BugTraq
[ MDVSA-2014:075 ] php Apr 10 2014 01:25PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:075
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php
Date : April 10, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

A vulnerability has been discovered and corrected in php:

The BEGIN regular expression in the awk script detector in
magic/Magdir/commands in file before 5.15 uses multiple wildcards
with unlimited repetitions, which allows context-dependent attackers
to cause a denial of service (CPU consumption) via a crafted ASCII
file that triggers a large amount of backtracking, as demonstrated
via a file with many newline characters (CVE-2013-7345).

The updated php packages have been upgraded to the 5.5.11 version
which is not vulnerable to this issue.

Also, the timezonedb PHP PECL module has been updated to the latest
2014.2 version.

Additionally, the PECL packages which requires so has been rebuilt
for php-5.5.11.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
http://www.php.net/ChangeLog-5.php#5.5.11
https://bugs.php.net/bug.php?id=66946
http://pecl.php.net/package-info.php?package=timezonedb&version=2014.2
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
16ed2fc09e90bc53fb06ed816c0fa140 mbs1/x86_64/apache-mod_php-5.5.11-1.mbs1.x86_64.rpm
36102c1cf2dd9869991e297ad0de02d7 mbs1/x86_64/lib64php5_common5-5.5.11-1.mbs1.x86_64.rpm
939f614b9ff6253542f9951aa503df73 mbs1/x86_64/php-apc-3.1.15-1.5.mbs1.x86_64.rpm
4f12b8911a81d72c0d00af50dd8d764a mbs1/x86_64/php-apc-admin-3.1.15-1.5.mbs1.x86_64.rpm
d643d3ba3067aa3ce7502b409b887283 mbs1/x86_64/php-bcmath-5.5.11-1.mbs1.x86_64.rpm
b65cfcc605007fb8fa524e958f4f7646 mbs1/x86_64/php-bz2-5.5.11-1.mbs1.x86_64.rpm
f6c8aa5157487d7cafc752bcde0ac390 mbs1/x86_64/php-calendar-5.5.11-1.mbs1.x86_64.rpm
86895019ad8f973e2d760557e5cd4986 mbs1/x86_64/php-cgi-5.5.11-1.mbs1.x86_64.rpm
92bf2522d78186cdfa57409c4b8aacdd mbs1/x86_64/php-cli-5.5.11-1.mbs1.x86_64.rpm
bb8389d66cec38bf60a5d9e8a83a5c89 mbs1/x86_64/php-ctype-5.5.11-1.mbs1.x86_64.rpm
91612ba52d438038fb2efc780e8fc918 mbs1/x86_64/php-curl-5.5.11-1.mbs1.x86_64.rpm
7d7add6de1cbfc494a958250a8f97e52 mbs1/x86_64/php-dba-5.5.11-1.mbs1.x86_64.rpm
641b990d90ce503aa4421ad30adc54b5 mbs1/x86_64/php-devel-5.5.11-1.mbs1.x86_64.rpm
b2ecf1be2db26609a6cd55235a7b8ccd mbs1/x86_64/php-doc-5.5.11-1.mbs1.noarch.rpm
a975c4eef72a1845ba97a949714e6762 mbs1/x86_64/php-dom-5.5.11-1.mbs1.x86_64.rpm
10f18783c79266ee5568094a28a2ba5a mbs1/x86_64/php-enchant-5.5.11-1.mbs1.x86_64.rpm
0332e38cb7cec951b6981fcb999fd70e mbs1/x86_64/php-exif-5.5.11-1.mbs1.x86_64.rpm
1b283db4e724dab5df823d167fb83d9a mbs1/x86_64/php-fileinfo-5.5.11-1.mbs1.x86_64.rpm
14035bdf19fb27800279594087f1d02b mbs1/x86_64/php-filter-5.5.11-1.mbs1.x86_64.rpm
13e40d627ca8a411fd5bf9660ce13a33 mbs1/x86_64/php-fpm-5.5.11-1.mbs1.x86_64.rpm
98178363d0318ce1c4e2ad9cde1e7761 mbs1/x86_64/php-ftp-5.5.11-1.mbs1.x86_64.rpm
85c5fc107153728574c3e1e7e7726ce8 mbs1/x86_64/php-gd-5.5.11-1.mbs1.x86_64.rpm
2fc95f9e20d873fbcc2fcee97b0c143c mbs1/x86_64/php-gettext-5.5.11-1.mbs1.x86_64.rpm
8b92121cb100980154b6a48590b0b2c2 mbs1/x86_64/php-gmp-5.5.11-1.mbs1.x86_64.rpm
c340d4520fe9deca52b294dcb029d639 mbs1/x86_64/php-hash-5.5.11-1.mbs1.x86_64.rpm
b2a90062d1fefcf84bea47442b918afc mbs1/x86_64/php-iconv-5.5.11-1.mbs1.x86_64.rpm
1d31d383ada26918566594bcf5c52ddd mbs1/x86_64/php-imap-5.5.11-1.mbs1.x86_64.rpm
6f26ab38a5462345486d35e27feb5461 mbs1/x86_64/php-ini-5.5.11-1.mbs1.x86_64.rpm
fa6416fd0615364928175e9bd14ea79f mbs1/x86_64/php-intl-5.5.11-1.mbs1.x86_64.rpm
fbbd41fb923f5cdcfd83138d84e29307 mbs1/x86_64/php-json-5.5.11-1.mbs1.x86_64.rpm
3200e7a1703d9951d77a8324ecac9789 mbs1/x86_64/php-ldap-5.5.11-1.mbs1.x86_64.rpm
7e771159e8c0037c56e847cb6364af5e mbs1/x86_64/php-mbstring-5.5.11-1.mbs1.x86_64.rpm
ecfd924b6385be14f469e0bc73b63504 mbs1/x86_64/php-mcrypt-5.5.11-1.mbs1.x86_64.rpm
c254ebda44d66c09ddeafc466b2b9d2d mbs1/x86_64/php-mssql-5.5.11-1.mbs1.x86_64.rpm
b62000cea2d5c1a9407661e0d6a89082 mbs1/x86_64/php-mysql-5.5.11-1.mbs1.x86_64.rpm
dc6fc6ac7403500826b32e39deb734de mbs1/x86_64/php-mysqli-5.5.11-1.mbs1.x86_64.rpm
222a101e0a866ecb377a8e98240c626e mbs1/x86_64/php-mysqlnd-5.5.11-1.mbs1.x86_64.rpm
a6855f7058d020e0826a944a5eb4701b mbs1/x86_64/php-odbc-5.5.11-1.mbs1.x86_64.rpm
16ecefb5d132629203b3cae6e1ad0365 mbs1/x86_64/php-opcache-5.5.11-1.mbs1.x86_64.rpm
2e7843d9f5de5476d78631daf48f7b91 mbs1/x86_64/php-openssl-5.5.11-1.mbs1.x86_64.rpm
5e3bfc19b707bbcc0ec8a4b73b4bf5e0 mbs1/x86_64/php-pcntl-5.5.11-1.mbs1.x86_64.rpm
63c7e9dd81e251c0e33cd8125ceccc01 mbs1/x86_64/php-pdo-5.5.11-1.mbs1.x86_64.rpm
34eb4f845e55596dc306628b3305365a mbs1/x86_64/php-pdo_dblib-5.5.11-1.mbs1.x86_64.rpm
45a5868c8fdc4c8686dc3a37b287f680 mbs1/x86_64/php-pdo_mysql-5.5.11-1.mbs1.x86_64.rpm
3aa84d78c33d3f0ade5cc336f4ddc54f mbs1/x86_64/php-pdo_odbc-5.5.11-1.mbs1.x86_64.rpm
8105e546c9a5dcfbbc77a6539d958656 mbs1/x86_64/php-pdo_pgsql-5.5.11-1.mbs1.x86_64.rpm
0bf676b14fb71998bbd4ae736d44e427 mbs1/x86_64/php-pdo_sqlite-5.5.11-1.mbs1.x86_64.rpm
ec5fffcd317ef6dad72d5a8eb228a781 mbs1/x86_64/php-pgsql-5.5.11-1.mbs1.x86_64.rpm
8418411e94dba011bc9ae65abc451c9f mbs1/x86_64/php-phar-5.5.11-1.mbs1.x86_64.rpm
ea9fe59ef772a6f5ae0c4cdc3d925df3 mbs1/x86_64/php-posix-5.5.11-1.mbs1.x86_64.rpm
4e87b9158cc327ec8584c5f1f18ea5bd mbs1/x86_64/php-readline-5.5.11-1.mbs1.x86_64.rpm
bf67065b17dc90aec02101e1f6a1fe12 mbs1/x86_64/php-recode-5.5.11-1.mbs1.x86_64.rpm
b3d295b2cee95e6db981bf69cebdcf8d mbs1/x86_64/php-session-5.5.11-1.mbs1.x86_64.rpm
e4ed6b201e8555c69ec79bb6fef7b737 mbs1/x86_64/php-shmop-5.5.11-1.mbs1.x86_64.rpm
2dc01d80b4bcc79268b817dec4f1ac7f mbs1/x86_64/php-snmp-5.5.11-1.mbs1.x86_64.rpm
0c5d69ac26d2ecd66c344c0b07931adf mbs1/x86_64/php-soap-5.5.11-1.mbs1.x86_64.rpm
9736bb0582d98950b8354e930cdc0057 mbs1/x86_64/php-sockets-5.5.11-1.mbs1.x86_64.rpm
1e654a8e206ac84e90c687070e260720 mbs1/x86_64/php-sqlite3-5.5.11-1.mbs1.x86_64.rpm
2e5d8704d2f502983fa688f5d92dd2a4 mbs1/x86_64/php-sybase_ct-5.5.11-1.mbs1.x86_64.rpm
1801cb584c4d2f141fd054fb255a4307 mbs1/x86_64/php-sysvmsg-5.5.11-1.mbs1.x86_64.rpm
01364f0dd27263317822171be37f1a7c mbs1/x86_64/php-sysvsem-5.5.11-1.mbs1.x86_64.rpm
f27e00bf706fa407680c762cd8cf7788 mbs1/x86_64/php-sysvshm-5.5.11-1.mbs1.x86_64.rpm
4f3f79fa12958c1044a2514e04a23908 mbs1/x86_64/php-tidy-5.5.11-1.mbs1.x86_64.rpm
d0b34a1aefd946b4b4b6a7d59ecefc8f mbs1/x86_64/php-timezonedb-2014.2-1.mbs1.x86_64.rpm
db588b5b423d27875a50b6a92197d33d mbs1/x86_64/php-tokenizer-5.5.11-1.mbs1.x86_64.rpm
1a82dc5f4ddec40bbfd2b594d23e80d7 mbs1/x86_64/php-wddx-5.5.11-1.mbs1.x86_64.rpm
31eb0192e5b8c52f22e8a01622c87152 mbs1/x86_64/php-xml-5.5.11-1.mbs1.x86_64.rpm
aebf69513f62f408b3bf7f4e54b28824 mbs1/x86_64/php-xmlreader-5.5.11-1.mbs1.x86_64.rpm
baf3a06386cde133624e5d4352f853c2 mbs1/x86_64/php-xmlrpc-5.5.11-1.mbs1.x86_64.rpm
d11f54ca7a2903792c154f093d389309 mbs1/x86_64/php-xmlwriter-5.5.11-1.mbs1.x86_64.rpm
d066a70f2e583dd942cc8233f54a22b4 mbs1/x86_64/php-xsl-5.5.11-1.mbs1.x86_64.rpm
4f83d31b5c4c12224e71f18a6018c16e mbs1/x86_64/php-zip-5.5.11-1.mbs1.x86_64.rpm
96c42a96495277ae0a3b48a6f26c8f29 mbs1/x86_64/php-zlib-5.5.11-1.mbs1.x86_64.rpm
588931015052c626e59afe073a65e541 mbs1/SRPMS/php-5.5.11-1.mbs1.src.rpm
7f6426086bb10698b030fec57331e234 mbs1/SRPMS/php-apc-3.1.15-1.5.mbs1.src.rpm
966921bc3a9642e2056e79cd3db761c3 mbs1/SRPMS/php-timezonedb-2014.2-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTRnFtmqjQ0CJFipgRAl55AKC/6hbtpY8KcAFw/dVpytpAX2NTZACeKyJS
A5+PL+7Tbndun3dSFZDkzvk=
=X5lW
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus