-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:059 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : php Date : March 14, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in php: Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)). Fixed bug #66820 (out-of-bounds memory access in fileinfo (CVE-2014-2270)). Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer (CVE-2013-7327)). The updated php packages have been upgraded to the 5.5.10 version which is not vulnerable to these issues. The php-xdebug packages has been upgraded to the latest 2.2.4 version that resolves numerous upstream bugs. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.10. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7327 http://www.php.net/ChangeLog-5.php#5.5.10 https://bugs.php.net/bug.php?id=66731 https://bugs.php.net/bug.php?id=66820 https://bugs.php.net/bug.php?id=66815 http://pecl.php.net/package-changelog.php?package=xdebug&release=2.2.4 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 24737449ee336d5e9824e2f2ae543292 mbs1/x86_64/apache-mod_php-5.5.10-1.1.mbs1.x86_64.rpm 0b922c54fa9223fecc8d35a5c7c8599e mbs1/x86_64/lib64php5_common5-5.5.10-1.1.mbs1.x86_64.rpm 7ee561479c57d59fd98a5501e9586500 mbs1/x86_64/php-apc-3.1.15-1.4.mbs1.x86_64.rpm eb7de5759296f86517f5edfd9d4436ca mbs1/x86_64/php-apc-admin-3.1.15-1.4.mbs1.x86_64.rpm a1d9c94696da01a54ef8fdc514e87eeb mbs1/x86_64/php-bcmath-5.5.10-1.1.mbs1.x86_64.rpm 1b2cd506955bff2be731071a094c722f mbs1/x86_64/php-bz2-5.5.10-1.1.mbs1.x86_64.rpm 8960e53771c38895428275376133ad80 mbs1/x86_64/php-calendar-5.5.10-1.1.mbs1.x86_64.rpm 76ae075f4cb8bbd735289a6c1d06fd7a mbs1/x86_64/php-cgi-5.5.10-1.1.mbs1.x86_64.rpm 12b695df15e1f8cb7b0a4dfe6c9aa088 mbs1/x86_64/php-cli-5.5.10-1.1.mbs1.x86_64.rpm f8f5f6b8ed7afaffe4893ee713198f96 mbs1/x86_64/php-ctype-5.5.10-1.1.mbs1.x86_64.rpm 1950d33f015eefc8014070526758ee8e mbs1/x86_64/php-curl-5.5.10-1.1.mbs1.x86_64.rpm 9497d5da046377151644e93733cb074e mbs1/x86_64/php-dba-5.5.10-1.1.mbs1.x86_64.rpm ac662e5ef7059d81cccb62c7bbe97901 mbs1/x86_64/php-devel-5.5.10-1.1.mbs1.x86_64.rpm 87a743ba4947af120c24da6115c7e6db mbs1/x86_64/php-doc-5.5.10-1.1.mbs1.noarch.rpm b941027ff5051dc2811b4263f6bf20b1 mbs1/x86_64/php-dom-5.5.10-1.1.mbs1.x86_64.rpm 77c456007f9d6e330bfa514dc7e2c71c mbs1/x86_64/php-enchant-5.5.10-1.1.mbs1.x86_64.rpm e14bbbfe6cbd0027eb92f2de676bda2b mbs1/x86_64/php-exif-5.5.10-1.1.mbs1.x86_64.rpm 016db3c40dafc614f69ed163870d0ba9 mbs1/x86_64/php-fileinfo-5.5.10-1.1.mbs1.x86_64.rpm 800722c1127bf7f835fed88d5805612a mbs1/x86_64/php-filter-5.5.10-1.1.mbs1.x86_64.rpm c25709c616879f64ca095493a250e49a mbs1/x86_64/php-fpm-5.5.10-1.1.mbs1.x86_64.rpm dd3b14133c3e5e299976709acaba36f1 mbs1/x86_64/php-ftp-5.5.10-1.1.mbs1.x86_64.rpm 33285cc7d2f89640c84a89c2d78d4c1c mbs1/x86_64/php-gd-5.5.10-1.1.mbs1.x86_64.rpm 98815ed19f6a439995c257c86d3fd8e7 mbs1/x86_64/php-gettext-5.5.10-1.1.mbs1.x86_64.rpm 2c34c8d28d2bcf105deced29a743ce10 mbs1/x86_64/php-gmp-5.5.10-1.1.mbs1.x86_64.rpm 66f17761f797c9ba5b9f64359df0e444 mbs1/x86_64/php-hash-5.5.10-1.1.mbs1.x86_64.rpm a9679cf58298c91fe11e9065888f3ecf mbs1/x86_64/php-iconv-5.5.10-1.1.mbs1.x86_64.rpm 44c8fd8cbd7a749ce405eafcb5cfaba0 mbs1/x86_64/php-imap-5.5.10-1.1.mbs1.x86_64.rpm de60f25c3e3da02a1ed96ea3c6b7d146 mbs1/x86_64/php-ini-5.5.10-1.1.mbs1.x86_64.rpm 674171b2daf508b7709ec0fa39f3dadb mbs1/x86_64/php-intl-5.5.10-1.1.mbs1.x86_64.rpm b4b75e252c03be45e1ea42d93cbb559d mbs1/x86_64/php-json-5.5.10-1.1.mbs1.x86_64.rpm 10071e1f44d3ec6500559211168c3b4a mbs1/x86_64/php-ldap-5.5.10-1.1.mbs1.x86_64.rpm 4b7e7d0a0b6adcca257a2fd124e62c58 mbs1/x86_64/php-mbstring-5.5.10-1.1.mbs1.x86_64.rpm 19345fe51062884bd7c9ff80f49dcbdb mbs1/x86_64/php-mcrypt-5.5.10-1.1.mbs1.x86_64.rpm e2a844b656f9ab03b731ad2f272b5d2b mbs1/x86_64/php-mssql-5.5.10-1.1.mbs1.x86_64.rpm 4fcf706c941176818fdfc995fba8209c mbs1/x86_64/php-mysql-5.5.10-1.1.mbs1.x86_64.rpm 46c3635f1e79e351b2d63d7be993557b mbs1/x86_64/php-mysqli-5.5.10-1.1.mbs1.x86_64.rpm 6b652b39093992140614a97e4633ee52 mbs1/x86_64/php-mysqlnd-5.5.10-1.1.mbs1.x86_64.rpm d8712b4ec5533dd53c3e1a6854a41612 mbs1/x86_64/php-odbc-5.5.10-1.1.mbs1.x86_64.rpm 58da4457f76d98468fbc2216a82a6210 mbs1/x86_64/php-opcache-5.5.10-1.1.mbs1.x86_64.rpm 67847c07b4d21ef262864d25a633d70a mbs1/x86_64/php-openssl-5.5.10-1.1.mbs1.x86_64.rpm daf97d8271493a2ecbd18ad20a857bcf mbs1/x86_64/php-pcntl-5.5.10-1.1.mbs1.x86_64.rpm 4a6aed5d64de832c986caa41d4a99919 mbs1/x86_64/php-pdo-5.5.10-1.1.mbs1.x86_64.rpm 38358c84106e4f5c86704c92f09a4852 mbs1/x86_64/php-pdo_dblib-5.5.10-1.1.mbs1.x86_64.rpm f5f013d46693b257672a53333c1d2aef mbs1/x86_64/php-pdo_mysql-5.5.10-1.1.mbs1.x86_64.rpm a052eca4ad1c2fa1aa2cc5a492864959 mbs1/x86_64/php-pdo_odbc-5.5.10-1.1.mbs1.x86_64.rpm e5e592546df1d334c3bd8e26be14784e mbs1/x86_64/php-pdo_pgsql-5.5.10-1.1.mbs1.x86_64.rpm bfe91133e7dd8ecd326d033f09156fd5 mbs1/x86_64/php-pdo_sqlite-5.5.10-1.1.mbs1.x86_64.rpm cec3e2d7281150e42c138375c7047392 mbs1/x86_64/php-pgsql-5.5.10-1.1.mbs1.x86_64.rpm 45a7eefb527a69d733e121d6814e4294 mbs1/x86_64/php-phar-5.5.10-1.1.mbs1.x86_64.rpm 093b385f0d0b46e3f6fd33f914548a0a mbs1/x86_64/php-posix-5.5.10-1.1.mbs1.x86_64.rpm 5864c26cd75dbe4f3c78b369081f0438 mbs1/x86_64/php-readline-5.5.10-1.1.mbs1.x86_64.rpm d0f41537a40bd91a5f1f3a8ca5fde200 mbs1/x86_64/php-recode-5.5.10-1.1.mbs1.x86_64.rpm ad5ab348291e6b2e5a4eb3bb33ce8a2f mbs1/x86_64/php-session-5.5.10-1.1.mbs1.x86_64.rpm cf9882756cfc5ca36ceffe23a148bb47 mbs1/x86_64/php-shmop-5.5.10-1.1.mbs1.x86_64.rpm 74b1621ca81142e93046925bed22a5e8 mbs1/x86_64/php-snmp-5.5.10-1.1.mbs1.x86_64.rpm 80e3ba9497626214b3bcc2712f60ac5f mbs1/x86_64/php-soap-5.5.10-1.1.mbs1.x86_64.rpm 9de06a2dee1e54d7f42a33a17ca8205b mbs1/x86_64/php-sockets-5.5.10-1.1.mbs1.x86_64.rpm c030bff618bbcb037e812ddb94649eb5 mbs1/x86_64/php-sqlite3-5.5.10-1.1.mbs1.x86_64.rpm b65a0c3e62630b815656e80da43a2480 mbs1/x86_64/php-sybase_ct-5.5.10-1.1.mbs1.x86_64.rpm be0694c255784a0a4f35f0e8d15f201b mbs1/x86_64/php-sysvmsg-5.5.10-1.1.mbs1.x86_64.rpm 80ad06376f143a770cfb5cba1d848af2 mbs1/x86_64/php-sysvsem-5.5.10-1.1.mbs1.x86_64.rpm 20ee2f4ab2344649920c7ea75d251229 mbs1/x86_64/php-sysvshm-5.5.10-1.1.mbs1.x86_64.rpm 756a95f3f9caf872ca3e656ae2c8f6e1 mbs1/x86_64/php-tidy-5.5.10-1.1.mbs1.x86_64.rpm ea69b8f0630a5016589c5340e9f8cb08 mbs1/x86_64/php-tokenizer-5.5.10-1.1.mbs1.x86_64.rpm 9120358796e07a057bcb49b3f7a3287a mbs1/x86_64/php-wddx-5.5.10-1.1.mbs1.x86_64.rpm 140204bf0eb22cbaa71392c87217730b mbs1/x86_64/php-xdebug-2.2.4-1.mbs1.x86_64.rpm d8f2b85bd082332a608612deeee0a527 mbs1/x86_64/php-xml-5.5.10-1.1.mbs1.x86_64.rpm 1373b28914b0e1fc52d98e8599ab5286 mbs1/x86_64/php-xmlreader-5.5.10-1.1.mbs1.x86_64.rpm 24767241f254b25cf40f22c5b42009d4 mbs1/x86_64/php-xmlrpc-5.5.10-1.1.mbs1.x86_64.rpm ebe5805c7fc2ba228019f461f666d53f mbs1/x86_64/php-xmlwriter-5.5.10-1.1.mbs1.x86_64.rpm d8e5137af8780fb2aa1588d926ea5214 mbs1/x86_64/php-xsl-5.5.10-1.1.mbs1.x86_64.rpm 8e7ec6219aa8ec67b7e34752266fd0c3 mbs1/x86_64/php-zip-5.5.10-1.1.mbs1.x86_64.rpm 02eaebe931a02fa3b7aeee6f90078b59 mbs1/x86_64/php-zlib-5.5.10-1.1.mbs1.x86_64.rpm d32d95daec74ca968d0143f9bb4c39aa mbs1/SRPMS/php-5.5.10-1.1.mbs1.src.rpm cef70e625abea16578f7234743896bae mbs1/SRPMS/php-apc-3.1.15-1.4.mbs1.src.rpm 015ce9f2892ee94a3a73a8a15bdc58fd mbs1/SRPMS/php-xdebug-2.2.4-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTIsvKmqjQ0CJFipgRApfjAKDHpy/8XvFn1A9/+/8RG+R6WCKbiwCfdgcv HD1vXz3eegn3ApmAVUKBfiE= =+nza -----END PGP SIGNATURE-----