-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:032 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : php Date : February 5, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in php: sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (CVE-2014-9427). Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231). The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (CVE-2015-0232). The updated php packages have been upgraded to the 5.5.21 version which is not vulnerable to these issues. Additionally, the timezonedb package has been upgraded to the latest 2015.1 version, the php-suhosin package has been upgraded to the latest 0.9.37.1 and the PECL packages which requires so has been rebuilt for php-5.5.21. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232 http://php.net/ChangeLog-5.php#5.5.21 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: e10b93bf56ffd9de6bc3dc7097186d0d mbs1/x86_64/apache-mod_php-5.5.21-1.mbs1.x86_64.rpm 35cf46d3f0b04ec4e4ce251658817967 mbs1/x86_64/lib64php5_common5-5.5.21-1.mbs1.x86_64.rpm 380fbb305decb415730164df5966c5db mbs1/x86_64/php-apc-3.1.15-1.15.mbs1.x86_64.rpm cf2f06ade39ba0e5bc8c672dbfc6ff77 mbs1/x86_64/php-apc-admin-3.1.15-1.15.mbs1.x86_64.rpm 15d498fd2fa763f5b1b2a09432b3834f mbs1/x86_64/php-bcmath-5.5.21-1.mbs1.x86_64.rpm 80c239999520eb885150c193856969be mbs1/x86_64/php-bz2-5.5.21-1.mbs1.x86_64.rpm 3305d51bd901f85d93b4ffb85d9fb55a mbs1/x86_64/php-calendar-5.5.21-1.mbs1.x86_64.rpm 37430aab4267b1577333a52591ef483c mbs1/x86_64/php-cgi-5.5.21-1.mbs1.x86_64.rpm 7610a03c06613e9a342983b0cfc3e04b mbs1/x86_64/php-cli-5.5.21-1.mbs1.x86_64.rpm 5962886825c659cf7aa66bbf0e7bcdc7 mbs1/x86_64/php-ctype-5.5.21-1.mbs1.x86_64.rpm a2870a53aeec993e0d73aff6b147002d mbs1/x86_64/php-curl-5.5.21-1.mbs1.x86_64.rpm d8212e3ff340631b76c1f2ee570f39a2 mbs1/x86_64/php-dba-5.5.21-1.mbs1.x86_64.rpm aa760f1a74519f33d412234c6b46b5a2 mbs1/x86_64/php-devel-5.5.21-1.mbs1.x86_64.rpm b0e1edd28c8946b8f70f904ad74f6196 mbs1/x86_64/php-doc-5.5.21-1.mbs1.noarch.rpm 1ab05b3b4f388fe169a1665f845708b3 mbs1/x86_64/php-dom-5.5.21-1.mbs1.x86_64.rpm 8df5513d5170a461c8c2c94cab77d673 mbs1/x86_64/php-enchant-5.5.21-1.mbs1.x86_64.rpm 5a21e187f513214c1203de6ca92bb0d5 mbs1/x86_64/php-exif-5.5.21-1.mbs1.x86_64.rpm 74c5e7af8d5ef99fba456636d11dbc5b mbs1/x86_64/php-fileinfo-5.5.21-1.mbs1.x86_64.rpm eac42ef4b3b6dfdf5ffa2e0aefc214de mbs1/x86_64/php-filter-5.5.21-1.mbs1.x86_64.rpm deb876cfeda3f9a8eb8682f8a1acbd44 mbs1/x86_64/php-fpm-5.5.21-1.mbs1.x86_64.rpm 22a24f2ace7196206f5d412bb0d0c283 mbs1/x86_64/php-ftp-5.5.21-1.mbs1.x86_64.rpm b9281f2d656ceb0362a085213798abec mbs1/x86_64/php-gd-5.5.21-1.mbs1.x86_64.rpm 4e55d36d0e9cdcbfe9f6f2b4a6694661 mbs1/x86_64/php-gettext-5.5.21-1.mbs1.x86_64.rpm 39ca752f1ffb768cfe1117b6884359ba mbs1/x86_64/php-gmp-5.5.21-1.mbs1.x86_64.rpm 70d257981f63d37cd4416776f09b93e0 mbs1/x86_64/php-hash-5.5.21-1.mbs1.x86_64.rpm f138cbe8fefddc2fcf1bb6b4ef0e51c8 mbs1/x86_64/php-iconv-5.5.21-1.mbs1.x86_64.rpm a6f413cf6ac533ac2c863ca3edad35a0 mbs1/x86_64/php-imap-5.5.21-1.mbs1.x86_64.rpm e21379d08e795a07950612e759f31329 mbs1/x86_64/php-ini-5.5.21-1.mbs1.x86_64.rpm 016b63d1bdac5c053f6c750f58a9587e mbs1/x86_64/php-intl-5.5.21-1.mbs1.x86_64.rpm 2aaba314e9d37fe4208d9cd41a889fef mbs1/x86_64/php-json-5.5.21-1.mbs1.x86_64.rpm 2400f52a1b4bc7c492905baa55276ab2 mbs1/x86_64/php-ldap-5.5.21-1.mbs1.x86_64.rpm f0d39fc248825c8b6d575be7ac77304d mbs1/x86_64/php-mbstring-5.5.21-1.mbs1.x86_64.rpm a2e705d08022416e60ee865183485eda mbs1/x86_64/php-mcrypt-5.5.21-1.mbs1.x86_64.rpm fd7b9e0d7c928547670bde3d41836a58 mbs1/x86_64/php-mssql-5.5.21-1.mbs1.x86_64.rpm c7c115d4b0b044b4a156719a952a3aa0 mbs1/x86_64/php-mysql-5.5.21-1.mbs1.x86_64.rpm 72229e16ce7f25cebbfd32c9bf1279dc mbs1/x86_64/php-mysqli-5.5.21-1.mbs1.x86_64.rpm 6214401d42c419b786c53b07450d3102 mbs1/x86_64/php-mysqlnd-5.5.21-1.mbs1.x86_64.rpm 051905065c0a836ad22a156ae8be38aa mbs1/x86_64/php-odbc-5.5.21-1.mbs1.x86_64.rpm d0f60e037a0b2915938544ebf4a3b009 mbs1/x86_64/php-opcache-5.5.21-1.mbs1.x86_64.rpm 51fa835f0b3fd0c2b6cbaf072049ad7c mbs1/x86_64/php-openssl-5.5.21-1.mbs1.x86_64.rpm 0444aab16fb7ec45249cde7c02259972 mbs1/x86_64/php-pcntl-5.5.21-1.mbs1.x86_64.rpm 0073dd43664b44b837c6d7604d097d31 mbs1/x86_64/php-pdo-5.5.21-1.mbs1.x86_64.rpm ad00b9b7d118e7dd72234d4ae3937f8c mbs1/x86_64/php-pdo_dblib-5.5.21-1.mbs1.x86_64.rpm c20479f9036d7b7a2c7b922547d98577 mbs1/x86_64/php-pdo_mysql-5.5.21-1.mbs1.x86_64.rpm 14e356c11403107b7f07acf1ff3d8e91 mbs1/x86_64/php-pdo_odbc-5.5.21-1.mbs1.x86_64.rpm f43f6ffab9717cfbe63b6d44feadce69 mbs1/x86_64/php-pdo_pgsql-5.5.21-1.mbs1.x86_64.rpm 83b4abb4f03504eaa9650dcb8afafcda mbs1/x86_64/php-pdo_sqlite-5.5.21-1.mbs1.x86_64.rpm 1a5965f09e247f2b61c62da716db2bc3 mbs1/x86_64/php-pgsql-5.5.21-1.mbs1.x86_64.rpm 7bb8c80d39970eff0e91d70a628c1f6f mbs1/x86_64/php-phar-5.5.21-1.mbs1.x86_64.rpm d7d1e4862e41d327668dcdbab17b16af mbs1/x86_64/php-posix-5.5.21-1.mbs1.x86_64.rpm a8ffaebca7ac3d5cd68ea683fd96d355 mbs1/x86_64/php-readline-5.5.21-1.mbs1.x86_64.rpm 47bfab007757c043a20869d9cfb3dfce mbs1/x86_64/php-recode-5.5.21-1.mbs1.x86_64.rpm ef7b539f7b1bd362b0ab5132c1ed02e9 mbs1/x86_64/php-session-5.5.21-1.mbs1.x86_64.rpm c221a953b4d19aa1abbb1554e1dcba7f mbs1/x86_64/php-shmop-5.5.21-1.mbs1.x86_64.rpm faa7f998119c8caeaf41633eebeda8cf mbs1/x86_64/php-snmp-5.5.21-1.mbs1.x86_64.rpm 76c9cce8476b0cc570feb5f559d41100 mbs1/x86_64/php-soap-5.5.21-1.mbs1.x86_64.rpm 8ba094b373532be959ec091e170ec67f mbs1/x86_64/php-sockets-5.5.21-1.mbs1.x86_64.rpm 4ba897393ae80f5258904da4e674763e mbs1/x86_64/php-sqlite3-5.5.21-1.mbs1.x86_64.rpm 805a305e9bbe7aa4205bf2b161cfbed5 mbs1/x86_64/php-suhosin-0.9.37.1-1.1.mbs1.x86_64.rpm f9ce38cee5e9dae0093be89dace73264 mbs1/x86_64/php-sybase_ct-5.5.21-1.mbs1.x86_64.rpm 69cf5f72855d32e5f482c61294e623ed mbs1/x86_64/php-sysvmsg-5.5.21-1.mbs1.x86_64.rpm 09b48a0e2d140c5a15b23cb2b5068ac0 mbs1/x86_64/php-sysvsem-5.5.21-1.mbs1.x86_64.rpm a6aa97b047afe2bf4069b72b4a5ddd78 mbs1/x86_64/php-sysvshm-5.5.21-1.mbs1.x86_64.rpm 356b7bf2e5f41cce66698a359d8062ac mbs1/x86_64/php-tidy-5.5.21-1.mbs1.x86_64.rpm 5e7ad121c41731660209e6a3d003b142 mbs1/x86_64/php-timezonedb-2015.1-1.mbs1.x86_64.rpm dffe6910d0f170be5bf49fe4cd959883 mbs1/x86_64/php-tokenizer-5.5.21-1.mbs1.x86_64.rpm e2ad6ddab9e9ed43d3ad4979c6c4f86b mbs1/x86_64/php-wddx-5.5.21-1.mbs1.x86_64.rpm 26e46036e5a4d4cefb4fbde1c06100d7 mbs1/x86_64/php-xml-5.5.21-1.mbs1.x86_64.rpm 8664c4fbce6fa50245edc216e6c8e959 mbs1/x86_64/php-xmlreader-5.5.21-1.mbs1.x86_64.rpm dba1da2ada8d7073f1d9e8bbf11b1ea7 mbs1/x86_64/php-xmlrpc-5.5.21-1.mbs1.x86_64.rpm 2d68665ed632fa69e97cb9f8d2c7dc0b mbs1/x86_64/php-xmlwriter-5.5.21-1.mbs1.x86_64.rpm 94f4c00b2c83050b2c4c4713976940ee mbs1/x86_64/php-xsl-5.5.21-1.mbs1.x86_64.rpm 3afda2f608982df1faa4b6db3c1c9a55 mbs1/x86_64/php-zip-5.5.21-1.mbs1.x86_64.rpm 88c51809d22c4e364ed70e1567eccac8 mbs1/x86_64/php-zlib-5.5.21-1.mbs1.x86_64.rpm 275b50c9dfa2cc7b5244a7bece61644a mbs1/SRPMS/php-5.5.21-1.mbs1.src.rpm ef1cf8b05352ebf671b704ecc8e54c4b mbs1/SRPMS/php-apc-3.1.15-1.15.mbs1.src.rpm 84245bb31cf43e549fde22690802b44d mbs1/SRPMS/php-suhosin-0.9.37.1-1.1.mbs1.src.rpm 61203a18b4f0ac67117f5b0fcbf348a7 mbs1/SRPMS/php-timezonedb-2015.1-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFU05RlmqjQ0CJFipgRArmOAKDKYyVQrC1CpH9JKrd8HAhddB7oZQCgtdL8 0rueIDnGzKxeJYZDOf8Kdvo= =3Yt1 -----END PGP SIGNATURE-----