Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Scientific Linux: SLSA-2015:1218-1 Moderate: PHP Security Issues

Scientific Large Esm H446
Moderate: php security update
Date: Thu, 9 Jul 2015 22:08:04 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: php on SL6.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20150709220804.3116.54129@slpackages.fnal.gov>

Synopsis: Moderate: php security update
Advisory ID: SLSA-2015:1218-1
Issue Date: 2015-07-09
CVE Numbers: CVE-2015-0232
 CVE-2014-9709
 CVE-2015-0273
 CVE-2014-9705
 CVE-2015-2301
 CVE-2015-4147
 CVE-2015-2787
 CVE-2015-4148
 CVE-2015-3411
 CVE-2015-2783
 CVE-2015-3329
 CVE-2015-4024
 CVE-2015-4599
 CVE-2015-4600
 CVE-2015-4601
 CVE-2015-4022
 CVE-2015-4026
 CVE-2015-4021
 CVE-2015-3307
 CVE-2015-3412
 CVE-2015-4598
 CVE-2015-4603
 CVE-2015-4602
 CVE-2014-9425
--

A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of
CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using
the exif_read_data() function to crash or, possibly, execute arbitrary
code with the privileges of the user running that PHP application.
(CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,
CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,
CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this
flaw to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,
CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application
using the imagecreatefromgif() function to crash. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function
in the PHP ZTS module. This flaw could possibly cause a PHP application to
crash. (CVE-2014-9425)

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
--

SL6
 x86_64
 php-5.3.3-46.el6_6.x86_64.rpm
 php-bcmath-5.3.3-46.el6_6.x86_64.rpm
 php-cli-5.3.3-46.el6_6.x86_64.rpm
 php-common-5.3.3-46.el6_6.x86_64.rpm
 php-dba-5.3.3-46.el6_6.x86_64.rpm
 php-debuginfo-5.3.3-46.el6_6.x86_64.rpm
 php-devel-5.3.3-46.el6_6.x86_64.rpm
 php-embedded-5.3.3-46.el6_6.x86_64.rpm
 php-enchant-5.3.3-46.el6_6.x86_64.rpm
 php-fpm-5.3.3-46.el6_6.x86_64.rpm
 php-gd-5.3.3-46.el6_6.x86_64.rpm
 php-imap-5.3.3-46.el6_6.x86_64.rpm
 php-intl-5.3.3-46.el6_6.x86_64.rpm
 php-ldap-5.3.3-46.el6_6.x86_64.rpm
 php-mbstring-5.3.3-46.el6_6.x86_64.rpm
 php-mysql-5.3.3-46.el6_6.x86_64.rpm
 php-odbc-5.3.3-46.el6_6.x86_64.rpm
 php-pdo-5.3.3-46.el6_6.x86_64.rpm
 php-pgsql-5.3.3-46.el6_6.x86_64.rpm
 php-process-5.3.3-46.el6_6.x86_64.rpm
 php-pspell-5.3.3-46.el6_6.x86_64.rpm
 php-recode-5.3.3-46.el6_6.x86_64.rpm
 php-snmp-5.3.3-46.el6_6.x86_64.rpm
 php-soap-5.3.3-46.el6_6.x86_64.rpm
 php-tidy-5.3.3-46.el6_6.x86_64.rpm
 php-xml-5.3.3-46.el6_6.x86_64.rpm
 php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm
 php-zts-5.3.3-46.el6_6.x86_64.rpm
 i386
 php-5.3.3-46.el6_6.i686.rpm
 php-bcmath-5.3.3-46.el6_6.i686.rpm
 php-cli-5.3.3-46.el6_6.i686.rpm
 php-common-5.3.3-46.el6_6.i686.rpm
 php-dba-5.3.3-46.el6_6.i686.rpm
 php-debuginfo-5.3.3-46.el6_6.i686.rpm
 php-devel-5.3.3-46.el6_6.i686.rpm
 php-embedded-5.3.3-46.el6_6.i686.rpm
 php-enchant-5.3.3-46.el6_6.i686.rpm
 php-fpm-5.3.3-46.el6_6.i686.rpm
 php-gd-5.3.3-46.el6_6.i686.rpm
 php-imap-5.3.3-46.el6_6.i686.rpm
 php-intl-5.3.3-46.el6_6.i686.rpm
 php-ldap-5.3.3-46.el6_6.i686.rpm
 php-mbstring-5.3.3-46.el6_6.i686.rpm
 php-mysql-5.3.3-46.el6_6.i686.rpm
 php-odbc-5.3.3-46.el6_6.i686.rpm
 php-pdo-5.3.3-46.el6_6.i686.rpm
 php-pgsql-5.3.3-46.el6_6.i686.rpm
 php-process-5.3.3-46.el6_6.i686.rpm
 php-pspell-5.3.3-46.el6_6.i686.rpm
 php-recode-5.3.3-46.el6_6.i686.rpm
 php-snmp-5.3.3-46.el6_6.i686.rpm
 php-soap-5.3.3-46.el6_6.i686.rpm
 php-tidy-5.3.3-46.el6_6.i686.rpm
 php-xml-5.3.3-46.el6_6.i686.rpm
 php-xmlrpc-5.3.3-46.el6_6.i686.rpm
 php-zts-5.3.3-46.el6_6.i686.rpm

- Scientific Linux Development Team