ID

VAR-201503-0206

CVE

CVE-2015-2301

TITLE

PHP of phar_object.c of phar_rename_archive Service disruption in functions (DoS) Vulnerabilities

DESCRIPTION

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. PHP of phar_object.c of phar_rename_archive Function uses freed memory (Use-after-free) Service disruption (DoS) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php54 security and bug fix update Advisory ID: RHSA-2015:1066-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1066.html Issue date: 2015-06-04 CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-1351 CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 CVE-2015-2787 CVE-2015-4147 CVE-2015-4148 ===================================================================== 1. Summary: Updated php54 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to upstream version 5.4.40, which provides a number of bug fixes over the version shipped in Red Hat Software Collections 1. (BZ#1168193) The following security issues were fixed in the php54-php component: An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232) Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148) A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705) A heap buffer overflow flaw was found in PHP's regular expression extension. An attacker able to make PHP process a specially crafted regular expression pattern could cause it to crash and possibly execute arbitrary code. (CVE-2015-2305) A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709) A use-after-free flaw was found in PHP's phar (PHP Archive) extension. An attacker able to trigger certain error condition in phar archive processing could possibly use this flaw to disclose certain portions of server memory. (CVE-2015-2301) An ouf-of-bounds read flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker could cause a PHP application to crash if it used fileinfo to identify the type of the attacker-supplied file. (CVE-2014-9652) It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348) A flaw was found in the way PHP handled malformed source files when running in CGI mode. A specially crafted PHP file could cause PHP CGI to crash. (CVE-2014-9427) The following security issue was fixed in the php54-php-pecl-zendopcache component: A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory. (CVE-2015-1351) All php54 users are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the httpd service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1055927 - REBASE to pecl/zendopcache version 7.0.4 1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1178736 - CVE-2014-9427 php: out of bounds read when parsing a crafted .php file 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1185900 - CVE-2015-1351 php: use after free in opcache extension 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1191049 - CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: php54-2.0-1.el6.src.rpm php54-php-5.4.40-1.el6.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm x86_64: php54-2.0-1.el6.x86_64.rpm php54-php-5.4.40-1.el6.x86_64.rpm php54-php-bcmath-5.4.40-1.el6.x86_64.rpm php54-php-cli-5.4.40-1.el6.x86_64.rpm php54-php-common-5.4.40-1.el6.x86_64.rpm php54-php-dba-5.4.40-1.el6.x86_64.rpm php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm php54-php-devel-5.4.40-1.el6.x86_64.rpm php54-php-enchant-5.4.40-1.el6.x86_64.rpm php54-php-fpm-5.4.40-1.el6.x86_64.rpm php54-php-gd-5.4.40-1.el6.x86_64.rpm php54-php-imap-5.4.40-1.el6.x86_64.rpm php54-php-intl-5.4.40-1.el6.x86_64.rpm php54-php-ldap-5.4.40-1.el6.x86_64.rpm php54-php-mbstring-5.4.40-1.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm php54-php-odbc-5.4.40-1.el6.x86_64.rpm php54-php-pdo-5.4.40-1.el6.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm php54-php-pgsql-5.4.40-1.el6.x86_64.rpm php54-php-process-5.4.40-1.el6.x86_64.rpm php54-php-pspell-5.4.40-1.el6.x86_64.rpm php54-php-recode-5.4.40-1.el6.x86_64.rpm php54-php-snmp-5.4.40-1.el6.x86_64.rpm php54-php-soap-5.4.40-1.el6.x86_64.rpm php54-php-tidy-5.4.40-1.el6.x86_64.rpm php54-php-xml-5.4.40-1.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm php54-runtime-2.0-1.el6.x86_64.rpm php54-scldevel-2.0-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: php54-2.0-1.el6.src.rpm php54-php-5.4.40-1.el6.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm x86_64: php54-2.0-1.el6.x86_64.rpm php54-php-5.4.40-1.el6.x86_64.rpm php54-php-bcmath-5.4.40-1.el6.x86_64.rpm php54-php-cli-5.4.40-1.el6.x86_64.rpm php54-php-common-5.4.40-1.el6.x86_64.rpm php54-php-dba-5.4.40-1.el6.x86_64.rpm php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm php54-php-devel-5.4.40-1.el6.x86_64.rpm php54-php-enchant-5.4.40-1.el6.x86_64.rpm php54-php-fpm-5.4.40-1.el6.x86_64.rpm php54-php-gd-5.4.40-1.el6.x86_64.rpm php54-php-imap-5.4.40-1.el6.x86_64.rpm php54-php-intl-5.4.40-1.el6.x86_64.rpm php54-php-ldap-5.4.40-1.el6.x86_64.rpm php54-php-mbstring-5.4.40-1.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm php54-php-odbc-5.4.40-1.el6.x86_64.rpm php54-php-pdo-5.4.40-1.el6.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm php54-php-pgsql-5.4.40-1.el6.x86_64.rpm php54-php-process-5.4.40-1.el6.x86_64.rpm php54-php-pspell-5.4.40-1.el6.x86_64.rpm php54-php-recode-5.4.40-1.el6.x86_64.rpm php54-php-snmp-5.4.40-1.el6.x86_64.rpm php54-php-soap-5.4.40-1.el6.x86_64.rpm php54-php-tidy-5.4.40-1.el6.x86_64.rpm php54-php-xml-5.4.40-1.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm php54-runtime-2.0-1.el6.x86_64.rpm php54-scldevel-2.0-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: php54-2.0-1.el6.src.rpm php54-php-5.4.40-1.el6.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm x86_64: php54-2.0-1.el6.x86_64.rpm php54-php-5.4.40-1.el6.x86_64.rpm php54-php-bcmath-5.4.40-1.el6.x86_64.rpm php54-php-cli-5.4.40-1.el6.x86_64.rpm php54-php-common-5.4.40-1.el6.x86_64.rpm php54-php-dba-5.4.40-1.el6.x86_64.rpm php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm php54-php-devel-5.4.40-1.el6.x86_64.rpm php54-php-enchant-5.4.40-1.el6.x86_64.rpm php54-php-fpm-5.4.40-1.el6.x86_64.rpm php54-php-gd-5.4.40-1.el6.x86_64.rpm php54-php-imap-5.4.40-1.el6.x86_64.rpm php54-php-intl-5.4.40-1.el6.x86_64.rpm php54-php-ldap-5.4.40-1.el6.x86_64.rpm php54-php-mbstring-5.4.40-1.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm php54-php-odbc-5.4.40-1.el6.x86_64.rpm php54-php-pdo-5.4.40-1.el6.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm php54-php-pgsql-5.4.40-1.el6.x86_64.rpm php54-php-process-5.4.40-1.el6.x86_64.rpm php54-php-pspell-5.4.40-1.el6.x86_64.rpm php54-php-recode-5.4.40-1.el6.x86_64.rpm php54-php-snmp-5.4.40-1.el6.x86_64.rpm php54-php-soap-5.4.40-1.el6.x86_64.rpm php54-php-tidy-5.4.40-1.el6.x86_64.rpm php54-php-xml-5.4.40-1.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm php54-runtime-2.0-1.el6.x86_64.rpm php54-scldevel-2.0-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: php54-2.0-1.el6.src.rpm php54-php-5.4.40-1.el6.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm x86_64: php54-2.0-1.el6.x86_64.rpm php54-php-5.4.40-1.el6.x86_64.rpm php54-php-bcmath-5.4.40-1.el6.x86_64.rpm php54-php-cli-5.4.40-1.el6.x86_64.rpm php54-php-common-5.4.40-1.el6.x86_64.rpm php54-php-dba-5.4.40-1.el6.x86_64.rpm php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm php54-php-devel-5.4.40-1.el6.x86_64.rpm php54-php-enchant-5.4.40-1.el6.x86_64.rpm php54-php-fpm-5.4.40-1.el6.x86_64.rpm php54-php-gd-5.4.40-1.el6.x86_64.rpm php54-php-imap-5.4.40-1.el6.x86_64.rpm php54-php-intl-5.4.40-1.el6.x86_64.rpm php54-php-ldap-5.4.40-1.el6.x86_64.rpm php54-php-mbstring-5.4.40-1.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm php54-php-odbc-5.4.40-1.el6.x86_64.rpm php54-php-pdo-5.4.40-1.el6.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm php54-php-pgsql-5.4.40-1.el6.x86_64.rpm php54-php-process-5.4.40-1.el6.x86_64.rpm php54-php-pspell-5.4.40-1.el6.x86_64.rpm php54-php-recode-5.4.40-1.el6.x86_64.rpm php54-php-snmp-5.4.40-1.el6.x86_64.rpm php54-php-soap-5.4.40-1.el6.x86_64.rpm php54-php-tidy-5.4.40-1.el6.x86_64.rpm php54-php-xml-5.4.40-1.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm php54-runtime-2.0-1.el6.x86_64.rpm php54-scldevel-2.0-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: php54-2.0-1.el7.src.rpm php54-php-5.4.40-1.el7.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm x86_64: php54-2.0-1.el7.x86_64.rpm php54-php-5.4.40-1.el7.x86_64.rpm php54-php-bcmath-5.4.40-1.el7.x86_64.rpm php54-php-cli-5.4.40-1.el7.x86_64.rpm php54-php-common-5.4.40-1.el7.x86_64.rpm php54-php-dba-5.4.40-1.el7.x86_64.rpm php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm php54-php-devel-5.4.40-1.el7.x86_64.rpm php54-php-enchant-5.4.40-1.el7.x86_64.rpm php54-php-fpm-5.4.40-1.el7.x86_64.rpm php54-php-gd-5.4.40-1.el7.x86_64.rpm php54-php-intl-5.4.40-1.el7.x86_64.rpm php54-php-ldap-5.4.40-1.el7.x86_64.rpm php54-php-mbstring-5.4.40-1.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm php54-php-odbc-5.4.40-1.el7.x86_64.rpm php54-php-pdo-5.4.40-1.el7.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm php54-php-pgsql-5.4.40-1.el7.x86_64.rpm php54-php-process-5.4.40-1.el7.x86_64.rpm php54-php-pspell-5.4.40-1.el7.x86_64.rpm php54-php-recode-5.4.40-1.el7.x86_64.rpm php54-php-snmp-5.4.40-1.el7.x86_64.rpm php54-php-soap-5.4.40-1.el7.x86_64.rpm php54-php-xml-5.4.40-1.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm php54-runtime-2.0-1.el7.x86_64.rpm php54-scldevel-2.0-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: php54-2.0-1.el7.src.rpm php54-php-5.4.40-1.el7.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm x86_64: php54-2.0-1.el7.x86_64.rpm php54-php-5.4.40-1.el7.x86_64.rpm php54-php-bcmath-5.4.40-1.el7.x86_64.rpm php54-php-cli-5.4.40-1.el7.x86_64.rpm php54-php-common-5.4.40-1.el7.x86_64.rpm php54-php-dba-5.4.40-1.el7.x86_64.rpm php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm php54-php-devel-5.4.40-1.el7.x86_64.rpm php54-php-enchant-5.4.40-1.el7.x86_64.rpm php54-php-fpm-5.4.40-1.el7.x86_64.rpm php54-php-gd-5.4.40-1.el7.x86_64.rpm php54-php-intl-5.4.40-1.el7.x86_64.rpm php54-php-ldap-5.4.40-1.el7.x86_64.rpm php54-php-mbstring-5.4.40-1.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm php54-php-odbc-5.4.40-1.el7.x86_64.rpm php54-php-pdo-5.4.40-1.el7.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm php54-php-pgsql-5.4.40-1.el7.x86_64.rpm php54-php-process-5.4.40-1.el7.x86_64.rpm php54-php-pspell-5.4.40-1.el7.x86_64.rpm php54-php-recode-5.4.40-1.el7.x86_64.rpm php54-php-snmp-5.4.40-1.el7.x86_64.rpm php54-php-soap-5.4.40-1.el7.x86_64.rpm php54-php-xml-5.4.40-1.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm php54-runtime-2.0-1.el7.x86_64.rpm php54-scldevel-2.0-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9427 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-1351 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2305 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVcBYSXlSAg2UNWIIRAoT1AJ9XFBGeD9SIxEla6ub7VHSrmJAtcgCfSjPe YJoyzmnxjsdToxpNcMlTQOw= =BUIg -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. Please note that this package build also moves the configuration files from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz Slackware x86_64 14.0 package: c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz Slackware 14.1 package: 9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz Slackware -current package: 30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz Slackware x86_64 -current package: 1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.4.40-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. For the stable distribution (wheezy), these problems have been fixed in version 5.4.39-0+deb7u1. This update also fixes a regression in the curl support introduced in DSA 3195. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04686230 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04686230 Version: 1 HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-06-10 Last Updated: 2015-06-10 Potential Security Impact: Remote denial of service (DoS), man-in-the-middle (MitM) attack, modification of data, local modification of data Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. HP-UX B.11.31 running HP-UX Apache Web Server Suite v4.04 or earlier HP-UX B.11.31 running HP-UX Apache Web Server v2.2.15.22 or earlier HP-UX B.11.31 running Tomcat Servlet Engine v6.0.39.03 or earlier HP-UX B.11.31 running PHP v5.4.11.04 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-5704 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0227 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9709 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-1352 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2305 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2783 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com NOTE: HP-UX Web Server Suite v4.05 HPUXWSATW405 contains Apache v2.2.29.01, Tomcat Servlet Engine 6.0.43.01, PHP 5.4.40.01, and Webmin v1.070.13 HP-UX 11i Release Apache Depot name B.11.31 (11i v3 32-bit) HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot B.11.31 (11i v3 64-bit) HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v4.05 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.29.01 or subsequent hpuxws22TOMCAT.TOMCAT action: install revision C.6.0.43.01 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 10 June 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33" All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33" All PHP 5.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19" References ========== [ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Xinchen Hui

SOURCES

LAST UPDATE DATE

2025-09-27T23:55:09.994000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE