Home / vulnerabilitiesPDF  

Red Hat Security Advisory 2015-1066-01

Posted on 05 June 2015
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: php54 security and bug fix update
Advisory ID: RHSA-2015:1066-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1066.html
Issue date: 2015-06-04
CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652
CVE-2014-9705 CVE-2014-9709 CVE-2015-0231
CVE-2015-0232 CVE-2015-0273 CVE-2015-1351
CVE-2015-2301 CVE-2015-2305 CVE-2015-2348
CVE-2015-2787 CVE-2015-4147 CVE-2015-4148
=====================================================================

1. Summary:

Updated php54 collection packages that fix multiple security issues and
several bugs are now available as part of Red Hat Software Collections 2.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. The php54 packages provide a recent stable release of PHP with
the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a
number of additional utilities.

The php54 packages have been upgraded to upstream version 5.4.40, which
provides a number of bug fixes over the version shipped in Red Hat Software
Collections 1. (BZ#1168193)

The following security issues were fixed in the php54-php component:

An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)

Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148)

A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)

A heap buffer overflow flaw was found in PHP's regular expression
extension. An attacker able to make PHP process a specially crafted regular
expression pattern could cause it to crash and possibly execute arbitrary
code. (CVE-2015-2305)

A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)

A use-after-free flaw was found in PHP's phar (PHP Archive) extension.
An attacker able to trigger certain error condition in phar archive
processing could possibly use this flaw to disclose certain portions of
server memory. (CVE-2015-2301)

An ouf-of-bounds read flaw was found in the way the File Information
(fileinfo) extension processed certain Pascal strings. A remote attacker
could cause a PHP application to crash if it used fileinfo to identify the
type of the attacker-supplied file. (CVE-2014-9652)

It was found that PHP move_uploaded_file() function did not properly handle
file names with a NULL character. A remote attacker could possibly use this
flaw to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348)

A flaw was found in the way PHP handled malformed source files when running
in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.
(CVE-2014-9427)

The following security issue was fixed in the php54-php-pecl-zendopcache
component:

A use-after-free flaw was found in PHP's OPcache extension. This flaw could
possibly lead to a disclosure of a portion of the server memory.
(CVE-2015-1351)

All php54 users are advised to upgrade to these updated packages, which
correct these issues. After installing the updated packages, the httpd
service must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1055927 - REBASE to pecl/zendopcache version 7.0.4
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1178736 - CVE-2014-9427 php: out of bounds read when parsing a crafted .php file
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1185900 - CVE-2015-1351 php: use after free in opcache extension
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1191049 - CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm

x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):

Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm

x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm

x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm

x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
php54-2.0-1.el7.src.rpm
php54-php-5.4.40-1.el7.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm

x86_64:
php54-2.0-1.el7.x86_64.rpm
php54-php-5.4.40-1.el7.x86_64.rpm
php54-php-bcmath-5.4.40-1.el7.x86_64.rpm
php54-php-cli-5.4.40-1.el7.x86_64.rpm
php54-php-common-5.4.40-1.el7.x86_64.rpm
php54-php-dba-5.4.40-1.el7.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm
php54-php-devel-5.4.40-1.el7.x86_64.rpm
php54-php-enchant-5.4.40-1.el7.x86_64.rpm
php54-php-fpm-5.4.40-1.el7.x86_64.rpm
php54-php-gd-5.4.40-1.el7.x86_64.rpm
php54-php-intl-5.4.40-1.el7.x86_64.rpm
php54-php-ldap-5.4.40-1.el7.x86_64.rpm
php54-php-mbstring-5.4.40-1.el7.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm
php54-php-odbc-5.4.40-1.el7.x86_64.rpm
php54-php-pdo-5.4.40-1.el7.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm
php54-php-pgsql-5.4.40-1.el7.x86_64.rpm
php54-php-process-5.4.40-1.el7.x86_64.rpm
php54-php-pspell-5.4.40-1.el7.x86_64.rpm
php54-php-recode-5.4.40-1.el7.x86_64.rpm
php54-php-snmp-5.4.40-1.el7.x86_64.rpm
php54-php-soap-5.4.40-1.el7.x86_64.rpm
php54-php-xml-5.4.40-1.el7.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm
php54-runtime-2.0-1.el7.x86_64.rpm
php54-scldevel-2.0-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
php54-2.0-1.el7.src.rpm
php54-php-5.4.40-1.el7.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm

x86_64:
php54-2.0-1.el7.x86_64.rpm
php54-php-5.4.40-1.el7.x86_64.rpm
php54-php-bcmath-5.4.40-1.el7.x86_64.rpm
php54-php-cli-5.4.40-1.el7.x86_64.rpm
php54-php-common-5.4.40-1.el7.x86_64.rpm
php54-php-dba-5.4.40-1.el7.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm
php54-php-devel-5.4.40-1.el7.x86_64.rpm
php54-php-enchant-5.4.40-1.el7.x86_64.rpm
php54-php-fpm-5.4.40-1.el7.x86_64.rpm
php54-php-gd-5.4.40-1.el7.x86_64.rpm
php54-php-intl-5.4.40-1.el7.x86_64.rpm
php54-php-ldap-5.4.40-1.el7.x86_64.rpm
php54-php-mbstring-5.4.40-1.el7.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm
php54-php-odbc-5.4.40-1.el7.x86_64.rpm
php54-php-pdo-5.4.40-1.el7.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm
php54-php-pgsql-5.4.40-1.el7.x86_64.rpm
php54-php-process-5.4.40-1.el7.x86_64.rpm
php54-php-pspell-5.4.40-1.el7.x86_64.rpm
php54-php-recode-5.4.40-1.el7.x86_64.rpm
php54-php-snmp-5.4.40-1.el7.x86_64.rpm
php54-php-soap-5.4.40-1.el7.x86_64.rpm
php54-php-xml-5.4.40-1.el7.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm
php54-runtime-2.0-1.el7.x86_64.rpm
php54-scldevel-2.0-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9427
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-1351
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2305
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFVcBYSXlSAg2UNWIIRAoT1AJ9XFBGeD9SIxEla6ub7VHSrmJAtcgCfSjPe
YJoyzmnxjsdToxpNcMlTQOw=
=BUIg
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

 

TOP