Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in PHP
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in PHP
ID: MDVSA-2015:004
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Mo, 5. Januar 2015, 17:02
Referenzen: http://advisories.mageia.org/MGASA-2014-0542.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142

Originalnachricht

This is a multi-part message in MIME format...

------------=_1420463532-9206-3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:004
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php
Date : January 5, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated php packages fix security vulnerability:

A use-after-free flaw was found in PHP unserialize(). An untrusted
input could cause PHP interpreter to crash or, possibly, execute
arbitrary code when processed using unserialize() (CVE-2014-8142).

PHP has been updated to version 5.5.20, which fixes these issues and
other bugs.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
http://advisories.mageia.org/MGASA-2014-0542.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
5720285929fd2da4e5a2b811fbb82ab9
mbs1/x86_64/apache-mod_php-5.5.20-1.mbs1.x86_64.rpm
800b3d577d711326623c8ccee0f01cd9
mbs1/x86_64/lib64php5_common5-5.5.20-1.mbs1.x86_64.rpm
87a70568001565518de6ea72378019fc
mbs1/x86_64/php-apc-3.1.15-1.14.mbs1.x86_64.rpm
f47356b51335e88748981c27d3b56101
mbs1/x86_64/php-apc-admin-3.1.15-1.14.mbs1.x86_64.rpm
49b993225c5a894488a0fdfeb970296a
mbs1/x86_64/php-bcmath-5.5.20-1.mbs1.x86_64.rpm
e49974dd72a4f9b5554e173e998269fe mbs1/x86_64/php-bz2-5.5.20-1.mbs1.x86_64.rpm
eaef3f62b6e1f9b1f1e2f2ae2604fbae
mbs1/x86_64/php-calendar-5.5.20-1.mbs1.x86_64.rpm
bf47b18144bcbe4e03b8668bc286105b mbs1/x86_64/php-cgi-5.5.20-1.mbs1.x86_64.rpm
7b876372748f1e202631f5a6189813f6 mbs1/x86_64/php-cli-5.5.20-1.mbs1.x86_64.rpm
62ec41210273cc5b4b3563c10e10fa77
mbs1/x86_64/php-ctype-5.5.20-1.mbs1.x86_64.rpm
5388b6a9270f3787f25ec51debec5b66
mbs1/x86_64/php-curl-5.5.20-1.mbs1.x86_64.rpm
514a74531b687c8c06466dd0540b8591 mbs1/x86_64/php-dba-5.5.20-1.mbs1.x86_64.rpm
5d69d0cce490e833d96c028d60360db9
mbs1/x86_64/php-devel-5.5.20-1.mbs1.x86_64.rpm
4ffcd00fba73c3d77fba861265361ee6 mbs1/x86_64/php-doc-5.5.20-1.mbs1.noarch.rpm
4790a31844d8d02696a7534b335d9bbb mbs1/x86_64/php-dom-5.5.20-1.mbs1.x86_64.rpm
216b909ce39213db2c803844ae287446
mbs1/x86_64/php-enchant-5.5.20-1.mbs1.x86_64.rpm
a1e0c36488c3d90f840b2e36b1fa416f
mbs1/x86_64/php-exif-5.5.20-1.mbs1.x86_64.rpm
8d19a3d6776447d262ced0bb321a485a
mbs1/x86_64/php-fileinfo-5.5.20-1.mbs1.x86_64.rpm
4cb4001e09da88dce211d2a8feb110b7
mbs1/x86_64/php-filter-5.5.20-1.mbs1.x86_64.rpm
a3ca9f0ed4ff81e1af60350b410507ca mbs1/x86_64/php-fpm-5.5.20-1.mbs1.x86_64.rpm
57dab250e8e6eb0e34ddb5a46dab2bc2 mbs1/x86_64/php-ftp-5.5.20-1.mbs1.x86_64.rpm
9b4a623cfee8a5a72adaf4fb4e9e555d mbs1/x86_64/php-gd-5.5.20-1.mbs1.x86_64.rpm
8d164897c9bc2cb30950c7b551d9a8e9
mbs1/x86_64/php-gettext-5.5.20-1.mbs1.x86_64.rpm
36d16a8f36df64497f3c530e5569bb84 mbs1/x86_64/php-gmp-5.5.20-1.mbs1.x86_64.rpm
9b88cac2d75811a7ff656768604123ab
mbs1/x86_64/php-hash-5.5.20-1.mbs1.x86_64.rpm
4d8a0d5722859f2d710b6a26b2ee9727
mbs1/x86_64/php-iconv-5.5.20-1.mbs1.x86_64.rpm
03e8ecb9f5429190f6c795b2b3b40499
mbs1/x86_64/php-imap-5.5.20-1.mbs1.x86_64.rpm
f32cfb5b4d89f8025982bb3c840d9322 mbs1/x86_64/php-ini-5.5.20-1.mbs1.x86_64.rpm
8a152756fb0ee74d89e7be069d2a6761
mbs1/x86_64/php-intl-5.5.20-1.mbs1.x86_64.rpm
0192f7fb7b08469d9c7be09f427cff7d
mbs1/x86_64/php-json-5.5.20-1.mbs1.x86_64.rpm
9e807b16221a8e3429bf2fc3b139aa94
mbs1/x86_64/php-ldap-5.5.20-1.mbs1.x86_64.rpm
948cb86a4aadf969c55c97f70ec41035
mbs1/x86_64/php-mbstring-5.5.20-1.mbs1.x86_64.rpm
872d498d32f0a16cef82fbfbc01a97ac
mbs1/x86_64/php-mcrypt-5.5.20-1.mbs1.x86_64.rpm
0e2a96f402b827cbfcc871d25d59bc83
mbs1/x86_64/php-mssql-5.5.20-1.mbs1.x86_64.rpm
e90d719e3adce6deb799fc7c14793b52
mbs1/x86_64/php-mysql-5.5.20-1.mbs1.x86_64.rpm
96a9362a00ec884406ff0ac902bac3b0
mbs1/x86_64/php-mysqli-5.5.20-1.mbs1.x86_64.rpm
51cabb52dfc7c58ff5d465f941647f8f
mbs1/x86_64/php-mysqlnd-5.5.20-1.mbs1.x86_64.rpm
572ef3e40d7ea8161a8d86183e33ac1c
mbs1/x86_64/php-odbc-5.5.20-1.mbs1.x86_64.rpm
b296ecac3dbb2ec75713425d72d1dbb8
mbs1/x86_64/php-opcache-5.5.20-1.mbs1.x86_64.rpm
0463f6265233506f9ac65dd956f3ae22
mbs1/x86_64/php-openssl-5.5.20-1.mbs1.x86_64.rpm
2cdc4b40d74dbcc315fa58606e92f03d
mbs1/x86_64/php-pcntl-5.5.20-1.mbs1.x86_64.rpm
691c184466ab3b117c355fe9ca837928 mbs1/x86_64/php-pdo-5.5.20-1.mbs1.x86_64.rpm
59a04a57c4390f2736922a790fbf3ca7
mbs1/x86_64/php-pdo_dblib-5.5.20-1.mbs1.x86_64.rpm
47bd59fca9c287140a0e4f2185dd2af7
mbs1/x86_64/php-pdo_mysql-5.5.20-1.mbs1.x86_64.rpm
78a5e31e3339d78ac0fc1d08162218da
mbs1/x86_64/php-pdo_odbc-5.5.20-1.mbs1.x86_64.rpm
7c36cf025f789d85b4165614b86316db
mbs1/x86_64/php-pdo_pgsql-5.5.20-1.mbs1.x86_64.rpm
831bfe268b87e0e3475a753c6cf7ec90
mbs1/x86_64/php-pdo_sqlite-5.5.20-1.mbs1.x86_64.rpm
68dc439506b7ec890939dd1f23e82967
mbs1/x86_64/php-pgsql-5.5.20-1.mbs1.x86_64.rpm
af39283b07cc7d0798c3affcd73a74f0
mbs1/x86_64/php-phar-5.5.20-1.mbs1.x86_64.rpm
4fe7c35ed1d88b37eac93712dba14e72
mbs1/x86_64/php-posix-5.5.20-1.mbs1.x86_64.rpm
271a18ea2eda0c0d2b0428b553b9140b
mbs1/x86_64/php-readline-5.5.20-1.mbs1.x86_64.rpm
f9866dacaceb6cd9b07b14a0eaa8edad
mbs1/x86_64/php-recode-5.5.20-1.mbs1.x86_64.rpm
840567d2df61e8c844f1d0a160073142
mbs1/x86_64/php-session-5.5.20-1.mbs1.x86_64.rpm
c3cf612304ec416faa035c5e77b24cf4
mbs1/x86_64/php-shmop-5.5.20-1.mbs1.x86_64.rpm
1b842f9d3bcccc58a5b6995ace6b7778
mbs1/x86_64/php-snmp-5.5.20-1.mbs1.x86_64.rpm
a1c63cf4d861f6cb9de809fd978fb386
mbs1/x86_64/php-soap-5.5.20-1.mbs1.x86_64.rpm
31ed20639db152f81374ccb7e84cc255
mbs1/x86_64/php-sockets-5.5.20-1.mbs1.x86_64.rpm
1161f88d397130f37a2c2cb5ea1a1591
mbs1/x86_64/php-sqlite3-5.5.20-1.mbs1.x86_64.rpm
faf741bbd816020c1232d24d43a88301
mbs1/x86_64/php-sybase_ct-5.5.20-1.mbs1.x86_64.rpm
36622ce26efd04d2174bafb8c97cd6a0
mbs1/x86_64/php-sysvmsg-5.5.20-1.mbs1.x86_64.rpm
32a1cd3801eb3d34deef3bf2b2eb175c
mbs1/x86_64/php-sysvsem-5.5.20-1.mbs1.x86_64.rpm
e9901c9efb2fd42c44369fe16610dda2
mbs1/x86_64/php-sysvshm-5.5.20-1.mbs1.x86_64.rpm
d1573514737e8cd8d3d9b93b0c6487c1
mbs1/x86_64/php-tidy-5.5.20-1.mbs1.x86_64.rpm
ade13ce2344b5ad7e018157e13e29b7d
mbs1/x86_64/php-tokenizer-5.5.20-1.mbs1.x86_64.rpm
9d1aeed50e19981be9bca6be88aad94a
mbs1/x86_64/php-wddx-5.5.20-1.mbs1.x86_64.rpm
2a045a9b68b81cd05840b060b098840e mbs1/x86_64/php-xml-5.5.20-1.mbs1.x86_64.rpm
628772e293d6075ab5bb4165494ffc53
mbs1/x86_64/php-xmlreader-5.5.20-1.mbs1.x86_64.rpm
ff722434dbc88d430481d67bab2bd6b1
mbs1/x86_64/php-xmlrpc-5.5.20-1.mbs1.x86_64.rpm
a2386debfd20d4d3cb0d0e35a45aaa95
mbs1/x86_64/php-xmlwriter-5.5.20-1.mbs1.x86_64.rpm
4d70cab1d42cd41318090d5e465dbe71 mbs1/x86_64/php-xsl-5.5.20-1.mbs1.x86_64.rpm
b3b3a06cb942d8575ff494ef1ba36f67 mbs1/x86_64/php-zip-5.5.20-1.mbs1.x86_64.rpm
d01068faa1c68ecf27853dd2a76be0aa
mbs1/x86_64/php-zlib-5.5.20-1.mbs1.x86_64.rpm
810dd39796955d28c83b42e917486537 mbs1/SRPMS/php-5.5.20-1.mbs1.src.rpm
04608504f9981bfd981a1be5b537e1ea mbs1/SRPMS/php-apc-3.1.15-1.14.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUqn96mqjQ0CJFipgRAlnaAKDW5GhSOvkltpdaL1xjc+v3N3hHewCgpJv2
Ba+V1qB+QyffKajCVzRo/C0=
=rqW0
-----END PGP SIGNATURE-----


------------=_1420463532-9206-3
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1420463532-9206-3--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung