-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:004 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : php Date : January 5, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated php packages fix security vulnerability: A use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize() (CVE-2014-8142). PHP has been updated to version 5.5.20, which fixes these issues and other bugs. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142 http://advisories.mageia.org/MGASA-2014-0542.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 5720285929fd2da4e5a2b811fbb82ab9 mbs1/x86_64/apache-mod_php-5.5.20-1.mbs1.x86_64.rpm 800b3d577d711326623c8ccee0f01cd9 mbs1/x86_64/lib64php5_common5-5.5.20-1.mbs1.x86_64.rpm 87a70568001565518de6ea72378019fc mbs1/x86_64/php-apc-3.1.15-1.14.mbs1.x86_64.rpm f47356b51335e88748981c27d3b56101 mbs1/x86_64/php-apc-admin-3.1.15-1.14.mbs1.x86_64.rpm 49b993225c5a894488a0fdfeb970296a mbs1/x86_64/php-bcmath-5.5.20-1.mbs1.x86_64.rpm e49974dd72a4f9b5554e173e998269fe mbs1/x86_64/php-bz2-5.5.20-1.mbs1.x86_64.rpm eaef3f62b6e1f9b1f1e2f2ae2604fbae mbs1/x86_64/php-calendar-5.5.20-1.mbs1.x86_64.rpm bf47b18144bcbe4e03b8668bc286105b mbs1/x86_64/php-cgi-5.5.20-1.mbs1.x86_64.rpm 7b876372748f1e202631f5a6189813f6 mbs1/x86_64/php-cli-5.5.20-1.mbs1.x86_64.rpm 62ec41210273cc5b4b3563c10e10fa77 mbs1/x86_64/php-ctype-5.5.20-1.mbs1.x86_64.rpm 5388b6a9270f3787f25ec51debec5b66 mbs1/x86_64/php-curl-5.5.20-1.mbs1.x86_64.rpm 514a74531b687c8c06466dd0540b8591 mbs1/x86_64/php-dba-5.5.20-1.mbs1.x86_64.rpm 5d69d0cce490e833d96c028d60360db9 mbs1/x86_64/php-devel-5.5.20-1.mbs1.x86_64.rpm 4ffcd00fba73c3d77fba861265361ee6 mbs1/x86_64/php-doc-5.5.20-1.mbs1.noarch.rpm 4790a31844d8d02696a7534b335d9bbb mbs1/x86_64/php-dom-5.5.20-1.mbs1.x86_64.rpm 216b909ce39213db2c803844ae287446 mbs1/x86_64/php-enchant-5.5.20-1.mbs1.x86_64.rpm a1e0c36488c3d90f840b2e36b1fa416f mbs1/x86_64/php-exif-5.5.20-1.mbs1.x86_64.rpm 8d19a3d6776447d262ced0bb321a485a mbs1/x86_64/php-fileinfo-5.5.20-1.mbs1.x86_64.rpm 4cb4001e09da88dce211d2a8feb110b7 mbs1/x86_64/php-filter-5.5.20-1.mbs1.x86_64.rpm a3ca9f0ed4ff81e1af60350b410507ca mbs1/x86_64/php-fpm-5.5.20-1.mbs1.x86_64.rpm 57dab250e8e6eb0e34ddb5a46dab2bc2 mbs1/x86_64/php-ftp-5.5.20-1.mbs1.x86_64.rpm 9b4a623cfee8a5a72adaf4fb4e9e555d mbs1/x86_64/php-gd-5.5.20-1.mbs1.x86_64.rpm 8d164897c9bc2cb30950c7b551d9a8e9 mbs1/x86_64/php-gettext-5.5.20-1.mbs1.x86_64.rpm 36d16a8f36df64497f3c530e5569bb84 mbs1/x86_64/php-gmp-5.5.20-1.mbs1.x86_64.rpm 9b88cac2d75811a7ff656768604123ab mbs1/x86_64/php-hash-5.5.20-1.mbs1.x86_64.rpm 4d8a0d5722859f2d710b6a26b2ee9727 mbs1/x86_64/php-iconv-5.5.20-1.mbs1.x86_64.rpm 03e8ecb9f5429190f6c795b2b3b40499 mbs1/x86_64/php-imap-5.5.20-1.mbs1.x86_64.rpm f32cfb5b4d89f8025982bb3c840d9322 mbs1/x86_64/php-ini-5.5.20-1.mbs1.x86_64.rpm 8a152756fb0ee74d89e7be069d2a6761 mbs1/x86_64/php-intl-5.5.20-1.mbs1.x86_64.rpm 0192f7fb7b08469d9c7be09f427cff7d mbs1/x86_64/php-json-5.5.20-1.mbs1.x86_64.rpm 9e807b16221a8e3429bf2fc3b139aa94 mbs1/x86_64/php-ldap-5.5.20-1.mbs1.x86_64.rpm 948cb86a4aadf969c55c97f70ec41035 mbs1/x86_64/php-mbstring-5.5.20-1.mbs1.x86_64.rpm 872d498d32f0a16cef82fbfbc01a97ac mbs1/x86_64/php-mcrypt-5.5.20-1.mbs1.x86_64.rpm 0e2a96f402b827cbfcc871d25d59bc83 mbs1/x86_64/php-mssql-5.5.20-1.mbs1.x86_64.rpm e90d719e3adce6deb799fc7c14793b52 mbs1/x86_64/php-mysql-5.5.20-1.mbs1.x86_64.rpm 96a9362a00ec884406ff0ac902bac3b0 mbs1/x86_64/php-mysqli-5.5.20-1.mbs1.x86_64.rpm 51cabb52dfc7c58ff5d465f941647f8f mbs1/x86_64/php-mysqlnd-5.5.20-1.mbs1.x86_64.rpm 572ef3e40d7ea8161a8d86183e33ac1c mbs1/x86_64/php-odbc-5.5.20-1.mbs1.x86_64.rpm b296ecac3dbb2ec75713425d72d1dbb8 mbs1/x86_64/php-opcache-5.5.20-1.mbs1.x86_64.rpm 0463f6265233506f9ac65dd956f3ae22 mbs1/x86_64/php-openssl-5.5.20-1.mbs1.x86_64.rpm 2cdc4b40d74dbcc315fa58606e92f03d mbs1/x86_64/php-pcntl-5.5.20-1.mbs1.x86_64.rpm 691c184466ab3b117c355fe9ca837928 mbs1/x86_64/php-pdo-5.5.20-1.mbs1.x86_64.rpm 59a04a57c4390f2736922a790fbf3ca7 mbs1/x86_64/php-pdo_dblib-5.5.20-1.mbs1.x86_64.rpm 47bd59fca9c287140a0e4f2185dd2af7 mbs1/x86_64/php-pdo_mysql-5.5.20-1.mbs1.x86_64.rpm 78a5e31e3339d78ac0fc1d08162218da mbs1/x86_64/php-pdo_odbc-5.5.20-1.mbs1.x86_64.rpm 7c36cf025f789d85b4165614b86316db mbs1/x86_64/php-pdo_pgsql-5.5.20-1.mbs1.x86_64.rpm 831bfe268b87e0e3475a753c6cf7ec90 mbs1/x86_64/php-pdo_sqlite-5.5.20-1.mbs1.x86_64.rpm 68dc439506b7ec890939dd1f23e82967 mbs1/x86_64/php-pgsql-5.5.20-1.mbs1.x86_64.rpm af39283b07cc7d0798c3affcd73a74f0 mbs1/x86_64/php-phar-5.5.20-1.mbs1.x86_64.rpm 4fe7c35ed1d88b37eac93712dba14e72 mbs1/x86_64/php-posix-5.5.20-1.mbs1.x86_64.rpm 271a18ea2eda0c0d2b0428b553b9140b mbs1/x86_64/php-readline-5.5.20-1.mbs1.x86_64.rpm f9866dacaceb6cd9b07b14a0eaa8edad mbs1/x86_64/php-recode-5.5.20-1.mbs1.x86_64.rpm 840567d2df61e8c844f1d0a160073142 mbs1/x86_64/php-session-5.5.20-1.mbs1.x86_64.rpm c3cf612304ec416faa035c5e77b24cf4 mbs1/x86_64/php-shmop-5.5.20-1.mbs1.x86_64.rpm 1b842f9d3bcccc58a5b6995ace6b7778 mbs1/x86_64/php-snmp-5.5.20-1.mbs1.x86_64.rpm a1c63cf4d861f6cb9de809fd978fb386 mbs1/x86_64/php-soap-5.5.20-1.mbs1.x86_64.rpm 31ed20639db152f81374ccb7e84cc255 mbs1/x86_64/php-sockets-5.5.20-1.mbs1.x86_64.rpm 1161f88d397130f37a2c2cb5ea1a1591 mbs1/x86_64/php-sqlite3-5.5.20-1.mbs1.x86_64.rpm faf741bbd816020c1232d24d43a88301 mbs1/x86_64/php-sybase_ct-5.5.20-1.mbs1.x86_64.rpm 36622ce26efd04d2174bafb8c97cd6a0 mbs1/x86_64/php-sysvmsg-5.5.20-1.mbs1.x86_64.rpm 32a1cd3801eb3d34deef3bf2b2eb175c mbs1/x86_64/php-sysvsem-5.5.20-1.mbs1.x86_64.rpm e9901c9efb2fd42c44369fe16610dda2 mbs1/x86_64/php-sysvshm-5.5.20-1.mbs1.x86_64.rpm d1573514737e8cd8d3d9b93b0c6487c1 mbs1/x86_64/php-tidy-5.5.20-1.mbs1.x86_64.rpm ade13ce2344b5ad7e018157e13e29b7d mbs1/x86_64/php-tokenizer-5.5.20-1.mbs1.x86_64.rpm 9d1aeed50e19981be9bca6be88aad94a mbs1/x86_64/php-wddx-5.5.20-1.mbs1.x86_64.rpm 2a045a9b68b81cd05840b060b098840e mbs1/x86_64/php-xml-5.5.20-1.mbs1.x86_64.rpm 628772e293d6075ab5bb4165494ffc53 mbs1/x86_64/php-xmlreader-5.5.20-1.mbs1.x86_64.rpm ff722434dbc88d430481d67bab2bd6b1 mbs1/x86_64/php-xmlrpc-5.5.20-1.mbs1.x86_64.rpm a2386debfd20d4d3cb0d0e35a45aaa95 mbs1/x86_64/php-xmlwriter-5.5.20-1.mbs1.x86_64.rpm 4d70cab1d42cd41318090d5e465dbe71 mbs1/x86_64/php-xsl-5.5.20-1.mbs1.x86_64.rpm b3b3a06cb942d8575ff494ef1ba36f67 mbs1/x86_64/php-zip-5.5.20-1.mbs1.x86_64.rpm d01068faa1c68ecf27853dd2a76be0aa mbs1/x86_64/php-zlib-5.5.20-1.mbs1.x86_64.rpm 810dd39796955d28c83b42e917486537 mbs1/SRPMS/php-5.5.20-1.mbs1.src.rpm 04608504f9981bfd981a1be5b537e1ea mbs1/SRPMS/php-apc-3.1.15-1.14.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUqn96mqjQ0CJFipgRAlnaAKDW5GhSOvkltpdaL1xjc+v3N3hHewCgpJv2 Ba+V1qB+QyffKajCVzRo/C0= =rqW0 -----END PGP SIGNATURE-----