--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-6399
2015-04-18 05:44:46
--------------------------------------------------------------------------------

Name        : php
Product     : Fedora 20
Version     : 5.5.24
Release     : 1.fc20
URL         : https://www.php.net/
Summary     : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

--------------------------------------------------------------------------------
Update Information:

16 Apr 2015, **PHP 5.5.24**

Apache2handler:
* Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (Gerrit Venema)

Core:
* Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence)
* Fixed bug #67626 (User exceptions not properly handled in streams). (Julian)
* Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk)
* Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
* Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski)
* Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString). (Stas)
* Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing). (Nikita)
* Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator). (Nikita)
* Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability). (Stas)
* Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (Stas)

Curl:
* Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
* Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

Date:
* Export date_get_immutable_ce so that it can be used by extensions. (Derick Rethans)
* Fixed bug #69336 (Issues with "last day of "). (Derick Rethans)

Enchant:
* Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds). (Anatol)

Fileinfo:
* Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (Anatol Belski)

Filter:
* Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used). (Jeff Welch)
* Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff Welch)

Mbstring:
* Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E). (Masaki Kagaya)

OPCache
* Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
* Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)

OpenSSL:
* Fixed bug #67403 (Add signatureType to openssl_x509_parse).
* Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)

Phar:
* Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike)
* Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
* Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
* Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike)
* Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
* Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (Stas)

Postgres:
* Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)

SPL:
* Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)

SOAP:
* Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (thomas at shadowweb dot org, Laruence)

SQLITE:
* Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception). (Dan Ackroyd)
* Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3). (Anatol)

--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 15 2015 Remi Collet  5.5.24-1
- Update to 5.5.24
  https://www.php.net/releases/5_5_24.php
* Fri Mar 20 2015 Remi Collet  5.5.23-1
- Update to 5.5.23
  https://www.php.net/releases/5_5_23.php
* Thu Feb 19 2015 Remi Collet  5.5.22-1
- Update to 5.5.22
  https://www.php.net/releases/5_5_22.php
* Thu Jan 22 2015 Remi Collet  5.5.21-1
- Update to 5.5.21
  https://www.php.net/releases/5_5_21.php
* Thu Dec 18 2014 Remi Collet  5.5.20-2
- Update to 5.5.20 (real)
  https://www.php.net/releases/5_5_20.php
- php-xmlrpc requires php-xml
* Wed Dec 10 2014 Remi Collet  5.5.20-1
- Update to 5.5.20
  https://www.php.net/releases/5_5_20.php
* Fri Nov 21 2014 Remi Collet  5.5.19-3
- FPM: add upstream patch for https://bugs.php.net/index.php
  listen.allowed_clients is IPv4 only
- refresh upstream patch for 68421
* Sun Nov 16 2014 Remi Collet  5.5.19-2
- FPM: add upstream patch for https://bugs.php.net/index.php
  access.format=R doesn't log ipv6 address
- FPM: add upstream patch for https://bugs.php.net/index.php
  listen=9000 listens to ipv6 localhost instead of all addresses
- FPM: add upstream patch for https://bugs.php.net/index.php
  will no longer load all pools
* Thu Nov 13 2014 Remi Collet  5.5.19-1
- Update to 5.5.19
  https://www.php.net/releases/5_5_19.php
- new version of systzdata patch, fix case sensitivity
* Thu Oct 16 2014 Remi Collet  5.5.18-1
- Update to 5.5.18
  https://www.php.net/releases/5_5_18.php
* Sat Sep 20 2014 Remi Collet  5.5.17-2
- openssl: fix regression introduce in changes for upstream
  bug #65137 and #41631, revert to 5.5.16 behavior
* Thu Sep 18 2014 Remi Collet  5.5.17-1
- Update to 5.5.17
  https://www.php.net/releases/5_5_17.php
- fpm: fix script_name with mod_proxy_fcgi / proxypass
  add upstream patch for https://bugs.php.net/index.php
* Thu Aug 21 2014 Remi Collet  5.5.16-1
- Update to 5.5.16
  https://www.php.net/releases/5_5_16.php
- fix zts-php-config --php-binary output #1124605
- move zts-php from php-devel to php-cli
- revert fix for 67724 because of 67865
* Thu Jul 24 2014 Remi Collet  5.5.15-1
- Update to 5.5.15
  https://www.php.net/releases/5_5_15.php
* Wed Jul 16 2014 Remi Collet  5.5.14-2
- add upstream patch for #67605
* Thu Jun 26 2014 Remi Collet  5.5.14-1
- Update to 5.5.14
  https://www.php.net/releases/5_5_14.php
- fix test for rhbz #971416
* Thu Jun  5 2014 Remi Collet  5.5.13-3
- fix regression introduce in fix for #67118
* Tue Jun  3 2014 Remi Collet  5.5.13-2
- fileinfo: fix insufficient boundary check
- workaround regression introduce in fix for 67072 in
  serialize/unzerialize functions
* Fri May 30 2014 Remi Collet  5.5.13-1
- Update to 5.5.13
  https://www.php.net/releases/5_5_13.php
* Sat May  3 2014 Remi Collet  5.5.12-1
- Update to 5.5.12
  https://www.php.net/releases/5_5_12.php
- php-fpm: change default unix socket permission CVE-2014-0185
* Thu Apr  3 2014 Remi Collet  5.5.11-1
- Update to 5.5.11
  https://www.php.net/ChangeLog-5.php
* Thu Mar  6 2014 Remi Collet  5.5.10-1
- Update to 5.5.10
  https://www.php.net/ChangeLog-5.php#5.5.10
- php-fpm should own /var/lib/php/session and wsdlcache
- fix pcre test results with libpcre < 8.34
* Tue Feb 18 2014 Remi Collet  5.5.9-2
- upstream patch for https://bugs.php.net/index.php
* Tue Feb 11 2014 Remi Collet  5.5.9-1
- Update to 5.5.9
  https://www.php.net/ChangeLog-5.php
- Install macros to /usr/lib/rpm/macros.d
* Thu Jan 23 2014 Joe Orton  - 5.5.8-2
- fix _httpd_mmn expansion in absence of httpd-devel
* Wed Jan  8 2014 Remi Collet  5.5.8-1
- update to 5.5.8
- drop conflicts with other opcode caches as both can
  be used only for user data cache
* Wed Dec 11 2013 Remi Collet  5.5.7-1
- update to 5.5.7, fix for CVE-2013-6420
- fix zend_register_functions breaks reflection, php bug 66218
- fix Heap buffer over-read in DateInterval, php bug 66060
- fix fix overflow handling bug in non-x86
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1185900 - CVE-2015-1351 php: use after free in opcache extension
        https://bugzilla.redhat.com/show_bug.cgi?id=1185900
  [ 2 ] Bug #1213411 - php: use-after-free vulnerability in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER
        https://bugzilla.redhat.com/show_bug.cgi?id=1213411
  [ 3 ] Bug #1213442 - php: denial of service when processing a crafted file with Fileinfo
        https://bugzilla.redhat.com/show_bug.cgi?id=1213442
  [ 4 ] Bug #1213449 - CVE-2015-3329 php: Buffer Over flow when parsing tar/zip/phar in phar_set_inode()
        https://bugzilla.redhat.com/show_bug.cgi?id=1213449
  [ 5 ] Bug #1185904 - CVE-2015-1352 php: NULL pointer dereference in pgsql extension
        https://bugzilla.redhat.com/show_bug.cgi?id=1185904
  [ 6 ] Bug #1213407 - php: missing null byte checks for paths in various PHP extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1213407
  [ 7 ] Bug #1213416 - php: NULL pointer dereference at ext/ereg/regex/regcomp.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1213416
  [ 8 ] Bug #1213446 - CVE-2015-2783 php: Buffer Over-read in unserialize when parsing Phar
        https://bugzilla.redhat.com/show_bug.cgi?id=1213446
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update php' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/

Fedora 20: php Security Update

April 27, 2015
16 Apr 2015, **PHP 5.5.24** Apache2handler: * Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

Update Information:

16 Apr 2015, **PHP 5.5.24**

Apache2handler: * Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (Gerrit Venema)

Core: * Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence) * Fixed bug #67626 (User exceptions not properly handled in streams). (Julian) * Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk) * Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai) * Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) * Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString). (Stas) * Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing). (Nikita) * Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator). (Nikita) * Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability). (Stas) * Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (Stas)

Curl: * Implemented FR#69278 (HTTP2 support). (Masaki Kagaya) * Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

Date: * Export date_get_immutable_ce so that it can be used by extensions. (Derick Rethans) * Fixed bug #69336 (Issues with "last day of "). (Derick Rethans)

Enchant: * Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds). (Anatol)

Fileinfo: * Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (Anatol Belski)

Filter: * Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used). (Jeff Welch) * Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff Welch)

Mbstring: * Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E). (Masaki Kagaya)

OPCache * Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence) * Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)

OpenSSL: * Fixed bug #67403 (Add signatureType to openssl_x509_parse). * Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)

Phar: * Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike) * Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike) * Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike) * Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike) * Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas) * Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (Stas)

Postgres: * Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)

SPL: * Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)

SOAP: * Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (thomas at shadowweb dot org, Laruence)

SQLITE: * Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception). (Dan Ackroyd) * Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3). (Anatol)

Change Log

* Wed Apr 15 2015 Remi Collet 5.5.24-1 - Update to 5.5.24 https://www.php.net/releases/5_5_24.php * Fri Mar 20 2015 Remi Collet 5.5.23-1 - Update to 5.5.23 https://www.php.net/releases/5_5_23.php * Thu Feb 19 2015 Remi Collet 5.5.22-1 - Update to 5.5.22 https://www.php.net/releases/5_5_22.php * Thu Jan 22 2015 Remi Collet 5.5.21-1 - Update to 5.5.21 https://www.php.net/releases/5_5_21.php * Thu Dec 18 2014 Remi Collet 5.5.20-2 - Update to 5.5.20 (real) https://www.php.net/releases/5_5_20.php - php-xmlrpc requires php-xml * Wed Dec 10 2014 Remi Collet 5.5.20-1 - Update to 5.5.20 https://www.php.net/releases/5_5_20.php * Fri Nov 21 2014 Remi Collet 5.5.19-3 - FPM: add upstream patch for https://bugs.php.net/index.php listen.allowed_clients is IPv4 only - refresh upstream patch for 68421 * Sun Nov 16 2014 Remi Collet 5.5.19-2 - FPM: add upstream patch for https://bugs.php.net/index.php access.format=R doesn't log ipv6 address - FPM: add upstream patch for https://bugs.php.net/index.php listen=9000 listens to ipv6 localhost instead of all addresses - FPM: add upstream patch for https://bugs.php.net/index.php will no longer load all pools * Thu Nov 13 2014 Remi Collet 5.5.19-1 - Update to 5.5.19 https://www.php.net/releases/5_5_19.php - new version of systzdata patch, fix case sensitivity * Thu Oct 16 2014 Remi Collet 5.5.18-1 - Update to 5.5.18 https://www.php.net/releases/5_5_18.php * Sat Sep 20 2014 Remi Collet 5.5.17-2 - openssl: fix regression introduce in changes for upstream bug #65137 and #41631, revert to 5.5.16 behavior * Thu Sep 18 2014 Remi Collet 5.5.17-1 - Update to 5.5.17 https://www.php.net/releases/5_5_17.php - fpm: fix script_name with mod_proxy_fcgi / proxypass add upstream patch for https://bugs.php.net/index.php * Thu Aug 21 2014 Remi Collet 5.5.16-1 - Update to 5.5.16 https://www.php.net/releases/5_5_16.php - fix zts-php-config --php-binary output #1124605 - move zts-php from php-devel to php-cli - revert fix for 67724 because of 67865 * Thu Jul 24 2014 Remi Collet 5.5.15-1 - Update to 5.5.15 https://www.php.net/releases/5_5_15.php * Wed Jul 16 2014 Remi Collet 5.5.14-2 - add upstream patch for #67605 * Thu Jun 26 2014 Remi Collet 5.5.14-1 - Update to 5.5.14 https://www.php.net/releases/5_5_14.php - fix test for rhbz #971416 * Thu Jun 5 2014 Remi Collet 5.5.13-3 - fix regression introduce in fix for #67118 * Tue Jun 3 2014 Remi Collet 5.5.13-2 - fileinfo: fix insufficient boundary check - workaround regression introduce in fix for 67072 in serialize/unzerialize functions * Fri May 30 2014 Remi Collet 5.5.13-1 - Update to 5.5.13 https://www.php.net/releases/5_5_13.php * Sat May 3 2014 Remi Collet 5.5.12-1 - Update to 5.5.12 https://www.php.net/releases/5_5_12.php - php-fpm: change default unix socket permission CVE-2014-0185 * Thu Apr 3 2014 Remi Collet 5.5.11-1 - Update to 5.5.11 https://www.php.net/ChangeLog-5.php * Thu Mar 6 2014 Remi Collet 5.5.10-1 - Update to 5.5.10 https://www.php.net/ChangeLog-5.php#5.5.10 - php-fpm should own /var/lib/php/session and wsdlcache - fix pcre test results with libpcre < 8.34 * Tue Feb 18 2014 Remi Collet 5.5.9-2 - upstream patch for https://bugs.php.net/index.php * Tue Feb 11 2014 Remi Collet 5.5.9-1 - Update to 5.5.9 https://www.php.net/ChangeLog-5.php - Install macros to /usr/lib/rpm/macros.d * Thu Jan 23 2014 Joe Orton - 5.5.8-2 - fix _httpd_mmn expansion in absence of httpd-devel * Wed Jan 8 2014 Remi Collet 5.5.8-1 - update to 5.5.8 - drop conflicts with other opcode caches as both can be used only for user data cache * Wed Dec 11 2013 Remi Collet 5.5.7-1 - update to 5.5.7, fix for CVE-2013-6420 - fix zend_register_functions breaks reflection, php bug 66218 - fix Heap buffer over-read in DateInterval, php bug 66060 - fix fix overflow handling bug in non-x86

References

[ 1 ] Bug #1185900 - CVE-2015-1351 php: use after free in opcache extension https://bugzilla.redhat.com/show_bug.cgi?id=1185900 [ 2 ] Bug #1213411 - php: use-after-free vulnerability in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER https://bugzilla.redhat.com/show_bug.cgi?id=1213411 [ 3 ] Bug #1213442 - php: denial of service when processing a crafted file with Fileinfo https://bugzilla.redhat.com/show_bug.cgi?id=1213442 [ 4 ] Bug #1213449 - CVE-2015-3329 php: Buffer Over flow when parsing tar/zip/phar in phar_set_inode() https://bugzilla.redhat.com/show_bug.cgi?id=1213449 [ 5 ] Bug #1185904 - CVE-2015-1352 php: NULL pointer dereference in pgsql extension https://bugzilla.redhat.com/show_bug.cgi?id=1185904 [ 6 ] Bug #1213407 - php: missing null byte checks for paths in various PHP extensions https://bugzilla.redhat.com/show_bug.cgi?id=1213407 [ 7 ] Bug #1213416 - php: NULL pointer dereference at ext/ereg/regex/regcomp.c https://bugzilla.redhat.com/show_bug.cgi?id=1213416 [ 8 ] Bug #1213446 - CVE-2015-2783 php: Buffer Over-read in unserialize when parsing Phar https://bugzilla.redhat.com/show_bug.cgi?id=1213446

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : php
Product : Fedora 20
Version : 5.5.24
Release : 1.fc20
URL : https://www.php.net/
Summary : PHP scripting language for creating dynamic web sites

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved