Sicherheit: Mehrere Probleme in PHP

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1427526028-3111-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:079
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php
Date : March 28, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in php:

S. Paraschoudis discovered that PHP incorrectly handled memory in
the enchant binding. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code (CVE-2014-9705).

Taoguang Chen discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code
(CVE-2015-0273).

It was discovered that PHP incorrectly handled memory in the phar
extension. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2015-2301).

Use-after-free vulnerability in the process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before
5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute
arbitrary code via a crafted unserialize call that leverages improper
handling of duplicate numerical keys within the serialized properties
of an object. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-8142 (CVE-2015-0231).

An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the way libzip, which is embedded in PHP, processed
certain ZIP archives. If an attacker were able to supply a specially
crafted ZIP archive to an application using libzip, it could cause
the application to crash or, possibly, execute arbitrary code
(CVE-2015-2331).

It was discovered that the PHP opcache component incorrectly handled
memory. A remote attacker could possibly use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code (CVE-2015-1351).

It was discovered that the PHP PostgreSQL database extension
incorrectly handled certain pointers. A remote attacker could possibly
use this issue to cause PHP to crash, resulting in a denial of service,
or possibly execute arbitrary code (CVE-2015-1352).

The updated php packages have been patched and upgraded to the 5.5.23
version which is not vulnerable to these issues. The libzip packages
has been patched to address the CVE-2015-2331 flaw.

Additionally the php-xdebug package has been upgraded to the latest
2.3.2 and the PECL packages which requires so has been rebuilt for
php-5.5.23.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://php.net/ChangeLog-5.php#5.5.22
http://php.net/ChangeLog-5.php#5.5.23
http://www.ubuntu.com/usn/usn-2535-1/
http://www.ubuntu.com/usn/usn-2501-1/
https://bugzilla.redhat.com/show_bug.cgi?id=1204676
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
3c1e2ab81c1731c63a99a4a7c66d48d3
mbs1/x86_64/apache-mod_php-5.5.23-1.mbs1.x86_64.rpm
6a12e93ebf52d6cb505652cb919b73c3
mbs1/x86_64/lib64php5_common5-5.5.23-1.mbs1.x86_64.rpm
92ae97e82c0bae091c65847f672f0369
mbs1/x86_64/lib64zip2-0.10.1-2.1.mbs1.x86_64.rpm
ac28732246df9bf58921740921560c67
mbs1/x86_64/lib64zip-devel-0.10.1-2.1.mbs1.x86_64.rpm
538fad85574f17991959c00f0b4a43b1
mbs1/x86_64/libzip-0.10.1-2.1.mbs1.x86_64.rpm
70d44c88afb55e2b1519e8d3a71f274c
mbs1/x86_64/php-apc-3.1.15-1.17.mbs1.x86_64.rpm
2e2f9c88f1d92bc4f3f0e4df3908fd73
mbs1/x86_64/php-apc-admin-3.1.15-1.17.mbs1.x86_64.rpm
e3d5f3fb0fcace77e78209986102b171
mbs1/x86_64/php-bcmath-5.5.23-1.mbs1.x86_64.rpm
1ca44e20629234028499eda497f27059 mbs1/x86_64/php-bz2-5.5.23-1.mbs1.x86_64.rpm
473167211cea7e0b62916e66921ee5a4
mbs1/x86_64/php-calendar-5.5.23-1.mbs1.x86_64.rpm
214618465b0e9b1dac6efb3b4f52b988 mbs1/x86_64/php-cgi-5.5.23-1.mbs1.x86_64.rpm
6b178d78c6dd197b6643e7e493bce359 mbs1/x86_64/php-cli-5.5.23-1.mbs1.x86_64.rpm
c1d4dd5178780fc999f449024ebde36e
mbs1/x86_64/php-ctype-5.5.23-1.mbs1.x86_64.rpm
152132662ebefb9ade6fa67465b9af2a
mbs1/x86_64/php-curl-5.5.23-1.mbs1.x86_64.rpm
01961ff4ec2820dd005d336f0671fe04 mbs1/x86_64/php-dba-5.5.23-1.mbs1.x86_64.rpm
96a7ecb45d71793af39558a1369853e2
mbs1/x86_64/php-devel-5.5.23-1.mbs1.x86_64.rpm
2106bf2eb5a17f18379add6b17408ed3 mbs1/x86_64/php-doc-5.5.23-1.mbs1.noarch.rpm
c657e211cc4627a792f67e6c9f5eb06b mbs1/x86_64/php-dom-5.5.23-1.mbs1.x86_64.rpm
675db3e8eb585640b7a04a04e5ffce93
mbs1/x86_64/php-enchant-5.5.23-1.mbs1.x86_64.rpm
bf345e51365465268e696684b77c9cc8
mbs1/x86_64/php-exif-5.5.23-1.mbs1.x86_64.rpm
69352287afb24b38ba68f995ddece5ab
mbs1/x86_64/php-fileinfo-5.5.23-1.mbs1.x86_64.rpm
bbf3d7067c2bbc71a4a9ae5e353c6f8e
mbs1/x86_64/php-filter-5.5.23-1.mbs1.x86_64.rpm
c6a25a432547a0e8d404dab281963d74 mbs1/x86_64/php-fpm-5.5.23-1.mbs1.x86_64.rpm
889332d46d1d9f1a2cf6421b6a5b5e3f mbs1/x86_64/php-ftp-5.5.23-1.mbs1.x86_64.rpm
86a90c9565562b5b360eb11d431536e7 mbs1/x86_64/php-gd-5.5.23-1.mbs1.x86_64.rpm
dba72038f9098f7332e969b19c9d65a8
mbs1/x86_64/php-gettext-5.5.23-1.mbs1.x86_64.rpm
b25d3f9ded7322a2b28942648ec74ff4 mbs1/x86_64/php-gmp-5.5.23-1.mbs1.x86_64.rpm
9bf5bfcb843c2d3b71855792e6b2050e
mbs1/x86_64/php-hash-5.5.23-1.mbs1.x86_64.rpm
284a394dbe68e756c8813a53c0a89c66
mbs1/x86_64/php-iconv-5.5.23-1.mbs1.x86_64.rpm
9df2ec7f05f9a7955770e3ed4513cbfb
mbs1/x86_64/php-imap-5.5.23-1.mbs1.x86_64.rpm
e5947618cc905d249191bcc2066ffed1 mbs1/x86_64/php-ini-5.5.23-1.mbs1.x86_64.rpm
d4f9e91e2877d6aaff0ee07bc5bdd95b
mbs1/x86_64/php-intl-5.5.23-1.mbs1.x86_64.rpm
071ba0290df66c3ac1b0f0fa18ec2195
mbs1/x86_64/php-json-5.5.23-1.mbs1.x86_64.rpm
62146a98a0d24ee66cebd23887fc43fa
mbs1/x86_64/php-ldap-5.5.23-1.mbs1.x86_64.rpm
03a94596eaf34eaac0c7e6f88a6aa7cb
mbs1/x86_64/php-mbstring-5.5.23-1.mbs1.x86_64.rpm
d966c79af040bd5c18dc4a2771bf7184
mbs1/x86_64/php-mcrypt-5.5.23-1.mbs1.x86_64.rpm
9ab71c0a90c649b4c31386a3582a5d26
mbs1/x86_64/php-mssql-5.5.23-1.mbs1.x86_64.rpm
80dd51f72e2cd0d854904dc7595a4bb0
mbs1/x86_64/php-mysql-5.5.23-1.mbs1.x86_64.rpm
88bc7c5a10b7a7f12b71b342afbbd18e
mbs1/x86_64/php-mysqli-5.5.23-1.mbs1.x86_64.rpm
231ec6adca00980d04f39ce5fd866a83
mbs1/x86_64/php-mysqlnd-5.5.23-1.mbs1.x86_64.rpm
2c831cf0074977bf76d413c5e9b3f9de
mbs1/x86_64/php-odbc-5.5.23-1.mbs1.x86_64.rpm
1a4553dcf596125aab2976b2f8c4792c
mbs1/x86_64/php-opcache-5.5.23-1.mbs1.x86_64.rpm
4cb160e28e8899628c6e698376add11f
mbs1/x86_64/php-openssl-5.5.23-1.mbs1.x86_64.rpm
aa04993c7abe0539302a36527ad4674a
mbs1/x86_64/php-pcntl-5.5.23-1.mbs1.x86_64.rpm
57b65d1dec0785825ea2cc8462a2256d mbs1/x86_64/php-pdo-5.5.23-1.mbs1.x86_64.rpm
6d5b8bf803d93067f4bce7daad5379ba
mbs1/x86_64/php-pdo_dblib-5.5.23-1.mbs1.x86_64.rpm
3785dea886512d3473b1cda3d762aa9c
mbs1/x86_64/php-pdo_mysql-5.5.23-1.mbs1.x86_64.rpm
330c62452427e64106c47fcd1e674ed6
mbs1/x86_64/php-pdo_odbc-5.5.23-1.mbs1.x86_64.rpm
a3803c5de5acbb0d3c6a26c42b8ec39b
mbs1/x86_64/php-pdo_pgsql-5.5.23-1.mbs1.x86_64.rpm
2f6a19bc0adc914b46fbab06e3dc7ac7
mbs1/x86_64/php-pdo_sqlite-5.5.23-1.mbs1.x86_64.rpm
4d452c2c81e21f9ce1d08afadba60d6a
mbs1/x86_64/php-pgsql-5.5.23-1.mbs1.x86_64.rpm
39c301d412cbd28256f141fd409ea561
mbs1/x86_64/php-phar-5.5.23-1.mbs1.x86_64.rpm
9c78e1c9192cd1219f1415424156c491
mbs1/x86_64/php-posix-5.5.23-1.mbs1.x86_64.rpm
5bb762bd20418abbd99c38d0d14127d1
mbs1/x86_64/php-readline-5.5.23-1.mbs1.x86_64.rpm
e97eb930df1a35f0646e62f88dd8b1e6
mbs1/x86_64/php-recode-5.5.23-1.mbs1.x86_64.rpm
2b4a91ff5da098a80fa0a74b184f9621
mbs1/x86_64/php-session-5.5.23-1.mbs1.x86_64.rpm
5ecc3ef7dde9a12cc70308c323c650f9
mbs1/x86_64/php-shmop-5.5.23-1.mbs1.x86_64.rpm
7380aeaced54d09831dc4828772a9b4f
mbs1/x86_64/php-snmp-5.5.23-1.mbs1.x86_64.rpm
030ca0276e74f616a1cc8866cc4a3149
mbs1/x86_64/php-soap-5.5.23-1.mbs1.x86_64.rpm
ba8b4a7dafc450564d41bf54de7b2ea2
mbs1/x86_64/php-sockets-5.5.23-1.mbs1.x86_64.rpm
61859f052b4a89c1d4ea9bff4251041f
mbs1/x86_64/php-sqlite3-5.5.23-1.mbs1.x86_64.rpm
81639f4e567c6358f8d1b22c9e2acf98
mbs1/x86_64/php-sybase_ct-5.5.23-1.mbs1.x86_64.rpm
2f4a24db6aedc32c32f8a1d202a798e2
mbs1/x86_64/php-sysvmsg-5.5.23-1.mbs1.x86_64.rpm
aab6b3451a848ebf916418e28303fb23
mbs1/x86_64/php-sysvsem-5.5.23-1.mbs1.x86_64.rpm
6820a01599b0e7d543cd6faa5adf1aee
mbs1/x86_64/php-sysvshm-5.5.23-1.mbs1.x86_64.rpm
ed7aa5fc5226ede2325b64f862ba121b
mbs1/x86_64/php-tidy-5.5.23-1.mbs1.x86_64.rpm
6fd07a6cfcff5b6f5791b3c173d6de3f
mbs1/x86_64/php-tokenizer-5.5.23-1.mbs1.x86_64.rpm
7130ab17ba8d88e08abbff8cc5ce9406
mbs1/x86_64/php-wddx-5.5.23-1.mbs1.x86_64.rpm
bb977de60a780898623b458e8be594fc
mbs1/x86_64/php-xdebug-2.3.2-1.mbs1.x86_64.rpm
f66d72fa26d7c2ddf28cbd9834f50981 mbs1/x86_64/php-xml-5.5.23-1.mbs1.x86_64.rpm
52b65a29cce730602f7788545d8c68eb
mbs1/x86_64/php-xmlreader-5.5.23-1.mbs1.x86_64.rpm
8e7ce89111d36fa56003a7b2cfb5ca17
mbs1/x86_64/php-xmlrpc-5.5.23-1.mbs1.x86_64.rpm
64a27f8e54344c459ffa5a2bb1c33521
mbs1/x86_64/php-xmlwriter-5.5.23-1.mbs1.x86_64.rpm
506d5cd854c2d3140f38b67137fe4f16 mbs1/x86_64/php-xsl-5.5.23-1.mbs1.x86_64.rpm
3e74425e2868a46bf8db184feaeac041 mbs1/x86_64/php-zip-5.5.23-1.mbs1.x86_64.rpm
fa27aa395c0d87bf832471e3f6f06c68
mbs1/x86_64/php-zlib-5.5.23-1.mbs1.x86_64.rpm
5be5023a4703f52af150c7fbcb2c4e5a mbs1/SRPMS/libzip-0.10.1-2.1.mbs1.src.rpm
bdf35808447e6b0224eb958adf086dc5 mbs1/SRPMS/php-5.5.23-1.mbs1.src.rpm
a5047c3b6e20db0167f65ff6ad667e99 mbs1/SRPMS/php-apc-3.1.15-1.17.mbs1.src.rpm
2eb2949f57a66f2eed5110181ce7f8ce mbs1/SRPMS/php-xdebug-2.3.2-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFkMLmqjQ0CJFipgRAs8jAJ0Zs7seobOHtc5hQKmofiNNPEG5OQCfVwCF
cHIjCqsYPKSYavI4KbIB1QA=
=4VI0
-----END PGP SIGNATURE-----

------------=_1427526028-3111-1
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________

------------=_1427526028-3111-1--