[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2015:080 ] php



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:080
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in php:
 
 It was discovered that the file utility contains a flaw in the handling
 of indirect magic rules in the libmagic library, which leads to an
 infinite recursion when trying to determine the file type of certain
 files (CVE-2014-1943).
 
 A flaw was found in the way the file utility determined the type of
 Portable Executable (PE) format files, the executable format used on
 Windows. A malicious PE file could cause the file utility to crash or,
 potentially, execute arbitrary code (CVE-2014-2270).
 
 The BEGIN regular expression in the awk script detector in
 magic/Magdir/commands in file before 5.15 uses multiple wildcards
 with unlimited repetitions, which allows context-dependent attackers
 to cause a denial of service (CPU consumption) via a crafted ASCII
 file that triggers a large amount of backtracking, as demonstrated
 via a file with many newline characters (CVE-2013-7345).
 
 PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain
 socket with world-writable permissions by default, which allows any
 local user to connect to it and execute PHP scripts as the apache user
 (CVE-2014-0185).
 
 A flaw was found in the way file's Composite Document Files (CDF)
 format parser handle CDF files with many summary info entries.
 The cdf_unpack_summary_info() function unnecessarily repeatedly read
 the info from the same offset.  This led to many file_printf() calls in
 cdf_file_property_info(), which caused file to use an excessive amount
 of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237).
 
 A flaw was found in the way file parsed property information from
 Composite Document Files (CDF) files.  A property entry with 0 elements
 triggers an infinite loop (CVE-2014-0238).
 
 The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type
 Confusion issue related to the SPL ArrayObject and SPLObjectStorage
 Types (CVE-2014-3515).
 
 It was discovered that PHP is vulnerable to a heap-based buffer
 overflow in the DNS TXT record parsing. A malicious server or
 man-in-the-middle attacker could possibly use this flaw to execute
 arbitrary code as the PHP interpreter if a PHP application uses
 dns_get_record() to perform a DNS query (CVE-2014-4049).
 
 A flaw was found in the way file parsed property information from
 Composite Document Files (CDF) files, where the mconvert() function did
 not correctly compute the truncated pascal string size (CVE-2014-3478).
 
 Multiple flaws were found in the way file parsed property information
 from Composite Document Files (CDF) files, due to insufficient boundary
 checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480,
 CVE-2014-3487).
 
 The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type
 Confusion issue that can cause it to leak arbitrary process memory
 (CVE-2014-4721).
 
 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL
 component in PHP through 5.5.14 allows context-dependent attackers to
 cause a denial of service or possibly have unspecified other impact via
 crafted ArrayIterator usage within applications in certain web-hosting
 environments (CVE-2014-4698).
 
 Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL
 component in PHP through 5.5.14 allows context-dependent attackers to
 cause a denial of service or possibly have unspecified other impact
 via crafted iterator usage within applications in certain web-hosting
 environments (CVE-2014-4670).
 
 file before 5.19 does not properly restrict the amount of data read
 during a regex search, which allows remote attackers to cause a
 denial of service (CPU consumption) via a crafted file that triggers
 backtracking during processing of an awk rule, due to an incomplete
 fix for CVE-2013-7345 (CVE-2014-3538).
 
 Integer overflow in the cdf_read_property_info function in cdf.c
 in file through 5.19, as used in the Fileinfo component in PHP
 before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to
 cause a denial of service (application crash) via a crafted CDF
 file. NOTE: this vulnerability exists because of an incomplete fix
 for CVE-2012-1571 (CVE-2014-3587).
 
 Multiple buffer overflows in the php_parserr function in
 ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow
 remote DNS servers to cause a denial of service (application crash)
 or possibly execute arbitrary code via a crafted DNS record, related
 to the dns_get_record function and the dn_expand function. NOTE:
 this issue exists because of an incomplete fix for CVE-2014-4049
 (CVE-2014-3597).
 
 An integer overflow flaw in PHP's unserialize() function was
 reported. If unserialize() were used on untrusted data, this
 issue could lead to a crash or potentially information disclosure
 (CVE-2014-3669).
 
 A heap corruption issue was reported in PHP's exif_thumbnail()
 function. A specially-crafted JPEG image could cause the PHP
 interpreter to crash or, potentially, execute arbitrary code
 (CVE-2014-3670).
 
 If client-supplied input was passed to PHP's cURL client as a URL to
 download, it could return local files from the server due to improper
 handling of null bytes (PHP#68089).
 
 An out-of-bounds read flaw was found in file's donote() function in the
 way the file utility determined the note headers of a elf file. This
 could possibly lead to file executable crash (CVE-2014-3710).
 
 A use-after-free flaw was found in PHP unserialize().  An untrusted
 input could cause PHP interpreter to crash or, possibly, execute
 arbitrary code when processed using unserialize() (CVE-2014-8142).
 
 Double free vulnerability in the zend_ts_hash_graceful_destroy function
 in zend_ts_hash.c in the Zend Engine in PHP before 5.5.21 allows remote
 attackers to cause a denial of service or possibly have unspecified
 other impact via unknown vectors (CVE-2014-9425).
 
 sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when
 mmap is used to read a .php file, does not properly consider the
 mapping's length during processing of an invalid file that begins
 with a # character and lacks a newline character, which causes an
 out-of-bounds read and might allow remote attackers to obtain sensitive
 information from php-cgi process memory by leveraging the ability to
 upload a .php file or trigger unexpected code execution if a valid
 PHP script is present in memory locations adjacent to the mapping
 (CVE-2014-9427).
 
 Use after free vulnerability in unserialize() in PHP before 5.5.21
 (CVE-2015-0231).
 
 Free called on an uninitialized pointer in php-exif in PHP before
 5.5.21 (CVE-2015-0232).
 
 The readelf.c source file has been removed from PHP's bundled copy of
 file's libmagic, eliminating exposure to denial of service issues in
 ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620
 and CVE-2014-9621 in PHP's fileinfo module.
 
 S. Paraschoudis discovered that PHP incorrectly handled memory in
 the enchant binding. A remote attacker could use this issue to cause
 PHP to crash, resulting in a denial of service, or possibly execute
 arbitrary code (CVE-2014-9705).
 
 Taoguang Chen discovered that PHP incorrectly handled unserializing
 objects. A remote attacker could use this issue to cause PHP to crash,
 resulting in a denial of service, or possibly execute arbitrary code
 (CVE-2015-0273).
 
 It was discovered that PHP incorrectly handled memory in the phar
 extension. A remote attacker could use this issue to cause PHP to
 crash, resulting in a denial of service, or possibly execute arbitrary
 code (CVE-2015-2301).
 
 Use-after-free vulnerability in the process_nested_data function in
 ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before
 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute
 arbitrary code via a crafted unserialize call that leverages improper
 handling of duplicate numerical keys within the serialized properties
 of an object. NOTE: this vulnerability exists because of an incomplete
 fix for CVE-2014-8142 (CVE-2015-0231).
 
 The exif_process_unicode function in ext/exif/exif.c in PHP before
 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote
 attackers to execute arbitrary code or cause a denial of service
 (uninitialized pointer free and application crash) via crafted EXIF
 data in a JPEG image (CVE-2015-0232).
 
 An integer overflow flaw, leading to a heap-based buffer overflow,
 was found in the way libzip, which is embedded in PHP, processed
 certain ZIP archives. If an attacker were able to supply a specially
 crafted ZIP archive to an application using libzip, it could cause
 the application to crash or, possibly, execute arbitrary code
 (CVE-2015-2331).
 
 It was discovered that the PHP opcache component incorrectly handled
 memory. A remote attacker could possibly use this issue to cause
 PHP to crash, resulting in a denial of service, or possibly execute
 arbitrary code (CVE-2015-1351).
 
 It was discovered that the PHP PostgreSQL database extension
 incorrectly handled certain pointers. A remote attacker could possibly
 use this issue to cause PHP to crash, resulting in a denial of service,
 or possibly execute arbitrary code (CVE-2015-1352).
 
 PHP contains a bundled copy of the file utility's libmagic library,
 so it was vulnerable to the libmagic issues.
 
 The updated php packages have been patched and upgraded to the 5.5.23
 version which is not vulnerable to these issues. The libzip packages
 has been patched to address the CVE-2015-2331 flaw.
 
 A bug in the php zip extension that could cause a crash has been fixed
 (mga#13820)
 
 Additionally the jsonc and timezonedb packages has been upgraded to
 the latest versions and the PECL packages which requires so has been
 rebuilt for php-5.5.23.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
 http://php.net/ChangeLog-5.php#5.5.9
 http://php.net/ChangeLog-5.php#5.5.10
 http://php.net/ChangeLog-5.php#5.5.11
 http://php.net/ChangeLog-5.php#5.5.12
 http://php.net/ChangeLog-5.php#5.5.13
 http://php.net/ChangeLog-5.php#5.5.14
 http://php.net/ChangeLog-5.php#5.5.15
 http://php.net/ChangeLog-5.php#5.5.16
 http://php.net/ChangeLog-5.php#5.5.17
 http://php.net/ChangeLog-5.php#5.5.18
 http://php.net/ChangeLog-5.php#5.5.19
 http://php.net/ChangeLog-5.php#5.5.20
 http://php.net/ChangeLog-5.php#5.5.21
 http://php.net/ChangeLog-5.php#5.5.22
 http://php.net/ChangeLog-5.php#5.5.22
 http://php.net/ChangeLog-5.php#5.5.23
 http://www.ubuntu.com/usn/usn-2535-1/
 http://www.ubuntu.com/usn/usn-2501-1/
 https://bugzilla.redhat.com/show_bug.cgi?id=1204676
 http://advisories.mageia.org/MGASA-2014-0163.html
 http://advisories.mageia.org/MGASA-2014-0178.html
 http://advisories.mageia.org/MGASA-2014-0215.html
 http://advisories.mageia.org/MGASA-2014-0258.html
 http://advisories.mageia.org/MGASA-2014-0284.html
 http://advisories.mageia.org/MGASA-2014-0324.html
 http://advisories.mageia.org/MGASA-2014-0367.html
 http://advisories.mageia.org/MGASA-2014-0430.html
 http://advisories.mageia.org/MGASA-2014-0441.html
 http://advisories.mageia.org/MGASA-2014-0542.html
 http://advisories.mageia.org/MGASA-2015-0040.html
 https://bugs.mageia.org/show_bug.cgi?id=13820
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 a4e09575e26b690bd44801a126795ce9  mbs2/x86_64/apache-mod_php-5.5.23-1.mbs2.x86_64.rpm
 e156aaf446f543279f758b767e5ce6f2  mbs2/x86_64/lib64php5_common5-5.5.23-1.mbs2.x86_64.rpm
 cf1653dd6b3606ff8983739fe7728502  mbs2/x86_64/lib64zip2-0.11.2-1.1.mbs2.x86_64.rpm
 2ed6c588ca428a502ab995726d497527  mbs2/x86_64/lib64zip-devel-0.11.2-1.1.mbs2.x86_64.rpm
 91fd4a50d38c904247519a34f71ac9a7  mbs2/x86_64/libzip-0.11.2-1.1.mbs2.x86_64.rpm
 0fad2aa8ca3bed422588c7d7c349e3e7  mbs2/x86_64/php-bcmath-5.5.23-1.mbs2.x86_64.rpm
 b797a14554b170f1f2c307eebd5011ce  mbs2/x86_64/php-bz2-5.5.23-1.mbs2.x86_64.rpm
 83abadd87c78c719b585acbfcbf1f54a  mbs2/x86_64/php-calendar-5.5.23-1.mbs2.x86_64.rpm
 71b728b5c58335c37e9ee059a98179b5  mbs2/x86_64/php-cgi-5.5.23-1.mbs2.x86_64.rpm
 d6047e2545b396ad29b2619c3d811b49  mbs2/x86_64/php-cli-5.5.23-1.mbs2.x86_64.rpm
 933344ca17f96bd844db47c993b8ce1a  mbs2/x86_64/php-ctype-5.5.23-1.mbs2.x86_64.rpm
 0278a991ed7a7ea1d51c6651b1157744  mbs2/x86_64/php-curl-5.5.23-1.mbs2.x86_64.rpm
 a3f172d95d061f6a2ba9ce562f1068ac  mbs2/x86_64/php-dba-5.5.23-1.mbs2.x86_64.rpm
 d239cccc6594bfe8169c0b5300ca1dd0  mbs2/x86_64/php-devel-5.5.23-1.mbs2.x86_64.rpm
 73a234b9c369a20c349fca7f425b405a  mbs2/x86_64/php-doc-5.5.23-1.mbs2.noarch.rpm
 ab4caa5f1a397e2f267479f08616d027  mbs2/x86_64/php-dom-5.5.23-1.mbs2.x86_64.rpm
 016b8d010a1866935f2a6889b712300c  mbs2/x86_64/php-enchant-5.5.23-1.mbs2.x86_64.rpm
 f9bd5f358336ea8a997f85f4d690fd40  mbs2/x86_64/php-exif-5.5.23-1.mbs2.x86_64.rpm
 9f0ef885d5e7abb84c1b0c6242bd1a54  mbs2/x86_64/php-fileinfo-5.5.23-1.mbs2.x86_64.rpm
 f551fc699944abdbd78cd1f74e1db713  mbs2/x86_64/php-filter-5.5.23-1.mbs2.x86_64.rpm
 10c6ad89a0707acdff025ee0166b4361  mbs2/x86_64/php-fpm-5.5.23-1.mbs2.x86_64.rpm
 fad5946e3ff8bf1d3b7215fee229b934  mbs2/x86_64/php-ftp-5.5.23-1.mbs2.x86_64.rpm
 c74071a614cc4f8d5ac612736264aad2  mbs2/x86_64/php-gd-5.5.23-1.mbs2.x86_64.rpm
 788e0972b5aa918a0c8ce2b0e30270a6  mbs2/x86_64/php-gettext-5.5.23-1.mbs2.x86_64.rpm
 996120d4c1fa233bdb38aedf0718f593  mbs2/x86_64/php-gmp-5.5.23-1.mbs2.x86_64.rpm
 e032d9a3c8e078242347623f1ff51b5a  mbs2/x86_64/php-hash-5.5.23-1.mbs2.x86_64.rpm
 c1da3a1898b05995091ad1c2237bdf6a  mbs2/x86_64/php-iconv-5.5.23-1.mbs2.x86_64.rpm
 37b4a5d86006024878d397a8478d5a42  mbs2/x86_64/php-imap-5.5.23-1.mbs2.x86_64.rpm
 bd10d9a55ee8db73b4d80dae1e14e4e0  mbs2/x86_64/php-ini-5.5.23-1.mbs2.x86_64.rpm
 4cb54cd72bd26728bb29f5d00a5174af  mbs2/x86_64/php-interbase-5.5.23-1.mbs2.x86_64.rpm
 2713dca82ad94d88b379db3fa012ed2d  mbs2/x86_64/php-intl-5.5.23-1.mbs2.x86_64.rpm
 f0a9187b81e038400dae4e01123b751c  mbs2/x86_64/php-json-5.5.23-1.mbs2.x86_64.rpm
 c395a0cb573d9432c9e4c2a4b92d1d0f  mbs2/x86_64/php-ldap-5.5.23-1.mbs2.x86_64.rpm
 f2374e34b874072d2268acf1c72b383a  mbs2/x86_64/php-mbstring-5.5.23-1.mbs2.x86_64.rpm
 7ca3ce3a9464933af1a147c206c25d0d  mbs2/x86_64/php-mcrypt-5.5.23-1.mbs2.x86_64.rpm
 dbe828f1c2caa3eef932fc0c14a7e2e9  mbs2/x86_64/php-mssql-5.5.23-1.mbs2.x86_64.rpm
 995e9f09906309252d850618c3fffaa6  mbs2/x86_64/php-mysql-5.5.23-1.mbs2.x86_64.rpm
 c474c1f1dc45f14ea5357092277d2f22  mbs2/x86_64/php-mysqli-5.5.23-1.mbs2.x86_64.rpm
 cdcb4872386b83ef3969f918bf99f941  mbs2/x86_64/php-mysqlnd-5.5.23-1.mbs2.x86_64.rpm
 cbb1652273fb07f216c50b8d1b5445c2  mbs2/x86_64/php-odbc-5.5.23-1.mbs2.x86_64.rpm
 29ab61a3d1d00ad57c875d87b62d2e12  mbs2/x86_64/php-opcache-5.5.23-1.mbs2.x86_64.rpm
 349f796a960ef2207b30a06e386f2653  mbs2/x86_64/php-openssl-5.5.23-1.mbs2.x86_64.rpm
 7a7411900384da8741e32a3f6f8036c2  mbs2/x86_64/php-pcntl-5.5.23-1.mbs2.x86_64.rpm
 ba3b14e45177b257ada03f7ff4b16deb  mbs2/x86_64/php-pdo-5.5.23-1.mbs2.x86_64.rpm
 ae5b57dbff67c7595e154313321ff693  mbs2/x86_64/php-pdo_dblib-5.5.23-1.mbs2.x86_64.rpm
 8782f71797f7cb271a514b735b19621a  mbs2/x86_64/php-pdo_firebird-5.5.23-1.mbs2.x86_64.rpm
 ac39db58d4100f3d2d24593d3b5907fc  mbs2/x86_64/php-pdo_mysql-5.5.23-1.mbs2.x86_64.rpm
 210b990793c2d616fb0aecc4fde28eb6  mbs2/x86_64/php-pdo_odbc-5.5.23-1.mbs2.x86_64.rpm
 6ae4df7959ddd3a8a0724ddddbe41a71  mbs2/x86_64/php-pdo_pgsql-5.5.23-1.mbs2.x86_64.rpm
 1f9bdab81fa668dd583abe873892993e  mbs2/x86_64/php-pdo_sqlite-5.5.23-1.mbs2.x86_64.rpm
 f0cbb5dde255f5c8fa3e04e3a5314ab1  mbs2/x86_64/php-pgsql-5.5.23-1.mbs2.x86_64.rpm
 e46ac8c820911a6091540e135f103154  mbs2/x86_64/php-phar-5.5.23-1.mbs2.x86_64.rpm
 5050a745bfc3b1f5eeced2dd85f79721  mbs2/x86_64/php-posix-5.5.23-1.mbs2.x86_64.rpm
 c9093134a518c07f4e8a188987f853d3  mbs2/x86_64/php-readline-5.5.23-1.mbs2.x86_64.rpm
 2b48c3f35573e00b5ba4327e8edc05f2  mbs2/x86_64/php-recode-5.5.23-1.mbs2.x86_64.rpm
 ae2157230db4d6e28698db384c8f7fcb  mbs2/x86_64/php-session-5.5.23-1.mbs2.x86_64.rpm
 2610a739bfa29ff11e648c7baa1d8bc3  mbs2/x86_64/php-shmop-5.5.23-1.mbs2.x86_64.rpm
 b7999e11cf9d2ab510263e32cabaf312  mbs2/x86_64/php-snmp-5.5.23-1.mbs2.x86_64.rpm
 ab665c30f0d2f13baa1c6475b7df7cac  mbs2/x86_64/php-soap-5.5.23-1.mbs2.x86_64.rpm
 f331837ba716316cef094765a1700101  mbs2/x86_64/php-sockets-5.5.23-1.mbs2.x86_64.rpm
 134f8bb18790bd023e73919a794703a0  mbs2/x86_64/php-sqlite3-5.5.23-1.mbs2.x86_64.rpm
 4b4aa44d0ac56629610bb0444f199df5  mbs2/x86_64/php-sybase_ct-5.5.23-1.mbs2.x86_64.rpm
 fc69f644f36308d81f37f356b76e40a1  mbs2/x86_64/php-sysvmsg-5.5.23-1.mbs2.x86_64.rpm
 981b7ef6715aacfe9250b206dbbbad31  mbs2/x86_64/php-sysvsem-5.5.23-1.mbs2.x86_64.rpm
 91c006555173d03f1d25899947702673  mbs2/x86_64/php-sysvshm-5.5.23-1.mbs2.x86_64.rpm
 62e5fa5fa8b4d89d7835f2f68169af14  mbs2/x86_64/php-tidy-5.5.23-1.mbs2.x86_64.rpm
 0c5a9237c710dd098c8bb56018f7a142  mbs2/x86_64/php-timezonedb-2015.1-1.mbs2.x86_64.rpm
 d94aa68a9ce76bce5c962c58f37ac5a5  mbs2/x86_64/php-tokenizer-5.5.23-1.mbs2.x86_64.rpm
 317c7da32daa223560dc08bbae89d98d  mbs2/x86_64/php-wddx-5.5.23-1.mbs2.x86_64.rpm
 9b2cf90dfc6f6bdc0431a6f94d43a947  mbs2/x86_64/php-xml-5.5.23-1.mbs2.x86_64.rpm
 0a1b6e0beeb36f24f9250a352fbff1e9  mbs2/x86_64/php-xmlreader-5.5.23-1.mbs2.x86_64.rpm
 598925bc71347774e805b6fcfcbcf590  mbs2/x86_64/php-xmlrpc-5.5.23-1.mbs2.x86_64.rpm
 49a1f8e773e98bb101488b805670651c  mbs2/x86_64/php-xmlwriter-5.5.23-1.mbs2.x86_64.rpm
 0b7c2f2fe7b3103631dd07d12d443e06  mbs2/x86_64/php-xsl-5.5.23-1.mbs2.x86_64.rpm
 5cb68626d863213de934655dac8342c8  mbs2/x86_64/php-zip-5.5.23-1.mbs2.x86_64.rpm
 a27bab106c0ba87f220ff35937210a63  mbs2/x86_64/php-zlib-5.5.23-1.mbs2.x86_64.rpm 
 3dd6a6eeb12c7207446053e4785d6974  mbs2/SRPMS/libzip-0.11.2-1.1.mbs2.src.rpm
 5d69769d822628a5bf1485eaa1251b8e  mbs2/SRPMS/php-5.5.23-1.mbs2.src.rpm
 0a629c11ca23ba56d57f61a754def293  mbs2/SRPMS/php-timezonedb-2015.1-1.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFlFxmqjQ0CJFipgRApIaAJ0TuOLlCRGmp4O6TdNSKUpeRBS2xACgzIEB
yZuDdHZcMPOQTP7seWcvVWc=
=esZS
-----END PGP SIGNATURE-----