MGASA-2015-0040

Description

Updated php packages fix security vulnerabilities Updated php and libgd packages fix security vulnerabilities: Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP before 5.5.21 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2014-9425). sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (CVE-2014-9427). Use after free vulnerability in unserialize() in PHP before 5.5.21 (CVE-2015-0231). Free called on an uninitialized pointer in php-exif in PHP before 5.5.21 (CVE-2015-0232). The readelf.c source file has been removed from PHP's bundled copy of file's libmagic, eliminating exposure to denial of service issues in ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620 and CVE-2014-9621 in PHP's fileinfo module. A buffer read overflow in gd_gif_in.c in the php#68601 bug referenced in the PHP 5.5.21 ChangeLog has been fixed in the libgd package. The php package has been updated to version 5.5.21 to fix these issues and other bugs. Please see the upstream ChangeLog for more information.

Affected Systems

• mageia•libgd

  < 2.1.0-3.2.mga4

• mageia•php

  < 5.5.21-1.mga4

• mageia•php-apc

  < 3.1.15-4.11.mga4

References (3)

• https://advisories.mageia.org/MGASA-2015-0040.html
• https://bugs.mageia.org/show_bug.cgi?id=15121
• http://php.net/ChangeLog-5.php#5.5.21