You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa php55 i php54

Sigurnosni nedostaci programskih paketa php55 i php54

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: php55 security and bug fix update
Advisory ID: RHSA-2015:1053-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1053.html
Issue date: 2015-06-04
CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652
CVE-2014-9705 CVE-2014-9709 CVE-2015-0231
CVE-2015-0232 CVE-2015-0273 CVE-2015-1351
CVE-2015-1352 CVE-2015-2301 CVE-2015-2305
CVE-2015-2348 CVE-2015-2787 CVE-2015-4147
CVE-2015-4148
=====================================================================

1. Summary:

Updated php55 collection packages that fix multiple security issues and
several bugs are now available as part of Red Hat Software Collections 2.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) – x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) – x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) – x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) – x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) – x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) – x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. The php55 packages provide a recent stable release of PHP with
the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a
number of additional utilities.

The php55 packages have been upgraded to upstream version 5.5.21, which
provides multiple bug fixes over the version shipped in Red Hat Software
Collections 1. (BZ#1057089)

The following security issues were fixed in the php55-php component:

An uninitialized pointer use flaw was found in PHP’s Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)

Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148)

A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP’s enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)

A heap buffer overflow flaw was found in PHP’s regular expression
extension. An attacker able to make PHP process a specially crafted regular
expression pattern could cause it to crash and possibly execute arbitrary
code. (CVE-2015-2305)

A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)

A use-after-free flaw was found in PHP’s OPcache extension. This flaw could
possibly lead to a disclosure of a portion of the server memory.
(CVE-2015-1351)

A use-after-free flaw was found in PHP’s phar (PHP Archive) extension.
An attacker able to trigger certain error condition in phar archive
processing could possibly use this flaw to disclose certain portions of
server memory. (CVE-2015-2301)

An ouf-of-bounds read flaw was found in the way the File Information
(fileinfo) extension processed certain Pascal strings. A remote attacker
could cause a PHP application to crash if it used fileinfo to identify the
type of the attacker-supplied file. (CVE-2014-9652)

It was found that PHP move_uploaded_file() function did not properly handle
file names with a NULL character. A remote attacker could possibly use this
flaw to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348)

A NULL pointer dereference flaw was found in PHP’s pgsql extension. A
specially crafted table name passed to a function such as pg_insert() or
pg_select() could cause a PHP application to crash. (CVE-2015-1352)

A flaw was found in the way PHP handled malformed source files when running
in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.
(CVE-2014-9427)

All php55 users are advised to upgrade to these updated packages, which
correct these issues. After installing the updated packages, the
httpd24-httpd service must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1132446 – php55-php-fpm misinterpreting error_log=syslog
1175718 – CVE-2014-8142 php: use after free vulnerability in unserialize()
1178736 – CVE-2014-9427 php: out of bounds read when parsing a crafted .php file
1185397 – CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 – CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1185900 – CVE-2015-1351 php: use after free in opcache extension
1185904 – CVE-2015-1352 php: NULL pointer dereference in pgsql extension
1188599 – CVE-2014-9652 file: out of bounds read in mconvert()
1188639 – CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1191049 – CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures
1194730 – CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 – CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 – CVE-2015-2301 php: use after free in phar_object.c
1204868 – CVE-2015-4147 php: SoapClient’s __call() type confusion through unserialize()
1207676 – CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 – CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1226916 – CVE-2015-4148 php: SoapClient’s do_soap_call() type confusion after unserialize()

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm

x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):

Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm

x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm

x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm

x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
php55-2.0-1.el7.src.rpm
php55-php-5.5.21-2.el7.src.rpm

x86_64:
php55-2.0-1.el7.x86_64.rpm
php55-php-5.5.21-2.el7.x86_64.rpm
php55-php-bcmath-5.5.21-2.el7.x86_64.rpm
php55-php-cli-5.5.21-2.el7.x86_64.rpm
php55-php-common-5.5.21-2.el7.x86_64.rpm
php55-php-dba-5.5.21-2.el7.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm
php55-php-devel-5.5.21-2.el7.x86_64.rpm
php55-php-enchant-5.5.21-2.el7.x86_64.rpm
php55-php-fpm-5.5.21-2.el7.x86_64.rpm
php55-php-gd-5.5.21-2.el7.x86_64.rpm
php55-php-gmp-5.5.21-2.el7.x86_64.rpm
php55-php-intl-5.5.21-2.el7.x86_64.rpm
php55-php-ldap-5.5.21-2.el7.x86_64.rpm
php55-php-mbstring-5.5.21-2.el7.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm
php55-php-odbc-5.5.21-2.el7.x86_64.rpm
php55-php-opcache-5.5.21-2.el7.x86_64.rpm
php55-php-pdo-5.5.21-2.el7.x86_64.rpm
php55-php-pgsql-5.5.21-2.el7.x86_64.rpm
php55-php-process-5.5.21-2.el7.x86_64.rpm
php55-php-pspell-5.5.21-2.el7.x86_64.rpm
php55-php-recode-5.5.21-2.el7.x86_64.rpm
php55-php-snmp-5.5.21-2.el7.x86_64.rpm
php55-php-soap-5.5.21-2.el7.x86_64.rpm
php55-php-xml-5.5.21-2.el7.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm
php55-runtime-2.0-1.el7.x86_64.rpm
php55-scldevel-2.0-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
php55-2.0-1.el7.src.rpm
php55-php-5.5.21-2.el7.src.rpm

x86_64:
php55-2.0-1.el7.x86_64.rpm
php55-php-5.5.21-2.el7.x86_64.rpm
php55-php-bcmath-5.5.21-2.el7.x86_64.rpm
php55-php-cli-5.5.21-2.el7.x86_64.rpm
php55-php-common-5.5.21-2.el7.x86_64.rpm
php55-php-dba-5.5.21-2.el7.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm
php55-php-devel-5.5.21-2.el7.x86_64.rpm
php55-php-enchant-5.5.21-2.el7.x86_64.rpm
php55-php-fpm-5.5.21-2.el7.x86_64.rpm
php55-php-gd-5.5.21-2.el7.x86_64.rpm
php55-php-gmp-5.5.21-2.el7.x86_64.rpm
php55-php-intl-5.5.21-2.el7.x86_64.rpm
php55-php-ldap-5.5.21-2.el7.x86_64.rpm
php55-php-mbstring-5.5.21-2.el7.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm
php55-php-odbc-5.5.21-2.el7.x86_64.rpm
php55-php-opcache-5.5.21-2.el7.x86_64.rpm
php55-php-pdo-5.5.21-2.el7.x86_64.rpm
php55-php-pgsql-5.5.21-2.el7.x86_64.rpm
php55-php-process-5.5.21-2.el7.x86_64.rpm
php55-php-pspell-5.5.21-2.el7.x86_64.rpm
php55-php-recode-5.5.21-2.el7.x86_64.rpm
php55-php-snmp-5.5.21-2.el7.x86_64.rpm
php55-php-soap-5.5.21-2.el7.x86_64.rpm
php55-php-xml-5.5.21-2.el7.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm
php55-runtime-2.0-1.el7.x86_64.rpm
php55-scldevel-2.0-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9427
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-1351
https://access.redhat.com/security/cve/CVE-2015-1352
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2305
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iD8DBQFVcBWDXlSAg2UNWIIRAnzoAJ9qn4wDNXMD8JU1N7k7nEzKlPpGDwCgi0Si
MD3ZncY/P8Pl6+DgQxJQCjo=
=MxfY
—–END PGP SIGNATURE—–


Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: php54 security and bug fix update
Advisory ID: RHSA-2015:1066-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1066.html
Issue date: 2015-06-04
CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652
CVE-2014-9705 CVE-2014-9709 CVE-2015-0231
CVE-2015-0232 CVE-2015-0273 CVE-2015-1351
CVE-2015-2301 CVE-2015-2305 CVE-2015-2348
CVE-2015-2787 CVE-2015-4147 CVE-2015-4148
=====================================================================

1. Summary:

Updated php54 collection packages that fix multiple security issues and
several bugs are now available as part of Red Hat Software Collections 2.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) – x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) – x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) – x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) – x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) – x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) – x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. The php54 packages provide a recent stable release of PHP with
the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a
number of additional utilities.

The php54 packages have been upgraded to upstream version 5.4.40, which
provides a number of bug fixes over the version shipped in Red Hat Software
Collections 1. (BZ#1168193)

The following security issues were fixed in the php54-php component:

An uninitialized pointer use flaw was found in PHP’s Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)

Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148)

A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP’s enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)

A heap buffer overflow flaw was found in PHP’s regular expression
extension. An attacker able to make PHP process a specially crafted regular
expression pattern could cause it to crash and possibly execute arbitrary
code. (CVE-2015-2305)

A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)

A use-after-free flaw was found in PHP’s phar (PHP Archive) extension.
An attacker able to trigger certain error condition in phar archive
processing could possibly use this flaw to disclose certain portions of
server memory. (CVE-2015-2301)

An ouf-of-bounds read flaw was found in the way the File Information
(fileinfo) extension processed certain Pascal strings. A remote attacker
could cause a PHP application to crash if it used fileinfo to identify the
type of the attacker-supplied file. (CVE-2014-9652)

It was found that PHP move_uploaded_file() function did not properly handle
file names with a NULL character. A remote attacker could possibly use this
flaw to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348)

A flaw was found in the way PHP handled malformed source files when running
in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.
(CVE-2014-9427)

The following security issue was fixed in the php54-php-pecl-zendopcache
component:

A use-after-free flaw was found in PHP’s OPcache extension. This flaw could
possibly lead to a disclosure of a portion of the server memory.
(CVE-2015-1351)

All php54 users are advised to upgrade to these updated packages, which
correct these issues. After installing the updated packages, the httpd
service must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1055927 – REBASE to pecl/zendopcache version 7.0.4
1175718 – CVE-2014-8142 php: use after free vulnerability in unserialize()
1178736 – CVE-2014-9427 php: out of bounds read when parsing a crafted .php file
1185397 – CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 – CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1185900 – CVE-2015-1351 php: use after free in opcache extension
1188599 – CVE-2014-9652 file: out of bounds read in mconvert()
1188639 – CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1191049 – CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures
1194730 – CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 – CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 – CVE-2015-2301 php: use after free in phar_object.c
1204868 – CVE-2015-4147 php: SoapClient’s __call() type confusion through unserialize()
1207676 – CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 – CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1226916 – CVE-2015-4148 php: SoapClient’s do_soap_call() type confusion after unserialize()

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm

x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):

Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm

x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm

x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm

x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
php54-2.0-1.el7.src.rpm
php54-php-5.4.40-1.el7.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm

x86_64:
php54-2.0-1.el7.x86_64.rpm
php54-php-5.4.40-1.el7.x86_64.rpm
php54-php-bcmath-5.4.40-1.el7.x86_64.rpm
php54-php-cli-5.4.40-1.el7.x86_64.rpm
php54-php-common-5.4.40-1.el7.x86_64.rpm
php54-php-dba-5.4.40-1.el7.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm
php54-php-devel-5.4.40-1.el7.x86_64.rpm
php54-php-enchant-5.4.40-1.el7.x86_64.rpm
php54-php-fpm-5.4.40-1.el7.x86_64.rpm
php54-php-gd-5.4.40-1.el7.x86_64.rpm
php54-php-intl-5.4.40-1.el7.x86_64.rpm
php54-php-ldap-5.4.40-1.el7.x86_64.rpm
php54-php-mbstring-5.4.40-1.el7.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm
php54-php-odbc-5.4.40-1.el7.x86_64.rpm
php54-php-pdo-5.4.40-1.el7.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm
php54-php-pgsql-5.4.40-1.el7.x86_64.rpm
php54-php-process-5.4.40-1.el7.x86_64.rpm
php54-php-pspell-5.4.40-1.el7.x86_64.rpm
php54-php-recode-5.4.40-1.el7.x86_64.rpm
php54-php-snmp-5.4.40-1.el7.x86_64.rpm
php54-php-soap-5.4.40-1.el7.x86_64.rpm
php54-php-xml-5.4.40-1.el7.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm
php54-runtime-2.0-1.el7.x86_64.rpm
php54-scldevel-2.0-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
php54-2.0-1.el7.src.rpm
php54-php-5.4.40-1.el7.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm

x86_64:
php54-2.0-1.el7.x86_64.rpm
php54-php-5.4.40-1.el7.x86_64.rpm
php54-php-bcmath-5.4.40-1.el7.x86_64.rpm
php54-php-cli-5.4.40-1.el7.x86_64.rpm
php54-php-common-5.4.40-1.el7.x86_64.rpm
php54-php-dba-5.4.40-1.el7.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm
php54-php-devel-5.4.40-1.el7.x86_64.rpm
php54-php-enchant-5.4.40-1.el7.x86_64.rpm
php54-php-fpm-5.4.40-1.el7.x86_64.rpm
php54-php-gd-5.4.40-1.el7.x86_64.rpm
php54-php-intl-5.4.40-1.el7.x86_64.rpm
php54-php-ldap-5.4.40-1.el7.x86_64.rpm
php54-php-mbstring-5.4.40-1.el7.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm
php54-php-odbc-5.4.40-1.el7.x86_64.rpm
php54-php-pdo-5.4.40-1.el7.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm
php54-php-pgsql-5.4.40-1.el7.x86_64.rpm
php54-php-process-5.4.40-1.el7.x86_64.rpm
php54-php-pspell-5.4.40-1.el7.x86_64.rpm
php54-php-recode-5.4.40-1.el7.x86_64.rpm
php54-php-snmp-5.4.40-1.el7.x86_64.rpm
php54-php-soap-5.4.40-1.el7.x86_64.rpm
php54-php-xml-5.4.40-1.el7.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm
php54-runtime-2.0-1.el7.x86_64.rpm
php54-scldevel-2.0-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9427
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-1351
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2305
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iD8DBQFVcBYSXlSAg2UNWIIRAoT1AJ9XFBGeD9SIxEla6ub7VHSrmJAtcgCfSjPe
YJoyzmnxjsdToxpNcMlTQOw=
=BUIg
—–END PGP SIGNATURE—–


Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa netty

Otkriven je sigurnosni nedostatak u programskom paketu netty za operacijski sustav Fedora 21. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje httpOnly...

Close