Advisories ยป MGASA-2015-0040

Updated php packages fix security vulnerabilities

Publication date: 27 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8116 , CVE-2014-8117 , CVE-2014-9425 , CVE-2014-9427 , CVE-2014-9620 , CVE-2014-9621 , CVE-2015-0231 , CVE-2015-0232

Description

Updated php and libgd packages fix security vulnerabilities:

Double free vulnerability in the zend_ts_hash_graceful_destroy function in
zend_ts_hash.c in the Zend Engine in PHP before 5.5.21 allows remote
attackers to cause a denial of service or possibly have unspecified other
impact via unknown vectors (CVE-2014-9425).

sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when mmap is
used to read a .php file, does not properly consider the mapping's length
during processing of an invalid file that begins with a # character and lacks
a newline character, which causes an out-of-bounds read and might allow remote
attackers to obtain sensitive information from php-cgi process memory by
leveraging the ability to upload a .php file or trigger unexpected code
execution if a valid PHP script is present in memory locations adjacent to the
mapping (CVE-2014-9427).

Use after free vulnerability in unserialize() in PHP before 5.5.21
(CVE-2015-0231).

Free called on an uninitialized pointer in php-exif in PHP before 5.5.21
(CVE-2015-0232).

The readelf.c source file has been removed from PHP's bundled copy of file's
libmagic, eliminating exposure to denial of service issues in ELF file parsing
such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620 and CVE-2014-9621 in PHP's
fileinfo module.

A buffer read overflow in gd_gif_in.c in the php#68601 bug referenced in the
PHP 5.5.21 ChangeLog has been fixed in the libgd package.

The php package has been updated to version 5.5.21 to fix these issues and
other bugs. Please see the upstream ChangeLog for more information.
                

References

SRPMS

4/core