Date:         Thu, 9 Jul 2015 22:08:04 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Security ERRATA Moderate: php on SL6.x i386/x86_64
MIME-Version: 1.0
Message-ID:  <20150709220804.3116.54129@slpackages.fnal.gov>

Synopsis:          Moderate: php security update
Advisory ID:       SLSA-2015:1218-1
Issue Date:        2015-07-09
CVE Numbers:       CVE-2015-0232
                   CVE-2014-9709
                   CVE-2015-0273
                   CVE-2014-9705
                   CVE-2015-2301
                   CVE-2015-4147
                   CVE-2015-2787
                   CVE-2015-4148
                   CVE-2015-3411
                   CVE-2015-2783
                   CVE-2015-3329
                   CVE-2015-4024
                   CVE-2015-4599
                   CVE-2015-4600
                   CVE-2015-4601
                   CVE-2015-4022
                   CVE-2015-4026
                   CVE-2015-4021
                   CVE-2015-3307
                   CVE-2015-3412
                   CVE-2015-4598
                   CVE-2015-4603
                   CVE-2015-4602
                   CVE-2014-9425
--

A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of
CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using
the exif_read_data() function to crash or, possibly, execute arbitrary
code with the privileges of the user running that PHP application.
(CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,
CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,
CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this
flaw to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,
CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application
using the imagecreatefromgif() function to crash. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function
in the PHP ZTS module. This flaw could possibly cause a PHP application to
crash. (CVE-2014-9425)

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
--

SL6
  x86_64
    php-5.3.3-46.el6_6.x86_64.rpm
    php-bcmath-5.3.3-46.el6_6.x86_64.rpm
    php-cli-5.3.3-46.el6_6.x86_64.rpm
    php-common-5.3.3-46.el6_6.x86_64.rpm
    php-dba-5.3.3-46.el6_6.x86_64.rpm
    php-debuginfo-5.3.3-46.el6_6.x86_64.rpm
    php-devel-5.3.3-46.el6_6.x86_64.rpm
    php-embedded-5.3.3-46.el6_6.x86_64.rpm
    php-enchant-5.3.3-46.el6_6.x86_64.rpm
    php-fpm-5.3.3-46.el6_6.x86_64.rpm
    php-gd-5.3.3-46.el6_6.x86_64.rpm
    php-imap-5.3.3-46.el6_6.x86_64.rpm
    php-intl-5.3.3-46.el6_6.x86_64.rpm
    php-ldap-5.3.3-46.el6_6.x86_64.rpm
    php-mbstring-5.3.3-46.el6_6.x86_64.rpm
    php-mysql-5.3.3-46.el6_6.x86_64.rpm
    php-odbc-5.3.3-46.el6_6.x86_64.rpm
    php-pdo-5.3.3-46.el6_6.x86_64.rpm
    php-pgsql-5.3.3-46.el6_6.x86_64.rpm
    php-process-5.3.3-46.el6_6.x86_64.rpm
    php-pspell-5.3.3-46.el6_6.x86_64.rpm
    php-recode-5.3.3-46.el6_6.x86_64.rpm
    php-snmp-5.3.3-46.el6_6.x86_64.rpm
    php-soap-5.3.3-46.el6_6.x86_64.rpm
    php-tidy-5.3.3-46.el6_6.x86_64.rpm
    php-xml-5.3.3-46.el6_6.x86_64.rpm
    php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm
    php-zts-5.3.3-46.el6_6.x86_64.rpm
  i386
    php-5.3.3-46.el6_6.i686.rpm
    php-bcmath-5.3.3-46.el6_6.i686.rpm
    php-cli-5.3.3-46.el6_6.i686.rpm
    php-common-5.3.3-46.el6_6.i686.rpm
    php-dba-5.3.3-46.el6_6.i686.rpm
    php-debuginfo-5.3.3-46.el6_6.i686.rpm
    php-devel-5.3.3-46.el6_6.i686.rpm
    php-embedded-5.3.3-46.el6_6.i686.rpm
    php-enchant-5.3.3-46.el6_6.i686.rpm
    php-fpm-5.3.3-46.el6_6.i686.rpm
    php-gd-5.3.3-46.el6_6.i686.rpm
    php-imap-5.3.3-46.el6_6.i686.rpm
    php-intl-5.3.3-46.el6_6.i686.rpm
    php-ldap-5.3.3-46.el6_6.i686.rpm
    php-mbstring-5.3.3-46.el6_6.i686.rpm
    php-mysql-5.3.3-46.el6_6.i686.rpm
    php-odbc-5.3.3-46.el6_6.i686.rpm
    php-pdo-5.3.3-46.el6_6.i686.rpm
    php-pgsql-5.3.3-46.el6_6.i686.rpm
    php-process-5.3.3-46.el6_6.i686.rpm
    php-pspell-5.3.3-46.el6_6.i686.rpm
    php-recode-5.3.3-46.el6_6.i686.rpm
    php-snmp-5.3.3-46.el6_6.i686.rpm
    php-soap-5.3.3-46.el6_6.i686.rpm
    php-tidy-5.3.3-46.el6_6.i686.rpm
    php-xml-5.3.3-46.el6_6.i686.rpm
    php-xmlrpc-5.3.3-46.el6_6.i686.rpm
    php-zts-5.3.3-46.el6_6.i686.rpm

- Scientific Linux Development Team