BugTraq
[ MDVSA-2014:202 ] php Oct 23 2014 10:31AM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:202
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php
Date : October 23, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

A vulnerability has been discovered and corrected in php:

A heap corruption issue was reported in PHP's exif_thumbnail()
function. A specially-crafted JPEG image could cause the PHP
interpreter to crash or, potentially, execute arbitrary code
(CVE-2014-3670).

The updated php packages have been upgraded to the 5.5.18 version
resolve this security flaw.

Additionally, php-apc has been rebuilt against the updated php
packages.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
http://php.net/ChangeLog-5.php#5.5.18
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
b84db9e325102ccc20006f5e6ccb74a1 mbs1/x86_64/apache-mod_php-5.5.18-1.mbs1.x86_64.rpm
3ae59a3a698c2739ec14f1f148b92f29 mbs1/x86_64/lib64php5_common5-5.5.18-1.mbs1.x86_64.rpm
ade8aaab55f610c54bc39aa68e56d153 mbs1/x86_64/php-apc-3.1.15-1.12.mbs1.x86_64.rpm
78169707954ef896c52611c354b79368 mbs1/x86_64/php-apc-admin-3.1.15-1.12.mbs1.x86_64.rpm
ab9faf90ad2cbee0d595c3536757b1b2 mbs1/x86_64/php-bcmath-5.5.18-1.mbs1.x86_64.rpm
bc0cc28f753e3d389b49974795ce2ccc mbs1/x86_64/php-bz2-5.5.18-1.mbs1.x86_64.rpm
1162526089cb1fb9fce42c26646e605d mbs1/x86_64/php-calendar-5.5.18-1.mbs1.x86_64.rpm
5760732b5f73910e6465e8ccbb765c1d mbs1/x86_64/php-cgi-5.5.18-1.mbs1.x86_64.rpm
6e38ac768c2085960c3aa0dc39e4d7a0 mbs1/x86_64/php-cli-5.5.18-1.mbs1.x86_64.rpm
985a2cae71704a360f607b4c2850eb2c mbs1/x86_64/php-ctype-5.5.18-1.mbs1.x86_64.rpm
c8d1546ad51a8a5cd74d578333d89e0f mbs1/x86_64/php-curl-5.5.18-1.mbs1.x86_64.rpm
366687605290ff08a905f7b4ae67e5ca mbs1/x86_64/php-dba-5.5.18-1.mbs1.x86_64.rpm
0ae24b75bb2c73d57455610579ca6438 mbs1/x86_64/php-devel-5.5.18-1.mbs1.x86_64.rpm
18c5288d2420077c3d472c0eff231372 mbs1/x86_64/php-doc-5.5.18-1.mbs1.noarch.rpm
53fe9ddfe1ecc35b09da6ab4042844cb mbs1/x86_64/php-dom-5.5.18-1.mbs1.x86_64.rpm
78b98a326094e361314deba320d73584 mbs1/x86_64/php-enchant-5.5.18-1.mbs1.x86_64.rpm
8746b68c71c917878ec07c9891672c80 mbs1/x86_64/php-exif-5.5.18-1.mbs1.x86_64.rpm
8c998a6b4af589404d9d34a6a3cb8784 mbs1/x86_64/php-fileinfo-5.5.18-1.mbs1.x86_64.rpm
a9215efa31cdcd8ca97e33f189aad25b mbs1/x86_64/php-filter-5.5.18-1.mbs1.x86_64.rpm
6dc0b37ef6ecf4f72176457a412d971b mbs1/x86_64/php-fpm-5.5.18-1.mbs1.x86_64.rpm
141583776c38c25fe198f42fe99ee2c4 mbs1/x86_64/php-ftp-5.5.18-1.mbs1.x86_64.rpm
3f3f9dea5d6e1ec1561d0b108ec6a0ba mbs1/x86_64/php-gd-5.5.18-1.mbs1.x86_64.rpm
a9951b26680e9e4652101113007febf2 mbs1/x86_64/php-gettext-5.5.18-1.mbs1.x86_64.rpm
29c8abcd2df356cac390194290ce7c3b mbs1/x86_64/php-gmp-5.5.18-1.mbs1.x86_64.rpm
3194410dd2d76511732211bb40d5d9b0 mbs1/x86_64/php-hash-5.5.18-1.mbs1.x86_64.rpm
2e3953de46a8334dbcec5264a4f0a12e mbs1/x86_64/php-iconv-5.5.18-1.mbs1.x86_64.rpm
2928e4e3fe91bb55562b6b65aaba3ae7 mbs1/x86_64/php-imap-5.5.18-1.mbs1.x86_64.rpm
d7d3c35bfbccca665919bc5943397bb5 mbs1/x86_64/php-ini-5.5.18-1.mbs1.x86_64.rpm
0913099a2defd61e8398fe0e20f66c4d mbs1/x86_64/php-intl-5.5.18-1.mbs1.x86_64.rpm
8ba4ebc4f791d030de275468938617df mbs1/x86_64/php-json-5.5.18-1.mbs1.x86_64.rpm
141fcf13af5eab6ca869017a7d59c8c9 mbs1/x86_64/php-ldap-5.5.18-1.mbs1.x86_64.rpm
961df415435d9b4b38693119edabcd0b mbs1/x86_64/php-mbstring-5.5.18-1.mbs1.x86_64.rpm
60ffb2d50b6c5ed1abaa5654ef259c9e mbs1/x86_64/php-mcrypt-5.5.18-1.mbs1.x86_64.rpm
ab32e34ee6f479669be75492b62b1f82 mbs1/x86_64/php-mssql-5.5.18-1.mbs1.x86_64.rpm
7681ccf2b0a6111cb104be83467b260e mbs1/x86_64/php-mysql-5.5.18-1.mbs1.x86_64.rpm
9de3dec1b62dc2044861723730167bc4 mbs1/x86_64/php-mysqli-5.5.18-1.mbs1.x86_64.rpm
11c665b60f7e37c08d93d4b6b8f5cfcf mbs1/x86_64/php-mysqlnd-5.5.18-1.mbs1.x86_64.rpm
c4fed88774a92ce914db7abe80a9a61d mbs1/x86_64/php-odbc-5.5.18-1.mbs1.x86_64.rpm
c14cb622659a9931e2700ed236e68ae9 mbs1/x86_64/php-opcache-5.5.18-1.mbs1.x86_64.rpm
fcd7e445e2212b08a8383f954a1df018 mbs1/x86_64/php-openssl-5.5.18-1.mbs1.x86_64.rpm
5d47874839404826e411554318711555 mbs1/x86_64/php-pcntl-5.5.18-1.mbs1.x86_64.rpm
0866b98e77b01c6f76618e9f3d76306d mbs1/x86_64/php-pdo-5.5.18-1.mbs1.x86_64.rpm
0a0f637484a3ddadccdfb11057f1fb5a mbs1/x86_64/php-pdo_dblib-5.5.18-1.mbs1.x86_64.rpm
e357a83cbf035c367440c873d25ba4f2 mbs1/x86_64/php-pdo_mysql-5.5.18-1.mbs1.x86_64.rpm
0f1836cc0696ee375249aef058f0f245 mbs1/x86_64/php-pdo_odbc-5.5.18-1.mbs1.x86_64.rpm
98bc2715b3c1bf0cdcad9f492227abae mbs1/x86_64/php-pdo_pgsql-5.5.18-1.mbs1.x86_64.rpm
41c360d01b68b3bc77a21a6086ef194e mbs1/x86_64/php-pdo_sqlite-5.5.18-1.mbs1.x86_64.rpm
299d6a500a7e011b3b5be40c1a7735f5 mbs1/x86_64/php-pgsql-5.5.18-1.mbs1.x86_64.rpm
da24102ba2f7a63eaaef0fecaa55beb5 mbs1/x86_64/php-phar-5.5.18-1.mbs1.x86_64.rpm
efc3c6b8de4b15d79ea4bdc519fc8a8a mbs1/x86_64/php-posix-5.5.18-1.mbs1.x86_64.rpm
d79178dae1c847185d8f7a5051a44825 mbs1/x86_64/php-readline-5.5.18-1.mbs1.x86_64.rpm
368cea97143ba8c8d72c9e59e1c50913 mbs1/x86_64/php-recode-5.5.18-1.mbs1.x86_64.rpm
68a93e38ecad3eaa241bc3cb2c0347cf mbs1/x86_64/php-session-5.5.18-1.mbs1.x86_64.rpm
9a0029d4250c30677ead8089acaf0c51 mbs1/x86_64/php-shmop-5.5.18-1.mbs1.x86_64.rpm
8c76cd1bf9e440e9648c619724417371 mbs1/x86_64/php-snmp-5.5.18-1.mbs1.x86_64.rpm
8f5693203a0d60f48e5619dbab2db416 mbs1/x86_64/php-soap-5.5.18-1.mbs1.x86_64.rpm
01790d54888a2d87b15bd3331c571449 mbs1/x86_64/php-sockets-5.5.18-1.mbs1.x86_64.rpm
85e4e04669bbe9c6e9de1ff78ff49274 mbs1/x86_64/php-sqlite3-5.5.18-1.mbs1.x86_64.rpm
fc2bd0f9b54861470671f37a580a1d46 mbs1/x86_64/php-sybase_ct-5.5.18-1.mbs1.x86_64.rpm
c3610251005ac7b319ed8f7bed344486 mbs1/x86_64/php-sysvmsg-5.5.18-1.mbs1.x86_64.rpm
4b82dbc9eaeaa45cbf32ce5756b5c3d0 mbs1/x86_64/php-sysvsem-5.5.18-1.mbs1.x86_64.rpm
3374366b7ea2ccc20308ed2adc8ec221 mbs1/x86_64/php-sysvshm-5.5.18-1.mbs1.x86_64.rpm
636bc7a540ccd06282de2d7ed0ab3690 mbs1/x86_64/php-tidy-5.5.18-1.mbs1.x86_64.rpm
16a11f259002930ee920440669445ff9 mbs1/x86_64/php-tokenizer-5.5.18-1.mbs1.x86_64.rpm
a512fe6c82be2f4432b1ded3489edcbd mbs1/x86_64/php-wddx-5.5.18-1.mbs1.x86_64.rpm
ef4e52504eb75fae14f3cc3c38bd4603 mbs1/x86_64/php-xml-5.5.18-1.mbs1.x86_64.rpm
4dea2a8396ac039df6d5959b9c39b63a mbs1/x86_64/php-xmlreader-5.5.18-1.mbs1.x86_64.rpm
947eb1384492d4aad886727ec8d9389c mbs1/x86_64/php-xmlrpc-5.5.18-1.mbs1.x86_64.rpm
b2ebbda90c808ae5fe8d842f94fe8364 mbs1/x86_64/php-xmlwriter-5.5.18-1.mbs1.x86_64.rpm
a8412459476cc34131aad1002580c909 mbs1/x86_64/php-xsl-5.5.18-1.mbs1.x86_64.rpm
cc4d955eb39fb64cc5206d24aab0acaa mbs1/x86_64/php-zip-5.5.18-1.mbs1.x86_64.rpm
0da49615c744294db6a8e603b833a91a mbs1/x86_64/php-zlib-5.5.18-1.mbs1.x86_64.rpm
a6e71411ed5b80fa7e5b428eefb0cc4d mbs1/SRPMS/php-5.5.18-1.mbs1.src.rpm
b62ae9619949646fb87897dd48a59142 mbs1/SRPMS/php-apc-3.1.15-1.12.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUSMrXmqjQ0CJFipgRAplJAJsHiEWftELp+nDph3P7sO+yESmQiQCfb02E
OQ8AXlipI1KEvmS9qbcotMs=
=xNV7
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus