[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2014:172 ] php



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:172
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : September 3, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in php:
 
 The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in
 PHP 5.4.26 and earlier, allows remote attackers to cause a denial
 of service (NULL pointer dereference and application crash) via a
 crafted color table in an XPM file (CVE-2014-2497).
 
 file before 5.19 does not properly restrict the amount of data read
 during a regex search, which allows remote attackers to cause a
 denial of service (CPU consumption) via a crafted file that triggers
 backtracking during processing of an awk rule. NOTE: this vulnerability
 exists because of an incomplete fix for CVE-2013-7345 (CVE-2014-3538).
 
 Integer overflow in the cdf_read_property_info function in cdf.c
 in file through 5.19, as used in the Fileinfo component in PHP
 before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to
 cause a denial of service (application crash) via a crafted CDF
 file. NOTE: this vulnerability exists because of an incomplete fix
 for CVE-2012-1571 (CVE-2014-3587).
 
 Multiple buffer overflows in the php_parserr function in
 ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow
 remote DNS servers to cause a denial of service (application crash)
 or possibly execute arbitrary code via a crafted DNS record, related
 to the dns_get_record function and the dn_expand function. NOTE:
 this issue exists because of an incomplete fix for CVE-2014-4049
 (CVE-2014-3597).
 
 gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x
 before 5.5.16 does not ensure that pathnames lack \%00 sequences,
 which might allow remote attackers to overwrite arbitrary files
 via crafted input to an application that calls the (1) imagegd, (2)
 imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp,
 or (7) imagewebp function (CVE-2014-5120).
 
 The updated php packages have been upgraded to the 5.5.16 version
 resolve these security flaws.
 
 Additionally, php-apc has been rebuilt against the updated php
 packages and the php-timezonedb packages has been upgraded to the
 2014.6 version.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5120
 http://php.net/ChangeLog-5.php#5.5.16
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 433eb634fe50fe3ff86d436c0497605d  mbs1/x86_64/apache-mod_php-5.5.16-1.mbs1.x86_64.rpm
 79d3cfc2a2058b85d14f26b5c4ca87d6  mbs1/x86_64/lib64php5_common5-5.5.16-1.mbs1.x86_64.rpm
 89f21a0c9d049f19afaf05924db29c95  mbs1/x86_64/php-apc-3.1.15-1.10.mbs1.x86_64.rpm
 4d54db20660b9e69c4003ab3f6fbaafd  mbs1/x86_64/php-apc-admin-3.1.15-1.10.mbs1.x86_64.rpm
 2cbeda50f9676a164fdf71978840afe0  mbs1/x86_64/php-bcmath-5.5.16-1.mbs1.x86_64.rpm
 16e8f1aaca457fc59d1ab10f4987cbde  mbs1/x86_64/php-bz2-5.5.16-1.mbs1.x86_64.rpm
 28fad27392a15363870342e9c5554b46  mbs1/x86_64/php-calendar-5.5.16-1.mbs1.x86_64.rpm
 4831b8dcdedc1bfbd7672129480a8458  mbs1/x86_64/php-cgi-5.5.16-1.mbs1.x86_64.rpm
 5842d4359440f8f127187d3b2140092d  mbs1/x86_64/php-cli-5.5.16-1.mbs1.x86_64.rpm
 c2d69cd834c1fef68b6290b66cabcb1c  mbs1/x86_64/php-ctype-5.5.16-1.mbs1.x86_64.rpm
 e3aadee16e901121a3e97ac37c89e4df  mbs1/x86_64/php-curl-5.5.16-1.mbs1.x86_64.rpm
 e8fda909a56f6899b92d9723df249734  mbs1/x86_64/php-dba-5.5.16-1.mbs1.x86_64.rpm
 0752c9bcd5010e2804f9b90e20deb645  mbs1/x86_64/php-devel-5.5.16-1.mbs1.x86_64.rpm
 7c98733aafc0ed2e8f9c6f9eb4ab91fa  mbs1/x86_64/php-doc-5.5.16-1.mbs1.noarch.rpm
 d222ee99d4211cff16fe1bcb72cb7daa  mbs1/x86_64/php-dom-5.5.16-1.mbs1.x86_64.rpm
 3beb05cf9ac010ba4c4ef4bc4c27a4f7  mbs1/x86_64/php-enchant-5.5.16-1.mbs1.x86_64.rpm
 47638df2d264ad2f964b98a8d4998080  mbs1/x86_64/php-exif-5.5.16-1.mbs1.x86_64.rpm
 aeb17c94752bc571de7f9ff6260767d2  mbs1/x86_64/php-fileinfo-5.5.16-1.mbs1.x86_64.rpm
 a80033111ac33a9da3b2d83c98502242  mbs1/x86_64/php-filter-5.5.16-1.mbs1.x86_64.rpm
 f67911d7a2db9dde572efbdfe3111791  mbs1/x86_64/php-fpm-5.5.16-1.mbs1.x86_64.rpm
 2b75ea66721e2cd6a92b1eca104fdb61  mbs1/x86_64/php-ftp-5.5.16-1.mbs1.x86_64.rpm
 413d5216d02bf29b781a5e9d91e37b80  mbs1/x86_64/php-gd-5.5.16-1.mbs1.x86_64.rpm
 50c06ad0eb94b45e71d042b8340a4e1b  mbs1/x86_64/php-gettext-5.5.16-1.mbs1.x86_64.rpm
 95e4a1d6e68e45076e64ee2cf3573aba  mbs1/x86_64/php-gmp-5.5.16-1.mbs1.x86_64.rpm
 ec75d0814ea1ffe23339ee58e60f055e  mbs1/x86_64/php-hash-5.5.16-1.mbs1.x86_64.rpm
 201cdd9e4de39be3027eedf10b49f91b  mbs1/x86_64/php-iconv-5.5.16-1.mbs1.x86_64.rpm
 bdf2832e051923f0e889d5df9723f027  mbs1/x86_64/php-imap-5.5.16-1.mbs1.x86_64.rpm
 55802406b502ee990e05fb39c7cda2c1  mbs1/x86_64/php-ini-5.5.16-1.mbs1.x86_64.rpm
 1de8d86ba7547663ef13ef4cb89eb352  mbs1/x86_64/php-intl-5.5.16-1.mbs1.x86_64.rpm
 3d3fbe17e9b815c335b1c52d5835275d  mbs1/x86_64/php-json-5.5.16-1.mbs1.x86_64.rpm
 41740118f86130ba240e78fdd15f99ba  mbs1/x86_64/php-ldap-5.5.16-1.mbs1.x86_64.rpm
 c5846e514fd3b883d643fe21778e1a2b  mbs1/x86_64/php-mbstring-5.5.16-1.mbs1.x86_64.rpm
 a3dcf8a6966183325cea9de32684cf67  mbs1/x86_64/php-mcrypt-5.5.16-1.mbs1.x86_64.rpm
 ba8927d9e38a24ebbab3387946825c71  mbs1/x86_64/php-mssql-5.5.16-1.mbs1.x86_64.rpm
 58014a1050c94f0ad9fbbe744c7b920e  mbs1/x86_64/php-mysql-5.5.16-1.mbs1.x86_64.rpm
 2d68e871d1947e8fe92c1378a9cf25c6  mbs1/x86_64/php-mysqli-5.5.16-1.mbs1.x86_64.rpm
 3ec5ddfb16e161a0ce1f4a3b7af693ae  mbs1/x86_64/php-mysqlnd-5.5.16-1.mbs1.x86_64.rpm
 598d588b909f19bee99e5f4477fd1d5e  mbs1/x86_64/php-odbc-5.5.16-1.mbs1.x86_64.rpm
 cc224fa39dafe9366d2d1204bc957d2d  mbs1/x86_64/php-opcache-5.5.16-1.mbs1.x86_64.rpm
 7f892b4b6887c3be7db91da3c4e1246b  mbs1/x86_64/php-openssl-5.5.16-1.mbs1.x86_64.rpm
 960a2989cb5fda35c154d141fbef1b4d  mbs1/x86_64/php-pcntl-5.5.16-1.mbs1.x86_64.rpm
 fc4163872cc9a71f404bd2f213ce599e  mbs1/x86_64/php-pdo-5.5.16-1.mbs1.x86_64.rpm
 ca105e1b9d88d426e2477170f53a9bd8  mbs1/x86_64/php-pdo_dblib-5.5.16-1.mbs1.x86_64.rpm
 d6cdd1d87b57425b9b75834faa9f8130  mbs1/x86_64/php-pdo_mysql-5.5.16-1.mbs1.x86_64.rpm
 4cce3105da5e33e0287a0c66bfc6ade2  mbs1/x86_64/php-pdo_odbc-5.5.16-1.mbs1.x86_64.rpm
 4f4ba24e39a2018a14fe439a252e1269  mbs1/x86_64/php-pdo_pgsql-5.5.16-1.mbs1.x86_64.rpm
 0ab163003fd11610cb21ef3e81df2c04  mbs1/x86_64/php-pdo_sqlite-5.5.16-1.mbs1.x86_64.rpm
 c1c70eba52274fe39880d13062db55f8  mbs1/x86_64/php-pgsql-5.5.16-1.mbs1.x86_64.rpm
 180bb8ed41b3d2ae5080c6e5b9577598  mbs1/x86_64/php-phar-5.5.16-1.mbs1.x86_64.rpm
 7b0ba8398fa985b3f190e5474dc148ac  mbs1/x86_64/php-posix-5.5.16-1.mbs1.x86_64.rpm
 c7f7f7f48ac656e6f5e54fcd7127a6c9  mbs1/x86_64/php-readline-5.5.16-1.mbs1.x86_64.rpm
 1c40ca8fff58061d8dc8de435b43ad1c  mbs1/x86_64/php-recode-5.5.16-1.mbs1.x86_64.rpm
 fe775f45b9a3bdc8eafd5e9a0f6b74e4  mbs1/x86_64/php-session-5.5.16-1.mbs1.x86_64.rpm
 6d844fba6fd8507e4cfc7f5e7ff4f0d4  mbs1/x86_64/php-shmop-5.5.16-1.mbs1.x86_64.rpm
 9c9dd4875aab74bd499c1ebe5eff5d60  mbs1/x86_64/php-snmp-5.5.16-1.mbs1.x86_64.rpm
 c2845141985242c37ae6c19cdc493a87  mbs1/x86_64/php-soap-5.5.16-1.mbs1.x86_64.rpm
 33c94af2772e7cce2a9600c381ad679e  mbs1/x86_64/php-sockets-5.5.16-1.mbs1.x86_64.rpm
 0128cc41371d6526afa9639b57d27c58  mbs1/x86_64/php-sqlite3-5.5.16-1.mbs1.x86_64.rpm
 b871c0b922535c32e0a76b04cae66adb  mbs1/x86_64/php-sybase_ct-5.5.16-1.mbs1.x86_64.rpm
 f329458f3db86e8fb4fa059ad6a17135  mbs1/x86_64/php-sysvmsg-5.5.16-1.mbs1.x86_64.rpm
 aeb2f714adc7bf2296717a7a426f42f3  mbs1/x86_64/php-sysvsem-5.5.16-1.mbs1.x86_64.rpm
 14060c6616bdee4d0188a586c416b6a9  mbs1/x86_64/php-sysvshm-5.5.16-1.mbs1.x86_64.rpm
 613df062eb4d347b1f20333fae292d37  mbs1/x86_64/php-tidy-5.5.16-1.mbs1.x86_64.rpm
 cec56e387e6ce4e2fa0a6e51edde77c5  mbs1/x86_64/php-timezonedb-2014.6-1.mbs1.x86_64.rpm
 64aa70974bdd2639ebe8f9411d5100d0  mbs1/x86_64/php-tokenizer-5.5.16-1.mbs1.x86_64.rpm
 b49c9ce454cdc48df9f485afc76f4087  mbs1/x86_64/php-wddx-5.5.16-1.mbs1.x86_64.rpm
 6fdedd713c803782873b9394258c8579  mbs1/x86_64/php-xml-5.5.16-1.mbs1.x86_64.rpm
 7c4760fd65a2de04f4531c75f0e3a975  mbs1/x86_64/php-xmlreader-5.5.16-1.mbs1.x86_64.rpm
 29fd9f17d7c17753786013c47948561b  mbs1/x86_64/php-xmlrpc-5.5.16-1.mbs1.x86_64.rpm
 a945405ae46da1076ef672e91480d6eb  mbs1/x86_64/php-xmlwriter-5.5.16-1.mbs1.x86_64.rpm
 d66a977cf51d7db4abc800dbc4fbb06c  mbs1/x86_64/php-xsl-5.5.16-1.mbs1.x86_64.rpm
 ab850aa37132b2999ad6c7e6eb83ee9d  mbs1/x86_64/php-zip-5.5.16-1.mbs1.x86_64.rpm
 4fb4296da210a539b1456dc218996493  mbs1/x86_64/php-zlib-5.5.16-1.mbs1.x86_64.rpm 
 4211f1c92e96005e07f233f13bc7d4c2  mbs1/SRPMS/php-5.5.16-1.mbs1.src.rpm
 b70fc470a6b52a9ffd8e3194e42e75dc  mbs1/SRPMS/php-apc-3.1.15-1.10.mbs1.src.rpm
 9b56499519fac7535d5161a7f99ded79  mbs1/SRPMS/php-timezonedb-2014.6-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUBrfcmqjQ0CJFipgRAnh/AKDFzrGTG7tlObINam2/SLFVRnHXWgCg2l3d
0Zdcd4CjzfFIxbAJc26GimU=
=Rs9l
-----END PGP SIGNATURE-----