Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in PHP
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in PHP
ID: MDVSA-2014:059
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: So, 16. März 2014, 12:38
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
http://pecl.php.net/package-changelog.php?package=xdebug&release=2.2.4
http://www.php.net/ChangeLog-5.php#5.5.10
https://bugs.php.net/bug.php?id=66731
https://bugs.php.net/bug.php?id=66815
https://bugs.php.net/bug.php?id=66820
Applikationen: PHP

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1394800225-26869-0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:059
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : March 14, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in php:
 
 Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)).
 
 Fixed bug #66820 (out-of-bounds memory access in fileinfo
 (CVE-2014-2270)).
 
 Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer
 (CVE-2013-7327)).
 
 The updated php packages have been upgraded to the 5.5.10 version
 which is not vulnerable to these issues.
 
 The php-xdebug packages has been upgraded to the latest 2.2.4 version
 that resolves numerous upstream bugs.
 
 Additionally, the PECL packages which requires so has been rebuilt
 for php-5.5.10.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7327
 http://www.php.net/ChangeLog-5.php#5.5.10
 https://bugs.php.net/bug.php?id=66731
 https://bugs.php.net/bug.php?id=66820
 https://bugs.php.net/bug.php?id=66815
 http://pecl.php.net/package-changelog.php?package=xdebug&release=2.2.4
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 24737449ee336d5e9824e2f2ae543292 
 mbs1/x86_64/apache-mod_php-5.5.10-1.1.mbs1.x86_64.rpm
 0b922c54fa9223fecc8d35a5c7c8599e 
 mbs1/x86_64/lib64php5_common5-5.5.10-1.1.mbs1.x86_64.rpm
 7ee561479c57d59fd98a5501e9586500 
 mbs1/x86_64/php-apc-3.1.15-1.4.mbs1.x86_64.rpm
 eb7de5759296f86517f5edfd9d4436ca 
 mbs1/x86_64/php-apc-admin-3.1.15-1.4.mbs1.x86_64.rpm
 a1d9c94696da01a54ef8fdc514e87eeb 
 mbs1/x86_64/php-bcmath-5.5.10-1.1.mbs1.x86_64.rpm
 1b2cd506955bff2be731071a094c722f 
 mbs1/x86_64/php-bz2-5.5.10-1.1.mbs1.x86_64.rpm
 8960e53771c38895428275376133ad80 
 mbs1/x86_64/php-calendar-5.5.10-1.1.mbs1.x86_64.rpm
 76ae075f4cb8bbd735289a6c1d06fd7a 
 mbs1/x86_64/php-cgi-5.5.10-1.1.mbs1.x86_64.rpm
 12b695df15e1f8cb7b0a4dfe6c9aa088 
 mbs1/x86_64/php-cli-5.5.10-1.1.mbs1.x86_64.rpm
 f8f5f6b8ed7afaffe4893ee713198f96 
 mbs1/x86_64/php-ctype-5.5.10-1.1.mbs1.x86_64.rpm
 1950d33f015eefc8014070526758ee8e 
 mbs1/x86_64/php-curl-5.5.10-1.1.mbs1.x86_64.rpm
 9497d5da046377151644e93733cb074e 
 mbs1/x86_64/php-dba-5.5.10-1.1.mbs1.x86_64.rpm
 ac662e5ef7059d81cccb62c7bbe97901 
 mbs1/x86_64/php-devel-5.5.10-1.1.mbs1.x86_64.rpm
 87a743ba4947af120c24da6115c7e6db 
 mbs1/x86_64/php-doc-5.5.10-1.1.mbs1.noarch.rpm
 b941027ff5051dc2811b4263f6bf20b1 
 mbs1/x86_64/php-dom-5.5.10-1.1.mbs1.x86_64.rpm
 77c456007f9d6e330bfa514dc7e2c71c 
 mbs1/x86_64/php-enchant-5.5.10-1.1.mbs1.x86_64.rpm
 e14bbbfe6cbd0027eb92f2de676bda2b 
 mbs1/x86_64/php-exif-5.5.10-1.1.mbs1.x86_64.rpm
 016db3c40dafc614f69ed163870d0ba9 
 mbs1/x86_64/php-fileinfo-5.5.10-1.1.mbs1.x86_64.rpm
 800722c1127bf7f835fed88d5805612a 
 mbs1/x86_64/php-filter-5.5.10-1.1.mbs1.x86_64.rpm
 c25709c616879f64ca095493a250e49a 
 mbs1/x86_64/php-fpm-5.5.10-1.1.mbs1.x86_64.rpm
 dd3b14133c3e5e299976709acaba36f1 
 mbs1/x86_64/php-ftp-5.5.10-1.1.mbs1.x86_64.rpm
 33285cc7d2f89640c84a89c2d78d4c1c 
 mbs1/x86_64/php-gd-5.5.10-1.1.mbs1.x86_64.rpm
 98815ed19f6a439995c257c86d3fd8e7 
 mbs1/x86_64/php-gettext-5.5.10-1.1.mbs1.x86_64.rpm
 2c34c8d28d2bcf105deced29a743ce10 
 mbs1/x86_64/php-gmp-5.5.10-1.1.mbs1.x86_64.rpm
 66f17761f797c9ba5b9f64359df0e444 
 mbs1/x86_64/php-hash-5.5.10-1.1.mbs1.x86_64.rpm
 a9679cf58298c91fe11e9065888f3ecf 
 mbs1/x86_64/php-iconv-5.5.10-1.1.mbs1.x86_64.rpm
 44c8fd8cbd7a749ce405eafcb5cfaba0 
 mbs1/x86_64/php-imap-5.5.10-1.1.mbs1.x86_64.rpm
 de60f25c3e3da02a1ed96ea3c6b7d146 
 mbs1/x86_64/php-ini-5.5.10-1.1.mbs1.x86_64.rpm
 674171b2daf508b7709ec0fa39f3dadb 
 mbs1/x86_64/php-intl-5.5.10-1.1.mbs1.x86_64.rpm
 b4b75e252c03be45e1ea42d93cbb559d 
 mbs1/x86_64/php-json-5.5.10-1.1.mbs1.x86_64.rpm
 10071e1f44d3ec6500559211168c3b4a 
 mbs1/x86_64/php-ldap-5.5.10-1.1.mbs1.x86_64.rpm
 4b7e7d0a0b6adcca257a2fd124e62c58 
 mbs1/x86_64/php-mbstring-5.5.10-1.1.mbs1.x86_64.rpm
 19345fe51062884bd7c9ff80f49dcbdb 
 mbs1/x86_64/php-mcrypt-5.5.10-1.1.mbs1.x86_64.rpm
 e2a844b656f9ab03b731ad2f272b5d2b 
 mbs1/x86_64/php-mssql-5.5.10-1.1.mbs1.x86_64.rpm
 4fcf706c941176818fdfc995fba8209c 
 mbs1/x86_64/php-mysql-5.5.10-1.1.mbs1.x86_64.rpm
 46c3635f1e79e351b2d63d7be993557b 
 mbs1/x86_64/php-mysqli-5.5.10-1.1.mbs1.x86_64.rpm
 6b652b39093992140614a97e4633ee52 
 mbs1/x86_64/php-mysqlnd-5.5.10-1.1.mbs1.x86_64.rpm
 d8712b4ec5533dd53c3e1a6854a41612 
 mbs1/x86_64/php-odbc-5.5.10-1.1.mbs1.x86_64.rpm
 58da4457f76d98468fbc2216a82a6210 
 mbs1/x86_64/php-opcache-5.5.10-1.1.mbs1.x86_64.rpm
 67847c07b4d21ef262864d25a633d70a 
 mbs1/x86_64/php-openssl-5.5.10-1.1.mbs1.x86_64.rpm
 daf97d8271493a2ecbd18ad20a857bcf 
 mbs1/x86_64/php-pcntl-5.5.10-1.1.mbs1.x86_64.rpm
 4a6aed5d64de832c986caa41d4a99919 
 mbs1/x86_64/php-pdo-5.5.10-1.1.mbs1.x86_64.rpm
 38358c84106e4f5c86704c92f09a4852 
 mbs1/x86_64/php-pdo_dblib-5.5.10-1.1.mbs1.x86_64.rpm
 f5f013d46693b257672a53333c1d2aef 
 mbs1/x86_64/php-pdo_mysql-5.5.10-1.1.mbs1.x86_64.rpm
 a052eca4ad1c2fa1aa2cc5a492864959 
 mbs1/x86_64/php-pdo_odbc-5.5.10-1.1.mbs1.x86_64.rpm
 e5e592546df1d334c3bd8e26be14784e 
 mbs1/x86_64/php-pdo_pgsql-5.5.10-1.1.mbs1.x86_64.rpm
 bfe91133e7dd8ecd326d033f09156fd5 
 mbs1/x86_64/php-pdo_sqlite-5.5.10-1.1.mbs1.x86_64.rpm
 cec3e2d7281150e42c138375c7047392 
 mbs1/x86_64/php-pgsql-5.5.10-1.1.mbs1.x86_64.rpm
 45a7eefb527a69d733e121d6814e4294 
 mbs1/x86_64/php-phar-5.5.10-1.1.mbs1.x86_64.rpm
 093b385f0d0b46e3f6fd33f914548a0a 
 mbs1/x86_64/php-posix-5.5.10-1.1.mbs1.x86_64.rpm
 5864c26cd75dbe4f3c78b369081f0438 
 mbs1/x86_64/php-readline-5.5.10-1.1.mbs1.x86_64.rpm
 d0f41537a40bd91a5f1f3a8ca5fde200 
 mbs1/x86_64/php-recode-5.5.10-1.1.mbs1.x86_64.rpm
 ad5ab348291e6b2e5a4eb3bb33ce8a2f 
 mbs1/x86_64/php-session-5.5.10-1.1.mbs1.x86_64.rpm
 cf9882756cfc5ca36ceffe23a148bb47 
 mbs1/x86_64/php-shmop-5.5.10-1.1.mbs1.x86_64.rpm
 74b1621ca81142e93046925bed22a5e8 
 mbs1/x86_64/php-snmp-5.5.10-1.1.mbs1.x86_64.rpm
 80e3ba9497626214b3bcc2712f60ac5f 
 mbs1/x86_64/php-soap-5.5.10-1.1.mbs1.x86_64.rpm
 9de06a2dee1e54d7f42a33a17ca8205b 
 mbs1/x86_64/php-sockets-5.5.10-1.1.mbs1.x86_64.rpm
 c030bff618bbcb037e812ddb94649eb5 
 mbs1/x86_64/php-sqlite3-5.5.10-1.1.mbs1.x86_64.rpm
 b65a0c3e62630b815656e80da43a2480 
 mbs1/x86_64/php-sybase_ct-5.5.10-1.1.mbs1.x86_64.rpm
 be0694c255784a0a4f35f0e8d15f201b 
 mbs1/x86_64/php-sysvmsg-5.5.10-1.1.mbs1.x86_64.rpm
 80ad06376f143a770cfb5cba1d848af2 
 mbs1/x86_64/php-sysvsem-5.5.10-1.1.mbs1.x86_64.rpm
 20ee2f4ab2344649920c7ea75d251229 
 mbs1/x86_64/php-sysvshm-5.5.10-1.1.mbs1.x86_64.rpm
 756a95f3f9caf872ca3e656ae2c8f6e1 
 mbs1/x86_64/php-tidy-5.5.10-1.1.mbs1.x86_64.rpm
 ea69b8f0630a5016589c5340e9f8cb08 
 mbs1/x86_64/php-tokenizer-5.5.10-1.1.mbs1.x86_64.rpm
 9120358796e07a057bcb49b3f7a3287a 
 mbs1/x86_64/php-wddx-5.5.10-1.1.mbs1.x86_64.rpm
 140204bf0eb22cbaa71392c87217730b 
 mbs1/x86_64/php-xdebug-2.2.4-1.mbs1.x86_64.rpm
 d8f2b85bd082332a608612deeee0a527 
 mbs1/x86_64/php-xml-5.5.10-1.1.mbs1.x86_64.rpm
 1373b28914b0e1fc52d98e8599ab5286 
 mbs1/x86_64/php-xmlreader-5.5.10-1.1.mbs1.x86_64.rpm
 24767241f254b25cf40f22c5b42009d4 
 mbs1/x86_64/php-xmlrpc-5.5.10-1.1.mbs1.x86_64.rpm
 ebe5805c7fc2ba228019f461f666d53f 
 mbs1/x86_64/php-xmlwriter-5.5.10-1.1.mbs1.x86_64.rpm
 d8e5137af8780fb2aa1588d926ea5214 
 mbs1/x86_64/php-xsl-5.5.10-1.1.mbs1.x86_64.rpm
 8e7ec6219aa8ec67b7e34752266fd0c3 
 mbs1/x86_64/php-zip-5.5.10-1.1.mbs1.x86_64.rpm
 02eaebe931a02fa3b7aeee6f90078b59 
 mbs1/x86_64/php-zlib-5.5.10-1.1.mbs1.x86_64.rpm 
 d32d95daec74ca968d0143f9bb4c39aa  mbs1/SRPMS/php-5.5.10-1.1.mbs1.src.rpm
 cef70e625abea16578f7234743896bae  mbs1/SRPMS/php-apc-3.1.15-1.4.mbs1.src.rpm
 015ce9f2892ee94a3a73a8a15bdc58fd  mbs1/SRPMS/php-xdebug-2.2.4-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTIsvKmqjQ0CJFipgRApfjAKDHpy/8XvFn1A9/+/8RG+R6WCKbiwCfdgcv
HD1vXz3eegn3ApmAVUKBfiE=
=+nza
-----END PGP SIGNATURE-----


------------=_1394800225-26869-0
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1394800225-26869-0--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung