exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2015-032

Mandriva Linux Security Advisory 2015-032
Posted Feb 9, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-032 - sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a.php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a.php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service via crafted EXIF data in a JPEG image. The updated php packages have been upgraded to the 5.5.21 version which is not vulnerable to these issues. Additionally, the timezonedb package has been upgraded to the latest 2015.1 version, the php-suhosin package has been upgraded to the latest 0.9.37.1 and the PECL packages which requires so has been rebuilt for php-5.5.21.

tags | advisory, remote, denial of service, arbitrary, cgi, php, code execution
systems | linux, mandriva
advisories | CVE-2014-9427, CVE-2015-0231, CVE-2015-0232
SHA-256 | bbf5efb46d8541bd4023fe632610b7ca5406d789dcad020b27374e3c6f00750d

Mandriva Linux Security Advisory 2015-032

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:032
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php
Date : February 5, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in php:

sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x
through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read
a .php file, does not properly consider the mapping's length during
processing of an invalid file that begins with a # character and lacks
a newline character, which causes an out-of-bounds read and might (1)
allow remote attackers to obtain sensitive information from php-cgi
process memory by leveraging the ability to upload a .php file or (2)
trigger unexpected code execution if a valid PHP script is present
in memory locations adjacent to the mapping (CVE-2014-9427).

Use-after-free vulnerability in the process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before
5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute
arbitrary code via a crafted unserialize call that leverages improper
handling of duplicate numerical keys within the serialized properties
of an object. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-8142 (CVE-2015-0231).

The exif_process_unicode function in ext/exif/exif.c in PHP before
5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote
attackers to execute arbitrary code or cause a denial of service
(uninitialized pointer free and application crash) via crafted EXIF
data in a JPEG image (CVE-2015-0232).

The updated php packages have been upgraded to the 5.5.21 version
which is not vulnerable to these issues.

Additionally, the timezonedb package has been upgraded to the latest
2015.1 version, the php-suhosin package has been upgraded to the
latest 0.9.37.1 and the PECL packages which requires so has been
rebuilt for php-5.5.21.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
http://php.net/ChangeLog-5.php#5.5.21
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
e10b93bf56ffd9de6bc3dc7097186d0d mbs1/x86_64/apache-mod_php-5.5.21-1.mbs1.x86_64.rpm
35cf46d3f0b04ec4e4ce251658817967 mbs1/x86_64/lib64php5_common5-5.5.21-1.mbs1.x86_64.rpm
380fbb305decb415730164df5966c5db mbs1/x86_64/php-apc-3.1.15-1.15.mbs1.x86_64.rpm
cf2f06ade39ba0e5bc8c672dbfc6ff77 mbs1/x86_64/php-apc-admin-3.1.15-1.15.mbs1.x86_64.rpm
15d498fd2fa763f5b1b2a09432b3834f mbs1/x86_64/php-bcmath-5.5.21-1.mbs1.x86_64.rpm
80c239999520eb885150c193856969be mbs1/x86_64/php-bz2-5.5.21-1.mbs1.x86_64.rpm
3305d51bd901f85d93b4ffb85d9fb55a mbs1/x86_64/php-calendar-5.5.21-1.mbs1.x86_64.rpm
37430aab4267b1577333a52591ef483c mbs1/x86_64/php-cgi-5.5.21-1.mbs1.x86_64.rpm
7610a03c06613e9a342983b0cfc3e04b mbs1/x86_64/php-cli-5.5.21-1.mbs1.x86_64.rpm
5962886825c659cf7aa66bbf0e7bcdc7 mbs1/x86_64/php-ctype-5.5.21-1.mbs1.x86_64.rpm
a2870a53aeec993e0d73aff6b147002d mbs1/x86_64/php-curl-5.5.21-1.mbs1.x86_64.rpm
d8212e3ff340631b76c1f2ee570f39a2 mbs1/x86_64/php-dba-5.5.21-1.mbs1.x86_64.rpm
aa760f1a74519f33d412234c6b46b5a2 mbs1/x86_64/php-devel-5.5.21-1.mbs1.x86_64.rpm
b0e1edd28c8946b8f70f904ad74f6196 mbs1/x86_64/php-doc-5.5.21-1.mbs1.noarch.rpm
1ab05b3b4f388fe169a1665f845708b3 mbs1/x86_64/php-dom-5.5.21-1.mbs1.x86_64.rpm
8df5513d5170a461c8c2c94cab77d673 mbs1/x86_64/php-enchant-5.5.21-1.mbs1.x86_64.rpm
5a21e187f513214c1203de6ca92bb0d5 mbs1/x86_64/php-exif-5.5.21-1.mbs1.x86_64.rpm
74c5e7af8d5ef99fba456636d11dbc5b mbs1/x86_64/php-fileinfo-5.5.21-1.mbs1.x86_64.rpm
eac42ef4b3b6dfdf5ffa2e0aefc214de mbs1/x86_64/php-filter-5.5.21-1.mbs1.x86_64.rpm
deb876cfeda3f9a8eb8682f8a1acbd44 mbs1/x86_64/php-fpm-5.5.21-1.mbs1.x86_64.rpm
22a24f2ace7196206f5d412bb0d0c283 mbs1/x86_64/php-ftp-5.5.21-1.mbs1.x86_64.rpm
b9281f2d656ceb0362a085213798abec mbs1/x86_64/php-gd-5.5.21-1.mbs1.x86_64.rpm
4e55d36d0e9cdcbfe9f6f2b4a6694661 mbs1/x86_64/php-gettext-5.5.21-1.mbs1.x86_64.rpm
39ca752f1ffb768cfe1117b6884359ba mbs1/x86_64/php-gmp-5.5.21-1.mbs1.x86_64.rpm
70d257981f63d37cd4416776f09b93e0 mbs1/x86_64/php-hash-5.5.21-1.mbs1.x86_64.rpm
f138cbe8fefddc2fcf1bb6b4ef0e51c8 mbs1/x86_64/php-iconv-5.5.21-1.mbs1.x86_64.rpm
a6f413cf6ac533ac2c863ca3edad35a0 mbs1/x86_64/php-imap-5.5.21-1.mbs1.x86_64.rpm
e21379d08e795a07950612e759f31329 mbs1/x86_64/php-ini-5.5.21-1.mbs1.x86_64.rpm
016b63d1bdac5c053f6c750f58a9587e mbs1/x86_64/php-intl-5.5.21-1.mbs1.x86_64.rpm
2aaba314e9d37fe4208d9cd41a889fef mbs1/x86_64/php-json-5.5.21-1.mbs1.x86_64.rpm
2400f52a1b4bc7c492905baa55276ab2 mbs1/x86_64/php-ldap-5.5.21-1.mbs1.x86_64.rpm
f0d39fc248825c8b6d575be7ac77304d mbs1/x86_64/php-mbstring-5.5.21-1.mbs1.x86_64.rpm
a2e705d08022416e60ee865183485eda mbs1/x86_64/php-mcrypt-5.5.21-1.mbs1.x86_64.rpm
fd7b9e0d7c928547670bde3d41836a58 mbs1/x86_64/php-mssql-5.5.21-1.mbs1.x86_64.rpm
c7c115d4b0b044b4a156719a952a3aa0 mbs1/x86_64/php-mysql-5.5.21-1.mbs1.x86_64.rpm
72229e16ce7f25cebbfd32c9bf1279dc mbs1/x86_64/php-mysqli-5.5.21-1.mbs1.x86_64.rpm
6214401d42c419b786c53b07450d3102 mbs1/x86_64/php-mysqlnd-5.5.21-1.mbs1.x86_64.rpm
051905065c0a836ad22a156ae8be38aa mbs1/x86_64/php-odbc-5.5.21-1.mbs1.x86_64.rpm
d0f60e037a0b2915938544ebf4a3b009 mbs1/x86_64/php-opcache-5.5.21-1.mbs1.x86_64.rpm
51fa835f0b3fd0c2b6cbaf072049ad7c mbs1/x86_64/php-openssl-5.5.21-1.mbs1.x86_64.rpm
0444aab16fb7ec45249cde7c02259972 mbs1/x86_64/php-pcntl-5.5.21-1.mbs1.x86_64.rpm
0073dd43664b44b837c6d7604d097d31 mbs1/x86_64/php-pdo-5.5.21-1.mbs1.x86_64.rpm
ad00b9b7d118e7dd72234d4ae3937f8c mbs1/x86_64/php-pdo_dblib-5.5.21-1.mbs1.x86_64.rpm
c20479f9036d7b7a2c7b922547d98577 mbs1/x86_64/php-pdo_mysql-5.5.21-1.mbs1.x86_64.rpm
14e356c11403107b7f07acf1ff3d8e91 mbs1/x86_64/php-pdo_odbc-5.5.21-1.mbs1.x86_64.rpm
f43f6ffab9717cfbe63b6d44feadce69 mbs1/x86_64/php-pdo_pgsql-5.5.21-1.mbs1.x86_64.rpm
83b4abb4f03504eaa9650dcb8afafcda mbs1/x86_64/php-pdo_sqlite-5.5.21-1.mbs1.x86_64.rpm
1a5965f09e247f2b61c62da716db2bc3 mbs1/x86_64/php-pgsql-5.5.21-1.mbs1.x86_64.rpm
7bb8c80d39970eff0e91d70a628c1f6f mbs1/x86_64/php-phar-5.5.21-1.mbs1.x86_64.rpm
d7d1e4862e41d327668dcdbab17b16af mbs1/x86_64/php-posix-5.5.21-1.mbs1.x86_64.rpm
a8ffaebca7ac3d5cd68ea683fd96d355 mbs1/x86_64/php-readline-5.5.21-1.mbs1.x86_64.rpm
47bfab007757c043a20869d9cfb3dfce mbs1/x86_64/php-recode-5.5.21-1.mbs1.x86_64.rpm
ef7b539f7b1bd362b0ab5132c1ed02e9 mbs1/x86_64/php-session-5.5.21-1.mbs1.x86_64.rpm
c221a953b4d19aa1abbb1554e1dcba7f mbs1/x86_64/php-shmop-5.5.21-1.mbs1.x86_64.rpm
faa7f998119c8caeaf41633eebeda8cf mbs1/x86_64/php-snmp-5.5.21-1.mbs1.x86_64.rpm
76c9cce8476b0cc570feb5f559d41100 mbs1/x86_64/php-soap-5.5.21-1.mbs1.x86_64.rpm
8ba094b373532be959ec091e170ec67f mbs1/x86_64/php-sockets-5.5.21-1.mbs1.x86_64.rpm
4ba897393ae80f5258904da4e674763e mbs1/x86_64/php-sqlite3-5.5.21-1.mbs1.x86_64.rpm
805a305e9bbe7aa4205bf2b161cfbed5 mbs1/x86_64/php-suhosin-0.9.37.1-1.1.mbs1.x86_64.rpm
f9ce38cee5e9dae0093be89dace73264 mbs1/x86_64/php-sybase_ct-5.5.21-1.mbs1.x86_64.rpm
69cf5f72855d32e5f482c61294e623ed mbs1/x86_64/php-sysvmsg-5.5.21-1.mbs1.x86_64.rpm
09b48a0e2d140c5a15b23cb2b5068ac0 mbs1/x86_64/php-sysvsem-5.5.21-1.mbs1.x86_64.rpm
a6aa97b047afe2bf4069b72b4a5ddd78 mbs1/x86_64/php-sysvshm-5.5.21-1.mbs1.x86_64.rpm
356b7bf2e5f41cce66698a359d8062ac mbs1/x86_64/php-tidy-5.5.21-1.mbs1.x86_64.rpm
5e7ad121c41731660209e6a3d003b142 mbs1/x86_64/php-timezonedb-2015.1-1.mbs1.x86_64.rpm
dffe6910d0f170be5bf49fe4cd959883 mbs1/x86_64/php-tokenizer-5.5.21-1.mbs1.x86_64.rpm
e2ad6ddab9e9ed43d3ad4979c6c4f86b mbs1/x86_64/php-wddx-5.5.21-1.mbs1.x86_64.rpm
26e46036e5a4d4cefb4fbde1c06100d7 mbs1/x86_64/php-xml-5.5.21-1.mbs1.x86_64.rpm
8664c4fbce6fa50245edc216e6c8e959 mbs1/x86_64/php-xmlreader-5.5.21-1.mbs1.x86_64.rpm
dba1da2ada8d7073f1d9e8bbf11b1ea7 mbs1/x86_64/php-xmlrpc-5.5.21-1.mbs1.x86_64.rpm
2d68665ed632fa69e97cb9f8d2c7dc0b mbs1/x86_64/php-xmlwriter-5.5.21-1.mbs1.x86_64.rpm
94f4c00b2c83050b2c4c4713976940ee mbs1/x86_64/php-xsl-5.5.21-1.mbs1.x86_64.rpm
3afda2f608982df1faa4b6db3c1c9a55 mbs1/x86_64/php-zip-5.5.21-1.mbs1.x86_64.rpm
88c51809d22c4e364ed70e1567eccac8 mbs1/x86_64/php-zlib-5.5.21-1.mbs1.x86_64.rpm
275b50c9dfa2cc7b5244a7bece61644a mbs1/SRPMS/php-5.5.21-1.mbs1.src.rpm
ef1cf8b05352ebf671b704ecc8e54c4b mbs1/SRPMS/php-apc-3.1.15-1.15.mbs1.src.rpm
84245bb31cf43e549fde22690802b44d mbs1/SRPMS/php-suhosin-0.9.37.1-1.1.mbs1.src.rpm
61203a18b4f0ac67117f5b0fcbf348a7 mbs1/SRPMS/php-timezonedb-2015.1-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU05RlmqjQ0CJFipgRArmOAKDKYyVQrC1CpH9JKrd8HAhddB7oZQCgtdL8
0rueIDnGzKxeJYZDOf8Kdvo=
=3Yt1
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close