-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:027 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : php Date : February 12, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in php: * Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()) (CVE-2013-7226). The updated php packages have been upgraded to the 5.5.9 version which is not vulnerable to this issue. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.9. The libmbfl packages has been synced with the changes as of php-5.5.9 and the onig packages has been upgraded to the 5.9.5 version. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7226 http://www.php.net/ChangeLog-5.php#5.5.9 http://git.php.net/?p=php-src.git;a=commitdiff;h=8f4a5373bb71590352fd934028d6dde5bc18530b https://bugs.php.net/bug.php?id=66356 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: f68e9cde917fe443e9e441d0c9d66ce8 mbs1/x86_64/apache-mod_php-5.5.9-1.mbs1.x86_64.rpm 7d10a339a073e79141312df4c9ca80aa mbs1/x86_64/lib64mbfl1-1.2.0-1.1.mbs1.x86_64.rpm 4dfdb36268a4643b62314bd3b75219b6 mbs1/x86_64/lib64mbfl-devel-1.2.0-1.1.mbs1.x86_64.rpm 2cf508b8892b0a23d6fb981bcdddb41f mbs1/x86_64/lib64onig2-5.9.5-1.mbs1.x86_64.rpm 7b0dc040e7713261fb799dcb32e82c0e mbs1/x86_64/lib64onig-devel-5.9.5-1.mbs1.x86_64.rpm 70b8fd8096d66f171efb55ae05f456a3 mbs1/x86_64/lib64php5_common5-5.5.9-1.mbs1.x86_64.rpm 0fd3276c68104c57d28a6e18fea826d0 mbs1/x86_64/php-apc-3.1.15-1.3.mbs1.x86_64.rpm 7800323fc65b42caa674e7396af2a4e1 mbs1/x86_64/php-apc-admin-3.1.15-1.3.mbs1.x86_64.rpm 5d70731fa91073490f37ca42398c608e mbs1/x86_64/php-bcmath-5.5.9-1.mbs1.x86_64.rpm 212fc2be9f276372bbfbc64f6439e2b2 mbs1/x86_64/php-bz2-5.5.9-1.mbs1.x86_64.rpm 45686258cb550c4f88c396162e6780fd mbs1/x86_64/php-calendar-5.5.9-1.mbs1.x86_64.rpm 45b23276ead2e0c29eb3558e2255e993 mbs1/x86_64/php-cgi-5.5.9-1.mbs1.x86_64.rpm d3106420622d1e8acdb7e90862ece84e mbs1/x86_64/php-cli-5.5.9-1.mbs1.x86_64.rpm 3ad121278fd62309e6f74780006c43ae mbs1/x86_64/php-ctype-5.5.9-1.mbs1.x86_64.rpm df2513d9d0b3419c627cc59454a8d7c3 mbs1/x86_64/php-curl-5.5.9-1.mbs1.x86_64.rpm 551edd728468a317b708916cc966060f mbs1/x86_64/php-dba-5.5.9-1.mbs1.x86_64.rpm f718f7207e681d82d63c2bd8cceaaa54 mbs1/x86_64/php-devel-5.5.9-1.mbs1.x86_64.rpm 5bb0bc339d01f573d0d8a0de9d9234d4 mbs1/x86_64/php-doc-5.5.9-1.mbs1.noarch.rpm 3db6e08c25717fed5c997c07883e88b0 mbs1/x86_64/php-dom-5.5.9-1.mbs1.x86_64.rpm 4d9c5351d500add57174c5900a47a0c3 mbs1/x86_64/php-enchant-5.5.9-1.mbs1.x86_64.rpm 46dbf9383d34d95af4792cfb82ac73d8 mbs1/x86_64/php-exif-5.5.9-1.mbs1.x86_64.rpm 87cd6dc4cb42b8aef1d98cc65173ce4d mbs1/x86_64/php-fileinfo-5.5.9-1.mbs1.x86_64.rpm b694bf03a1a46a981f27d73dcf547666 mbs1/x86_64/php-filter-5.5.9-1.mbs1.x86_64.rpm 4b4e7ccf4c358ef349355a2ad6ce191a mbs1/x86_64/php-fpm-5.5.9-1.mbs1.x86_64.rpm 5af9b30649f5a66b7fa3f0219ed61e8e mbs1/x86_64/php-ftp-5.5.9-1.mbs1.x86_64.rpm 3a141efc96b7cf3a5f23b07be5299410 mbs1/x86_64/php-gd-5.5.9-1.mbs1.x86_64.rpm a679a6b91e879cea954e2da8a9aed576 mbs1/x86_64/php-gettext-5.5.9-1.mbs1.x86_64.rpm a43329af2e0c6a86eab88a4cf953b1c2 mbs1/x86_64/php-gmp-5.5.9-1.mbs1.x86_64.rpm 1e7313076b1bbf6921da6e08880ee34f mbs1/x86_64/php-hash-5.5.9-1.mbs1.x86_64.rpm 88753c2cac7139338c48cc6b6255d189 mbs1/x86_64/php-iconv-5.5.9-1.mbs1.x86_64.rpm f9030b302aab1ccb4768504c976029ff mbs1/x86_64/php-imap-5.5.9-1.mbs1.x86_64.rpm d1764ebab05662d9c4f70ab6a4c161e6 mbs1/x86_64/php-ini-5.5.9-1.mbs1.x86_64.rpm 9096c1ac1cb73c52c041f0326089413f mbs1/x86_64/php-intl-5.5.9-1.mbs1.x86_64.rpm 145b4b3c23f91c6d649abe4ce37dbff3 mbs1/x86_64/php-json-5.5.9-1.mbs1.x86_64.rpm 45d6f9b9c85e41cea60ace17da9a53b5 mbs1/x86_64/php-ldap-5.5.9-1.mbs1.x86_64.rpm e9eaacd6b95eff0c7d2a183c37e85b9d mbs1/x86_64/php-mbstring-5.5.9-1.mbs1.x86_64.rpm 960056fb90c4696618a2c7db08c49752 mbs1/x86_64/php-mcrypt-5.5.9-1.mbs1.x86_64.rpm 1a849355c2c2356a29c35bf92c6c9e14 mbs1/x86_64/php-mssql-5.5.9-1.mbs1.x86_64.rpm 6b8960494d45a16271862b3a04bbf7b0 mbs1/x86_64/php-mysql-5.5.9-1.mbs1.x86_64.rpm dd1a58aeeb51962139211ef4f7dc2b13 mbs1/x86_64/php-mysqli-5.5.9-1.mbs1.x86_64.rpm 9b8f5797d7f1372c3a863bed7dfe18db mbs1/x86_64/php-mysqlnd-5.5.9-1.mbs1.x86_64.rpm a2ea2e43581521ebb20cedd36c08b843 mbs1/x86_64/php-odbc-5.5.9-1.mbs1.x86_64.rpm b1f61e8f0a9d359cfebfaed8371e118b mbs1/x86_64/php-opcache-5.5.9-1.mbs1.x86_64.rpm d798dc1028db4ec202ee62251ba2c03f mbs1/x86_64/php-openssl-5.5.9-1.mbs1.x86_64.rpm f44d23b9246334075e0c8638e2b6a22a mbs1/x86_64/php-pcntl-5.5.9-1.mbs1.x86_64.rpm 4840c15fcc22eecd135ef875da8916be mbs1/x86_64/php-pdo-5.5.9-1.mbs1.x86_64.rpm 64df58d48706619b95f7000c6c383156 mbs1/x86_64/php-pdo_dblib-5.5.9-1.mbs1.x86_64.rpm 8f8d9ad6402b31dc9d72df2e177b3260 mbs1/x86_64/php-pdo_mysql-5.5.9-1.mbs1.x86_64.rpm 0fb6a04d878cc560fd190d641e32a112 mbs1/x86_64/php-pdo_odbc-5.5.9-1.mbs1.x86_64.rpm 2a53840e6069601f00dc2a2f028812f3 mbs1/x86_64/php-pdo_pgsql-5.5.9-1.mbs1.x86_64.rpm 9dd469b49e2f4180e287d865085d67a3 mbs1/x86_64/php-pdo_sqlite-5.5.9-1.mbs1.x86_64.rpm 73bc741ed863f91a2b631cebaca51538 mbs1/x86_64/php-pgsql-5.5.9-1.mbs1.x86_64.rpm b4c34c384f8b1c0d5712f097a7ceb9b3 mbs1/x86_64/php-phar-5.5.9-1.mbs1.x86_64.rpm 2f6b4cfa026e219cdfdcc5f747a1ab2f mbs1/x86_64/php-posix-5.5.9-1.mbs1.x86_64.rpm 63956b13457474922d59267b635fb3ab mbs1/x86_64/php-readline-5.5.9-1.mbs1.x86_64.rpm 886cac0a00ed8d0a81e6a6afc8776975 mbs1/x86_64/php-recode-5.5.9-1.mbs1.x86_64.rpm ca50f61c91525fdd6077bf7fed7e1c27 mbs1/x86_64/php-session-5.5.9-1.mbs1.x86_64.rpm 85e064d4f70e78f8173db80da8a6916b mbs1/x86_64/php-shmop-5.5.9-1.mbs1.x86_64.rpm f99c2dab5ebf35d89411a5b0ba05a7ac mbs1/x86_64/php-snmp-5.5.9-1.mbs1.x86_64.rpm 5301436da2b972a7758a80af6c4f44f8 mbs1/x86_64/php-soap-5.5.9-1.mbs1.x86_64.rpm d0a922646c282b7411f58a8b9adc2b44 mbs1/x86_64/php-sockets-5.5.9-1.mbs1.x86_64.rpm b109490592fdc197522dd62b5e97fb2a mbs1/x86_64/php-sqlite3-5.5.9-1.mbs1.x86_64.rpm a74c73e1696f578ca185704374413f59 mbs1/x86_64/php-sybase_ct-5.5.9-1.mbs1.x86_64.rpm 177f5ccf33daa9f1e7352869f3fcc3f6 mbs1/x86_64/php-sysvmsg-5.5.9-1.mbs1.x86_64.rpm 8e8e6cb82a339aa09f5810246a9422f7 mbs1/x86_64/php-sysvsem-5.5.9-1.mbs1.x86_64.rpm e306cce3ba732b1daf7da6941cd27cf5 mbs1/x86_64/php-sysvshm-5.5.9-1.mbs1.x86_64.rpm 08e1ac2728b9bf1970d2f70d99119549 mbs1/x86_64/php-tidy-5.5.9-1.mbs1.x86_64.rpm c4025853a80fc52be76d953f48e1ae0a mbs1/x86_64/php-tokenizer-5.5.9-1.mbs1.x86_64.rpm 0a984220395180703783e0984f5c8efb mbs1/x86_64/php-wddx-5.5.9-1.mbs1.x86_64.rpm 200f2881cdac801c4cbb98cbfa1a8962 mbs1/x86_64/php-xml-5.5.9-1.mbs1.x86_64.rpm 21b441d8a5c388a5797385d93fef7c3c mbs1/x86_64/php-xmlreader-5.5.9-1.mbs1.x86_64.rpm 3bc7a3306ad3cd9a619b98546d07984b mbs1/x86_64/php-xmlrpc-5.5.9-1.mbs1.x86_64.rpm 6ef136d5b038cce4ab312fff2eddc8ab mbs1/x86_64/php-xmlwriter-5.5.9-1.mbs1.x86_64.rpm 5c29616bdf753ea75c0051cf1b3947ef mbs1/x86_64/php-xsl-5.5.9-1.mbs1.x86_64.rpm d563abe3d1df86758017141b7b5c48be mbs1/x86_64/php-zip-5.5.9-1.mbs1.x86_64.rpm f0699450fd75ba272986d7216d587612 mbs1/x86_64/php-zlib-5.5.9-1.mbs1.x86_64.rpm 51adcf2e7af653bb7790ca8635a3ba1d mbs1/SRPMS/libmbfl-1.2.0-1.1.mbs1.src.rpm 63324c0795249a4b0f676c0d5001d662 mbs1/SRPMS/onig-5.9.5-1.mbs1.src.rpm 8cbd391940b08a46917f80602ff08361 mbs1/SRPMS/php-5.5.9-1.mbs1.src.rpm 07a919df4c13206e40996b0499ee2d6f mbs1/SRPMS/php-apc-3.1.15-1.3.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS+6xbmqjQ0CJFipgRAmxBAJ0eaiYl2YBWhO7jmIsjlU0smdLDPgCgq/sG EzegIph8PV3CL1rb1kZf7aY= =Sc2t -----END PGP SIGNATURE-----