ID

VAR-201503-0206

CVE

CVE-2015-2301

TITLE

PHP of phar_object.c of phar_rename_archive Service disruption in functions (DoS) Vulnerabilities

DESCRIPTION

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. PHP of phar_object.c of phar_rename_archive Function uses freed memory (Use-after-free) Service disruption (DoS) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. 6) - i386, x86_64 3. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. This update fixes some security issues. Please note that this package build also moves the configuration files from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz Slackware x86_64 14.0 package: c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz Slackware 14.1 package: 9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz Slackware -current package: 30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz Slackware x86_64 -current package: 1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.4.40-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. For the stable distribution (wheezy), these problems have been fixed in version 5.4.39-0+deb7u1. This update also fixes a regression in the curl support introduced in DSA 3195. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your php5 packages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231). It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. The libzip packages has been patched to address the CVE-2015-2331 flaw. Additionally the php-xdebug package has been upgraded to the latest 2.3.2 and the PECL packages which requires so has been rebuilt for php-5.5.23. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVFkMLmqjQ0CJFipgRAs8jAJ0Zs7seobOHtc5hQKmofiNNPEG5OQCfVwCF cHIjCqsYPKSYavI4KbIB1QA= =4VI0 -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2535-1 March 18, 2015 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in PHP. (CVE-2014-8117) S. (CVE-2015-2301) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3 php5-cgi 5.5.12+dfsg-2ubuntu4.3 php5-cli 5.5.12+dfsg-2ubuntu4.3 php5-enchant 5.5.12+dfsg-2ubuntu4.3 php5-fpm 5.5.12+dfsg-2ubuntu4.3 Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.7 php5-cgi 5.5.9+dfsg-1ubuntu4.7 php5-cli 5.5.9+dfsg-1ubuntu4.7 php5-enchant 5.5.9+dfsg-1ubuntu4.7 php5-fpm 5.5.9+dfsg-1ubuntu4.7 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.17 php5-cgi 5.3.10-1ubuntu3.17 php5-cli 5.3.10-1ubuntu3.17 php5-enchant 5.3.10-1ubuntu3.17 php5-fpm 5.3.10-1ubuntu3.17 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.29 php5-cgi 5.3.2-1ubuntu4.29 php5-cli 5.3.2-1ubuntu4.29 php5-enchant 5.3.2-1ubuntu4.29 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php55 security and bug fix update Advisory ID: RHSA-2015:1053-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1053.html Issue date: 2015-06-04 CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 CVE-2015-2787 CVE-2015-4147 CVE-2015-4148 ===================================================================== 1. Summary: Updated php55 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to upstream version 5.5.21, which provides multiple bug fixes over the version shipped in Red Hat Software Collections 1. (BZ#1057089) The following security issues were fixed in the php55-php component: An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232) Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148) A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705) A heap buffer overflow flaw was found in PHP's regular expression extension. An attacker able to make PHP process a specially crafted regular expression pattern could cause it to crash and possibly execute arbitrary code. (CVE-2015-2305) A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709) A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory. (CVE-2015-1351) A use-after-free flaw was found in PHP's phar (PHP Archive) extension. An attacker able to trigger certain error condition in phar archive processing could possibly use this flaw to disclose certain portions of server memory. (CVE-2015-2301) An ouf-of-bounds read flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker could cause a PHP application to crash if it used fileinfo to identify the type of the attacker-supplied file. (CVE-2014-9652) It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348) A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pg_insert() or pg_select() could cause a PHP application to crash. (CVE-2015-1352) A flaw was found in the way PHP handled malformed source files when running in CGI mode. A specially crafted PHP file could cause PHP CGI to crash. (CVE-2014-9427) All php55 users are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1132446 - php55-php-fpm misinterpreting error_log=syslog 1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1178736 - CVE-2014-9427 php: out of bounds read when parsing a crafted .php file 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1185900 - CVE-2015-1351 php: use after free in opcache extension 1185904 - CVE-2015-1352 php: NULL pointer dereference in pgsql extension 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1191049 - CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: php55-2.0-1.el7.src.rpm php55-php-5.5.21-2.el7.src.rpm x86_64: php55-2.0-1.el7.x86_64.rpm php55-php-5.5.21-2.el7.x86_64.rpm php55-php-bcmath-5.5.21-2.el7.x86_64.rpm php55-php-cli-5.5.21-2.el7.x86_64.rpm php55-php-common-5.5.21-2.el7.x86_64.rpm php55-php-dba-5.5.21-2.el7.x86_64.rpm php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm php55-php-devel-5.5.21-2.el7.x86_64.rpm php55-php-enchant-5.5.21-2.el7.x86_64.rpm php55-php-fpm-5.5.21-2.el7.x86_64.rpm php55-php-gd-5.5.21-2.el7.x86_64.rpm php55-php-gmp-5.5.21-2.el7.x86_64.rpm php55-php-intl-5.5.21-2.el7.x86_64.rpm php55-php-ldap-5.5.21-2.el7.x86_64.rpm php55-php-mbstring-5.5.21-2.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm php55-php-odbc-5.5.21-2.el7.x86_64.rpm php55-php-opcache-5.5.21-2.el7.x86_64.rpm php55-php-pdo-5.5.21-2.el7.x86_64.rpm php55-php-pgsql-5.5.21-2.el7.x86_64.rpm php55-php-process-5.5.21-2.el7.x86_64.rpm php55-php-pspell-5.5.21-2.el7.x86_64.rpm php55-php-recode-5.5.21-2.el7.x86_64.rpm php55-php-snmp-5.5.21-2.el7.x86_64.rpm php55-php-soap-5.5.21-2.el7.x86_64.rpm php55-php-xml-5.5.21-2.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm php55-runtime-2.0-1.el7.x86_64.rpm php55-scldevel-2.0-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: php55-2.0-1.el7.src.rpm php55-php-5.5.21-2.el7.src.rpm x86_64: php55-2.0-1.el7.x86_64.rpm php55-php-5.5.21-2.el7.x86_64.rpm php55-php-bcmath-5.5.21-2.el7.x86_64.rpm php55-php-cli-5.5.21-2.el7.x86_64.rpm php55-php-common-5.5.21-2.el7.x86_64.rpm php55-php-dba-5.5.21-2.el7.x86_64.rpm php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm php55-php-devel-5.5.21-2.el7.x86_64.rpm php55-php-enchant-5.5.21-2.el7.x86_64.rpm php55-php-fpm-5.5.21-2.el7.x86_64.rpm php55-php-gd-5.5.21-2.el7.x86_64.rpm php55-php-gmp-5.5.21-2.el7.x86_64.rpm php55-php-intl-5.5.21-2.el7.x86_64.rpm php55-php-ldap-5.5.21-2.el7.x86_64.rpm php55-php-mbstring-5.5.21-2.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm php55-php-odbc-5.5.21-2.el7.x86_64.rpm php55-php-opcache-5.5.21-2.el7.x86_64.rpm php55-php-pdo-5.5.21-2.el7.x86_64.rpm php55-php-pgsql-5.5.21-2.el7.x86_64.rpm php55-php-process-5.5.21-2.el7.x86_64.rpm php55-php-pspell-5.5.21-2.el7.x86_64.rpm php55-php-recode-5.5.21-2.el7.x86_64.rpm php55-php-snmp-5.5.21-2.el7.x86_64.rpm php55-php-soap-5.5.21-2.el7.x86_64.rpm php55-php-xml-5.5.21-2.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm php55-runtime-2.0-1.el7.x86_64.rpm php55-scldevel-2.0-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9427 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-1351 https://access.redhat.com/security/cve/CVE-2015-1352 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2305 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVcBWDXlSAg2UNWIIRAnzoAJ9qn4wDNXMD8JU1N7k7nEzKlPpGDwCgi0Si MD3ZncY/P8Pl6+DgQxJQCjo= =MxfY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Xinchen Hui

SOURCES

LAST UPDATE DATE

2025-11-28T20:04:26.388000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE