-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:172 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : php Date : September 3, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in php: The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file (CVE-2014-2497). file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345 (CVE-2014-3538). Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 (CVE-2014-3587). Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (CVE-2014-3597). gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack \%00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function (CVE-2014-5120). The updated php packages have been upgraded to the 5.5.16 version resolve these security flaws. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.6 version. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5120 http://php.net/ChangeLog-5.php#5.5.16 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 433eb634fe50fe3ff86d436c0497605d mbs1/x86_64/apache-mod_php-5.5.16-1.mbs1.x86_64.rpm 79d3cfc2a2058b85d14f26b5c4ca87d6 mbs1/x86_64/lib64php5_common5-5.5.16-1.mbs1.x86_64.rpm 89f21a0c9d049f19afaf05924db29c95 mbs1/x86_64/php-apc-3.1.15-1.10.mbs1.x86_64.rpm 4d54db20660b9e69c4003ab3f6fbaafd mbs1/x86_64/php-apc-admin-3.1.15-1.10.mbs1.x86_64.rpm 2cbeda50f9676a164fdf71978840afe0 mbs1/x86_64/php-bcmath-5.5.16-1.mbs1.x86_64.rpm 16e8f1aaca457fc59d1ab10f4987cbde mbs1/x86_64/php-bz2-5.5.16-1.mbs1.x86_64.rpm 28fad27392a15363870342e9c5554b46 mbs1/x86_64/php-calendar-5.5.16-1.mbs1.x86_64.rpm 4831b8dcdedc1bfbd7672129480a8458 mbs1/x86_64/php-cgi-5.5.16-1.mbs1.x86_64.rpm 5842d4359440f8f127187d3b2140092d mbs1/x86_64/php-cli-5.5.16-1.mbs1.x86_64.rpm c2d69cd834c1fef68b6290b66cabcb1c mbs1/x86_64/php-ctype-5.5.16-1.mbs1.x86_64.rpm e3aadee16e901121a3e97ac37c89e4df mbs1/x86_64/php-curl-5.5.16-1.mbs1.x86_64.rpm e8fda909a56f6899b92d9723df249734 mbs1/x86_64/php-dba-5.5.16-1.mbs1.x86_64.rpm 0752c9bcd5010e2804f9b90e20deb645 mbs1/x86_64/php-devel-5.5.16-1.mbs1.x86_64.rpm 7c98733aafc0ed2e8f9c6f9eb4ab91fa mbs1/x86_64/php-doc-5.5.16-1.mbs1.noarch.rpm d222ee99d4211cff16fe1bcb72cb7daa mbs1/x86_64/php-dom-5.5.16-1.mbs1.x86_64.rpm 3beb05cf9ac010ba4c4ef4bc4c27a4f7 mbs1/x86_64/php-enchant-5.5.16-1.mbs1.x86_64.rpm 47638df2d264ad2f964b98a8d4998080 mbs1/x86_64/php-exif-5.5.16-1.mbs1.x86_64.rpm aeb17c94752bc571de7f9ff6260767d2 mbs1/x86_64/php-fileinfo-5.5.16-1.mbs1.x86_64.rpm a80033111ac33a9da3b2d83c98502242 mbs1/x86_64/php-filter-5.5.16-1.mbs1.x86_64.rpm f67911d7a2db9dde572efbdfe3111791 mbs1/x86_64/php-fpm-5.5.16-1.mbs1.x86_64.rpm 2b75ea66721e2cd6a92b1eca104fdb61 mbs1/x86_64/php-ftp-5.5.16-1.mbs1.x86_64.rpm 413d5216d02bf29b781a5e9d91e37b80 mbs1/x86_64/php-gd-5.5.16-1.mbs1.x86_64.rpm 50c06ad0eb94b45e71d042b8340a4e1b mbs1/x86_64/php-gettext-5.5.16-1.mbs1.x86_64.rpm 95e4a1d6e68e45076e64ee2cf3573aba mbs1/x86_64/php-gmp-5.5.16-1.mbs1.x86_64.rpm ec75d0814ea1ffe23339ee58e60f055e mbs1/x86_64/php-hash-5.5.16-1.mbs1.x86_64.rpm 201cdd9e4de39be3027eedf10b49f91b mbs1/x86_64/php-iconv-5.5.16-1.mbs1.x86_64.rpm bdf2832e051923f0e889d5df9723f027 mbs1/x86_64/php-imap-5.5.16-1.mbs1.x86_64.rpm 55802406b502ee990e05fb39c7cda2c1 mbs1/x86_64/php-ini-5.5.16-1.mbs1.x86_64.rpm 1de8d86ba7547663ef13ef4cb89eb352 mbs1/x86_64/php-intl-5.5.16-1.mbs1.x86_64.rpm 3d3fbe17e9b815c335b1c52d5835275d mbs1/x86_64/php-json-5.5.16-1.mbs1.x86_64.rpm 41740118f86130ba240e78fdd15f99ba mbs1/x86_64/php-ldap-5.5.16-1.mbs1.x86_64.rpm c5846e514fd3b883d643fe21778e1a2b mbs1/x86_64/php-mbstring-5.5.16-1.mbs1.x86_64.rpm a3dcf8a6966183325cea9de32684cf67 mbs1/x86_64/php-mcrypt-5.5.16-1.mbs1.x86_64.rpm ba8927d9e38a24ebbab3387946825c71 mbs1/x86_64/php-mssql-5.5.16-1.mbs1.x86_64.rpm 58014a1050c94f0ad9fbbe744c7b920e mbs1/x86_64/php-mysql-5.5.16-1.mbs1.x86_64.rpm 2d68e871d1947e8fe92c1378a9cf25c6 mbs1/x86_64/php-mysqli-5.5.16-1.mbs1.x86_64.rpm 3ec5ddfb16e161a0ce1f4a3b7af693ae mbs1/x86_64/php-mysqlnd-5.5.16-1.mbs1.x86_64.rpm 598d588b909f19bee99e5f4477fd1d5e mbs1/x86_64/php-odbc-5.5.16-1.mbs1.x86_64.rpm cc224fa39dafe9366d2d1204bc957d2d mbs1/x86_64/php-opcache-5.5.16-1.mbs1.x86_64.rpm 7f892b4b6887c3be7db91da3c4e1246b mbs1/x86_64/php-openssl-5.5.16-1.mbs1.x86_64.rpm 960a2989cb5fda35c154d141fbef1b4d mbs1/x86_64/php-pcntl-5.5.16-1.mbs1.x86_64.rpm fc4163872cc9a71f404bd2f213ce599e mbs1/x86_64/php-pdo-5.5.16-1.mbs1.x86_64.rpm ca105e1b9d88d426e2477170f53a9bd8 mbs1/x86_64/php-pdo_dblib-5.5.16-1.mbs1.x86_64.rpm d6cdd1d87b57425b9b75834faa9f8130 mbs1/x86_64/php-pdo_mysql-5.5.16-1.mbs1.x86_64.rpm 4cce3105da5e33e0287a0c66bfc6ade2 mbs1/x86_64/php-pdo_odbc-5.5.16-1.mbs1.x86_64.rpm 4f4ba24e39a2018a14fe439a252e1269 mbs1/x86_64/php-pdo_pgsql-5.5.16-1.mbs1.x86_64.rpm 0ab163003fd11610cb21ef3e81df2c04 mbs1/x86_64/php-pdo_sqlite-5.5.16-1.mbs1.x86_64.rpm c1c70eba52274fe39880d13062db55f8 mbs1/x86_64/php-pgsql-5.5.16-1.mbs1.x86_64.rpm 180bb8ed41b3d2ae5080c6e5b9577598 mbs1/x86_64/php-phar-5.5.16-1.mbs1.x86_64.rpm 7b0ba8398fa985b3f190e5474dc148ac mbs1/x86_64/php-posix-5.5.16-1.mbs1.x86_64.rpm c7f7f7f48ac656e6f5e54fcd7127a6c9 mbs1/x86_64/php-readline-5.5.16-1.mbs1.x86_64.rpm 1c40ca8fff58061d8dc8de435b43ad1c mbs1/x86_64/php-recode-5.5.16-1.mbs1.x86_64.rpm fe775f45b9a3bdc8eafd5e9a0f6b74e4 mbs1/x86_64/php-session-5.5.16-1.mbs1.x86_64.rpm 6d844fba6fd8507e4cfc7f5e7ff4f0d4 mbs1/x86_64/php-shmop-5.5.16-1.mbs1.x86_64.rpm 9c9dd4875aab74bd499c1ebe5eff5d60 mbs1/x86_64/php-snmp-5.5.16-1.mbs1.x86_64.rpm c2845141985242c37ae6c19cdc493a87 mbs1/x86_64/php-soap-5.5.16-1.mbs1.x86_64.rpm 33c94af2772e7cce2a9600c381ad679e mbs1/x86_64/php-sockets-5.5.16-1.mbs1.x86_64.rpm 0128cc41371d6526afa9639b57d27c58 mbs1/x86_64/php-sqlite3-5.5.16-1.mbs1.x86_64.rpm b871c0b922535c32e0a76b04cae66adb mbs1/x86_64/php-sybase_ct-5.5.16-1.mbs1.x86_64.rpm f329458f3db86e8fb4fa059ad6a17135 mbs1/x86_64/php-sysvmsg-5.5.16-1.mbs1.x86_64.rpm aeb2f714adc7bf2296717a7a426f42f3 mbs1/x86_64/php-sysvsem-5.5.16-1.mbs1.x86_64.rpm 14060c6616bdee4d0188a586c416b6a9 mbs1/x86_64/php-sysvshm-5.5.16-1.mbs1.x86_64.rpm 613df062eb4d347b1f20333fae292d37 mbs1/x86_64/php-tidy-5.5.16-1.mbs1.x86_64.rpm cec56e387e6ce4e2fa0a6e51edde77c5 mbs1/x86_64/php-timezonedb-2014.6-1.mbs1.x86_64.rpm 64aa70974bdd2639ebe8f9411d5100d0 mbs1/x86_64/php-tokenizer-5.5.16-1.mbs1.x86_64.rpm b49c9ce454cdc48df9f485afc76f4087 mbs1/x86_64/php-wddx-5.5.16-1.mbs1.x86_64.rpm 6fdedd713c803782873b9394258c8579 mbs1/x86_64/php-xml-5.5.16-1.mbs1.x86_64.rpm 7c4760fd65a2de04f4531c75f0e3a975 mbs1/x86_64/php-xmlreader-5.5.16-1.mbs1.x86_64.rpm 29fd9f17d7c17753786013c47948561b mbs1/x86_64/php-xmlrpc-5.5.16-1.mbs1.x86_64.rpm a945405ae46da1076ef672e91480d6eb mbs1/x86_64/php-xmlwriter-5.5.16-1.mbs1.x86_64.rpm d66a977cf51d7db4abc800dbc4fbb06c mbs1/x86_64/php-xsl-5.5.16-1.mbs1.x86_64.rpm ab850aa37132b2999ad6c7e6eb83ee9d mbs1/x86_64/php-zip-5.5.16-1.mbs1.x86_64.rpm 4fb4296da210a539b1456dc218996493 mbs1/x86_64/php-zlib-5.5.16-1.mbs1.x86_64.rpm 4211f1c92e96005e07f233f13bc7d4c2 mbs1/SRPMS/php-5.5.16-1.mbs1.src.rpm b70fc470a6b52a9ffd8e3194e42e75dc mbs1/SRPMS/php-apc-3.1.15-1.10.mbs1.src.rpm 9b56499519fac7535d5161a7f99ded79 mbs1/SRPMS/php-timezonedb-2014.6-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUBrfcmqjQ0CJFipgRAnh/AKDFzrGTG7tlObINam2/SLFVRnHXWgCg2l3d 0Zdcd4CjzfFIxbAJc26GimU= =Rs9l -----END PGP SIGNATURE-----