656f9ab03b731ad2f272b5d2b  mbs1/x86_64/php-mssql-5.5.10-1.1.mbs1.x86_64.rpm
 4fcf706c941176818fdfc995fba8209c  mbs1/x86_64/php-mysql-5.5.10-1.1.mbs1.x86_64.rpm
 46c3635f1e79e351b2d63d7be993557b  mbs1/x86_64/php-mysqli-5.5.10-1.1.mbs1.x86_64.rpm
 6b652b39093992140614a97e4633ee52  mbs1/x86_64/php-mysqlnd-5.5.10-1.1.mbs1.x86_64.rpm
 d8712b4ec5533dd53c3e1a6854a41612  mbs1/x86_64/php-odbc-5.5.10-1.1.mbs1.x86_64.rpm
 58da4457f76d98468fbc2216a82a6210  mbs1/x86_64/php-opcache-5.5.10-1.1.mbs1.x86_64.rpm
 67847c07b4d21ef262864d25a633d70a  mbs1/x86_64/php-openssl-5.5.10-1.1.mbs1.x86_64.rpm
 daf97d8271493a2ecbd18ad20a857bcf  mbs1/x86_64/php-pcntl-5.5.10-1.1.mbs1.x86_64.rpm
 4a6aed5d64de832c986caa41d4a99919  mbs1/x86_64/php-pdo-5.5.10-1.1.mbs1.x86_64.rpm
 38358c84106e4f5c86704c92f09a4852  mbs1/x86_64/php-pdo_dblib-5.5.10-1.1.mbs1.x86_64.rpm
 f5f013d46693b257672a53333c1d2aef  mbs1/x86_64/php-pdo_mysql-5.5.10-1.1.mbs1.x86_64.rpm
 a052eca4ad1c2fa1aa2cc5a492864959  mbs1/x86_64/php-pdo_odbc-5.5.10-1.1.mbs1.x86_64.rpm
 e5e592546df1d334c3bd8e26be14784e  mbs1/x86_64/php-pdo_pgsql-5.5.10-1.1.mbs1.x86_64.rpm
 bfe91133e7dd8ecd326d033f09156fd5  mbs1/x86_64/php-pdo_sqlite-5.5.10-1.1.mbs1.x86_64.rpm
 cec3e2d7281150e42c138375c7047392  mbs1/x86_64/php-pgsql-5.5.10-1.1.mbs1.x86_64.rpm
 45a7eefb527a69d733e121d6814e4294  mbs1/x86_64/php-phar-5.5.10-1.1.mbs1.x86_64.rpm
 093b385f0d0b46e3f6fd33f914548a0a  mbs1/x86_64/php-posix-5.5.10-1.1.mbs1.x86_64.rpm
 5864c26cd75dbe4f3c78b369081f0438  mbs1/x86_64/php-readline-5.5.10-1.1.mbs1.x86_64.rpm
 d0f41537a40bd91a5f1f3a8ca5fde200  mbs1/x86_64/php-recode-5.5.10-1.1.mbs1.x86_64.rpm
 ad5ab348291e6b2e5a4eb3bb33ce8a2f  mbs1/x86_64/php-session-5.5.10-1.1.mbs1.x86_64.rpm
 cf9882756cfc5ca36ceffe23a148bb47  mbs1/x86_64/php-shmop-5.5.10-1.1.mbs1.x86_64.rpm
 74b1621ca81142e93046925bed22a5e8  mbs1/x86_64/php-snmp-5.5.10-1.1.mbs1.x86_64.rpm
 80e3ba9497626214b3bcc2712f60ac5f  mbs1/x86_64/php-soap-5.5.10-1.1.mbs1.x86_64.rpm
 9de06a2dee1e54d7f42a33a17ca8205b  mbs1/x86_64/php-sockets-5.5.10-1.1.mbs1.x86_64.rpm
 c030bff618bbcb037e812ddb94649eb5  mbs1/x86_64/php-sqlite3-5.5.10-1.1.mbs1.x86_64.rpm
 b65a0c3e62630b815656e80da43a2480  mbs1/x86_64/php-sybase_ct-5.5.10-1.1.mbs1.x86_64.rpm
 be0694c255784a0a4f35f0e8d15f201b  mbs1/x86_64/php-sysvmsg-5.5.10-1.1.mbs1.x86_64.rpm
 80ad06376f143a770cfb5cba1d848af2  mbs1/x86_64/php-sysvsem-5.5.10-1.1.mbs1.x86_64.rpm
 20ee2f4ab2344649920c7ea75d251229  mbs1/x86_64/php-sysvshm-5.5.10-1.1.mbs1.x86_64.rpm
 756a95f3f9caf872ca3e656ae2c8f6e1  mbs1/x86_64/php-tidy-5.5.10-1.1.mbs1.x86_64.rpm
 ea69b8f0630a5016589c5340e9f8cb08  mbs1/x86_64/php-tokenizer-5.5.10-1.1.mbs1.x86_64.rpm
 9120358796e07a057bcb49b3f7a3287a  mbs1/x86_64/php-wddx-5.5.10-1.1.mbs1.x86_64.rpm
 140204bf0eb22cbaa71392c87217730b  mbs1/x86_64/php-xdebug-2.2.4-1.mbs1.x86_64.rpm
 d8f2b85bd082332a608612deeee0a527  mbs1/x86_64/php-xml-5.5.10-1.1.mbs1.x86_64.rpm
 1373b28914b0e1fc52d98e8599ab5286  mbs1/x86_64/php-xmlreader-5.5.10-1.1.mbs1.x86_64.rpm
 24767241f254b25cf40f22c5b42009d4  mbs1/x86_64/php-xmlrpc-5.5.10-1.1.mbs1.x86_64.rpm
 ebe5805c7fc2ba228019f461f666d53f  mbs1/x86_64/php-xmlwriter-5.5.10-1.1.mbs1.x86_64.rpm
 d8e5137af8780fb2aa1588d926ea5214  mbs1/x86_64/php-xsl-5.5.10-1.1.mbs1.x86_64.rpm
 8e7ec6219aa8ec67b7e34752266fd0c3  mbs1/x86_64/php-zip-5.5.10-1.1.mbs1.x86_64.rpm
 02eaebe931a02fa3b7aeee6f90078b59  mbs1/x86_64/php-zlib-5.5.10-1.1.mbs1.x86_64.rpm 
 d32d95daec74ca968d0143f9bb4c39aa  mbs1/SRPMS/php-5.5.10-1.1.mbs1.src.rpm
 cef70e625abea16578f7234743896bae  mbs1/SRPMS/php-apc-3.1.15-1.4.mbs1.src.rpm
 015ce9f2892ee94a3a73a8a15bdc58fd  mbs1/SRPMS/php-xdebug-2.2.4-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTIsvKmqjQ0CJFipgRApfjAKDHpy/8XvFn1A9/+/8RG+R6WCKbiwCfdgcv
HD1vXz3eegn3ApmAVUKBfiE=
=+nza
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ