BugTraq
[ MDVSA-2014:149 ] php Aug 06 2014 10:41AM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:149
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php
Date : August 6, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in php:

Use-after-free vulnerability in ext/spl/spl_array.c in the SPL
component in PHP through 5.5.14 allows context-dependent attackers to
cause a denial of service or possibly have unspecified other impact via
crafted ArrayIterator usage within applications in certain web-hosting
environments (CVE-2014-4698).

Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL
component in PHP through 5.5.14 allows context-dependent attackers to
cause a denial of service or possibly have unspecified other impact
via crafted iterator usage within applications in certain web-hosting
environments (CVE-2014-4670).

file before 5.19 does not properly restrict the amount of data read
during a regex search, which allows remote attackers to cause a
denial of service (CPU consumption) via a crafted file that triggers
backtracking during processing of an awk rule. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2013-7345 (CVE-2014-3538).

The updated php packages have been upgraded to the 5.5.15 version
and patched to resolve these security flaws.

Additionally, the jsonc extension has been upgraded to the 1.3.6
version and the PECL packages which requires so has been rebuilt
for php-5.5.15.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
http://php.net/ChangeLog-5.php#5.5.15
http://pecl.php.net/package-changelog.php?package=jsonc&release=1.3.6
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
a8f1a14a82942bc714d6a099be8e5185 mbs1/x86_64/apache-mod_php-5.5.15-1.2.mbs1.x86_64.rpm
b985fbddf2bc3242ca7a2b9fa59d435a mbs1/x86_64/lib64php5_common5-5.5.15-1.2.mbs1.x86_64.rpm
4096874876026f741813d42aabc7fc77 mbs1/x86_64/php-apc-3.1.15-1.9.mbs1.x86_64.rpm
8fa4bca573ff32baa586e21900c990bd mbs1/x86_64/php-apc-admin-3.1.15-1.9.mbs1.x86_64.rpm
1e1e9b04d4e864b89c6ee72401d19f07 mbs1/x86_64/php-bcmath-5.5.15-1.2.mbs1.x86_64.rpm
33bf033aaa30e10913a577c7bf056edb mbs1/x86_64/php-bz2-5.5.15-1.2.mbs1.x86_64.rpm
30d344da1d8d979376b9ffed01ac756d mbs1/x86_64/php-calendar-5.5.15-1.2.mbs1.x86_64.rpm
119e13214a525f356965aab9a5e87819 mbs1/x86_64/php-cgi-5.5.15-1.2.mbs1.x86_64.rpm
d77ce1bb2c2a73774c5ea8a8a94322bd mbs1/x86_64/php-cli-5.5.15-1.2.mbs1.x86_64.rpm
b6fa475c440644e4844644fd2d0f4bd4 mbs1/x86_64/php-ctype-5.5.15-1.2.mbs1.x86_64.rpm
0941ee03a5e9a7378b4b01432ca99007 mbs1/x86_64/php-curl-5.5.15-1.2.mbs1.x86_64.rpm
c0e67e0418764df9c0124aecc6d27c71 mbs1/x86_64/php-dba-5.5.15-1.2.mbs1.x86_64.rpm
b4df22a9a0ec0e276e09dd30b63934ee mbs1/x86_64/php-devel-5.5.15-1.2.mbs1.x86_64.rpm
574920252543de382a55387b2446f9f4 mbs1/x86_64/php-doc-5.5.15-1.2.mbs1.noarch.rpm
e6ea55d91a757b2a9bd7115ee3caafb0 mbs1/x86_64/php-dom-5.5.15-1.2.mbs1.x86_64.rpm
7059a143838f8b38ec0847de3530cc7d mbs1/x86_64/php-enchant-5.5.15-1.2.mbs1.x86_64.rpm
1b83052b9a3360afe0ce7d9d8c0516d1 mbs1/x86_64/php-exif-5.5.15-1.2.mbs1.x86_64.rpm
851123d71e3de3194ecc030f37fb31b7 mbs1/x86_64/php-fileinfo-5.5.15-1.2.mbs1.x86_64.rpm
2ad566bd050fb268e9e0c13354b24b07 mbs1/x86_64/php-filter-5.5.15-1.2.mbs1.x86_64.rpm
6607d2b46f3c32340fd6fa15471c75ee mbs1/x86_64/php-fpm-5.5.15-1.2.mbs1.x86_64.rpm
800d0e33e959b44e3705a081eac37707 mbs1/x86_64/php-ftp-5.5.15-1.2.mbs1.x86_64.rpm
c5efe218dee0a5f8f685fe4887121df6 mbs1/x86_64/php-gd-5.5.15-1.2.mbs1.x86_64.rpm
c0a2ff63842df51a013346920cd85633 mbs1/x86_64/php-gettext-5.5.15-1.2.mbs1.x86_64.rpm
6a8a00249372f1822a1028ea003badda mbs1/x86_64/php-gmp-5.5.15-1.2.mbs1.x86_64.rpm
3d782e96ec768e2fbfdcb4966c17e4c5 mbs1/x86_64/php-hash-5.5.15-1.2.mbs1.x86_64.rpm
03302374100cbef6b17b36040b97df46 mbs1/x86_64/php-iconv-5.5.15-1.2.mbs1.x86_64.rpm
67ef91b4144597a8eee105d8d9e39785 mbs1/x86_64/php-imap-5.5.15-1.2.mbs1.x86_64.rpm
9d79601ac46b53eb93848bbdb91ae588 mbs1/x86_64/php-ini-5.5.15-1.2.mbs1.x86_64.rpm
9d36114cf05a452aa807a7e546e9f0d2 mbs1/x86_64/php-intl-5.5.15-1.2.mbs1.x86_64.rpm
fe3164ded9c067c86da9abba22c179c7 mbs1/x86_64/php-json-5.5.15-1.2.mbs1.x86_64.rpm
3514239c38af0dc7d9365e8b174903f4 mbs1/x86_64/php-ldap-5.5.15-1.2.mbs1.x86_64.rpm
3a9080553c9d0389c4b209c7a66136d6 mbs1/x86_64/php-mbstring-5.5.15-1.2.mbs1.x86_64.rpm
2e28885f866774b3a314839dc30cb753 mbs1/x86_64/php-mcrypt-5.5.15-1.2.mbs1.x86_64.rpm
4960ddc660751ade994774117d09350a mbs1/x86_64/php-mssql-5.5.15-1.2.mbs1.x86_64.rpm
002346daef828dc391ca3c9f9abb9202 mbs1/x86_64/php-mysql-5.5.15-1.2.mbs1.x86_64.rpm
e8b7bdb3428d132287751dbb2864a6cb mbs1/x86_64/php-mysqli-5.5.15-1.2.mbs1.x86_64.rpm
b9374638ca9b9cdcf5945e5a51fe3998 mbs1/x86_64/php-mysqlnd-5.5.15-1.2.mbs1.x86_64.rpm
2c5dcdb7c6dd6c380cdb3378c0ffa798 mbs1/x86_64/php-odbc-5.5.15-1.2.mbs1.x86_64.rpm
842b7243df7c44bc7ded4cc8dbf6bc0f mbs1/x86_64/php-opcache-5.5.15-1.2.mbs1.x86_64.rpm
29c7721a8124a6850f3797ebe65fd1ab mbs1/x86_64/php-openssl-5.5.15-1.2.mbs1.x86_64.rpm
8c189b29533a3607a255857be721d061 mbs1/x86_64/php-pcntl-5.5.15-1.2.mbs1.x86_64.rpm
e8ae5b17760d973411a9638ed8b67142 mbs1/x86_64/php-pdo-5.5.15-1.2.mbs1.x86_64.rpm
ffff28eafa9f41e4e045577b111e091d mbs1/x86_64/php-pdo_dblib-5.5.15-1.2.mbs1.x86_64.rpm
b5a90904dc3df3671df1937927181e47 mbs1/x86_64/php-pdo_mysql-5.5.15-1.2.mbs1.x86_64.rpm
0eebd25c2cbe39bc9ed1b6c84ea4e636 mbs1/x86_64/php-pdo_odbc-5.5.15-1.2.mbs1.x86_64.rpm
e8273d4181167213145e7a7682227274 mbs1/x86_64/php-pdo_pgsql-5.5.15-1.2.mbs1.x86_64.rpm
44dec8ad4b772d9c89944c3c4424c5a4 mbs1/x86_64/php-pdo_sqlite-5.5.15-1.2.mbs1.x86_64.rpm
943ed26187a3a5073014263018251eee mbs1/x86_64/php-pgsql-5.5.15-1.2.mbs1.x86_64.rpm
2789e51cc768ea3ac5184cca3ddea2eb mbs1/x86_64/php-phar-5.5.15-1.2.mbs1.x86_64.rpm
501fac63e7ec95c8dd2c6af9dec94bd6 mbs1/x86_64/php-posix-5.5.15-1.2.mbs1.x86_64.rpm
9fa10c1aa3db7a2c3529480b9a6615e7 mbs1/x86_64/php-readline-5.5.15-1.2.mbs1.x86_64.rpm
228da7b34f95e5a5de65d55dd3a83ef9 mbs1/x86_64/php-recode-5.5.15-1.2.mbs1.x86_64.rpm
1c463d4247e08f9b543e0cccae4e998f mbs1/x86_64/php-session-5.5.15-1.2.mbs1.x86_64.rpm
14d63fcafd6c7de0ee19f93e83067975 mbs1/x86_64/php-shmop-5.5.15-1.2.mbs1.x86_64.rpm
ad069c46d67274dec72c65eaa37770ae mbs1/x86_64/php-snmp-5.5.15-1.2.mbs1.x86_64.rpm
bd542c561fcacee6d1536044418b712d mbs1/x86_64/php-soap-5.5.15-1.2.mbs1.x86_64.rpm
52a6c80fb00752f4642b0376c76651fb mbs1/x86_64/php-sockets-5.5.15-1.2.mbs1.x86_64.rpm
d548586123a66ac3d4dc2f4db3c67427 mbs1/x86_64/php-sqlite3-5.5.15-1.2.mbs1.x86_64.rpm
0ff1e1b38f3c9a4e28ff13b91bcaa374 mbs1/x86_64/php-sybase_ct-5.5.15-1.2.mbs1.x86_64.rpm
4693d5e0aef85ab23390bb671788857d mbs1/x86_64/php-sysvmsg-5.5.15-1.2.mbs1.x86_64.rpm
ba9fd1a164298a79b4013380200f1eba mbs1/x86_64/php-sysvsem-5.5.15-1.2.mbs1.x86_64.rpm
7ee3e362aa88cfebbccbeef4dc8e8426 mbs1/x86_64/php-sysvshm-5.5.15-1.2.mbs1.x86_64.rpm
b9b6ead8e979a87f501a2b7302860db4 mbs1/x86_64/php-tidy-5.5.15-1.2.mbs1.x86_64.rpm
25de207b2d6ef7b4ac127874d80060fa mbs1/x86_64/php-tokenizer-5.5.15-1.2.mbs1.x86_64.rpm
7143d2b5bb4731d78f474788b4872930 mbs1/x86_64/php-wddx-5.5.15-1.2.mbs1.x86_64.rpm
b365a335827c42c7f9df6f425dfc4ec0 mbs1/x86_64/php-xml-5.5.15-1.2.mbs1.x86_64.rpm
daf5a2a4f62d0a2627b965ce22bd5361 mbs1/x86_64/php-xmlreader-5.5.15-1.2.mbs1.x86_64.rpm
dc127c9e655876584af86975b59e228d mbs1/x86_64/php-xmlrpc-5.5.15-1.2.mbs1.x86_64.rpm
3f6300aa39367c97305fb28f03db82e0 mbs1/x86_64/php-xmlwriter-5.5.15-1.2.mbs1.x86_64.rpm
bc940bf9eb010e3b400442a7f2ea1082 mbs1/x86_64/php-xsl-5.5.15-1.2.mbs1.x86_64.rpm
0182998fa478cacac8e6e036f6e910a4 mbs1/x86_64/php-zip-5.5.15-1.2.mbs1.x86_64.rpm
c3af540e3596b126a0b9ba4c4dccafe6 mbs1/x86_64/php-zlib-5.5.15-1.2.mbs1.x86_64.rpm
7619610a141a2d051dccf3a5ad05be04 mbs1/SRPMS/php-5.5.15-1.2.mbs1.src.rpm
19c9a0c5a6cf7f42d26989bab0a826d5 mbs1/SRPMS/php-apc-3.1.15-1.9.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFT4dwGmqjQ0CJFipgRAhHrAKCvRKwurJLUDoDK1bEA53EN56UazgCfU+Fy
8J3pIbBMt4OgLcC9mR1U9pM=
=wN9t
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus