You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php

Sigurnosni nedostaci programskog paketa php

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2015-14976
2015-09-14 18:15:25.986582
——————————————————————————–

Name : php
Product : Fedora 21
Version : 5.6.13
Release : 1.fc21
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

——————————————————————————–
Update Information:

03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on
pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed
bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol
Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
(Stas) * Fixed bug #70219 (Use after free vulnerability in session
deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug
#66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug
#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266
(DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)
* Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
(cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with
TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312
(HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)
**MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
**Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation fault
with opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232
(Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixed
bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)
**SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion /
RCE). (Stas) **SPL:** * Fixed bug #70290 (Null pointer deref (segfault) in
spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug
#70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug
#70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
(taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free
vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at
icloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails for
very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string()
segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug
#69782 (NULL pointer dereference). (Stas)
——————————————————————————–
References:

[ 1 ] Bug #1260711 – CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class
https://bugzilla.redhat.com/show_bug.cgi?id=1260711
[ 2 ] Bug #1260741 – php: Null pointer deref (segfault) in spl_autoload via ob_start
https://bugzilla.redhat.com/show_bug.cgi?id=1260741
[ 3 ] Bug #1260734 – php: new DateTimeZone($foo) is ignoring text after null byte
https://bugzilla.redhat.com/show_bug.cgi?id=1260734
[ 4 ] Bug #1260707 – php: Another use-after-free vulnerability in unserialize() with SplDoublyLinkedList
https://bugzilla.redhat.com/show_bug.cgi?id=1260707
[ 5 ] Bug #1260671 – php: HAVAL gives wrong hashes in specific cases
https://bugzilla.redhat.com/show_bug.cgi?id=1260671
[ 6 ] Bug #1260642 – CVE-2015-6834 php: Use After Free Vulnerability in unserialize()
https://bugzilla.redhat.com/show_bug.cgi?id=1260642
[ 7 ] Bug #1260683 – CVE-2015-6836 php: SOAP serialize_function_call() type confusion / RCE
https://bugzilla.redhat.com/show_bug.cgi?id=1260683
[ 8 ] Bug #1260667 – php: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes
https://bugzilla.redhat.com/show_bug.cgi?id=1260667
[ 9 ] Bug #1260647 – CVE-2015-6835 php: Use after free vulnerability in session deserializer
https://bugzilla.redhat.com/show_bug.cgi?id=1260647
[ 10 ] Bug #1260748 – php: getimagesize() fails for very large WBMP causing an integer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1260748
[ 11 ] Bug #1260695 – php: Another use-after-free vulnerability in unserialize() with SplObjectStorage
https://bugzilla.redhat.com/show_bug.cgi?id=1260695
[ 12 ] Bug #1260674 – php: Multiple vulnerabilities related to PCRE functions
https://bugzilla.redhat.com/show_bug.cgi?id=1260674
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-14977
2015-09-14 18:16:15.213671
——————————————————————————–

Name : php
Product : Fedora 22
Version : 5.6.13
Release : 1.fc22
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

——————————————————————————–
Update Information:

03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on
pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed
bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol
Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
(Stas) * Fixed bug #70219 (Use after free vulnerability in session
deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug
#66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug
#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266
(DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)
* Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
(cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with
TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312
(HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)
**MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
**Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation fault
with opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232
(Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixed
bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)
**SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion /
RCE). (Stas) **SPL:** * Fixed bug #70290 (Null pointer deref (segfault) in
spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug
#70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug
#70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
(taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free
vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at
icloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails for
very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string()
segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug
#69782 (NULL pointer dereference). (Stas)
——————————————————————————–
References:

[ 1 ] Bug #1260642 – CVE-2015-6834 php: Use After Free Vulnerability in unserialize()
https://bugzilla.redhat.com/show_bug.cgi?id=1260642
[ 2 ] Bug #1260741 – php: Null pointer deref (segfault) in spl_autoload via ob_start
https://bugzilla.redhat.com/show_bug.cgi?id=1260741
[ 3 ] Bug #1260734 – php: new DateTimeZone($foo) is ignoring text after null byte
https://bugzilla.redhat.com/show_bug.cgi?id=1260734
[ 4 ] Bug #1260674 – php: Multiple vulnerabilities related to PCRE functions
https://bugzilla.redhat.com/show_bug.cgi?id=1260674
[ 5 ] Bug #1260667 – php: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes
https://bugzilla.redhat.com/show_bug.cgi?id=1260667
[ 6 ] Bug #1260683 – CVE-2015-6836 php: SOAP serialize_function_call() type confusion / RCE
https://bugzilla.redhat.com/show_bug.cgi?id=1260683
[ 7 ] Bug #1260647 – CVE-2015-6835 php: Use after free vulnerability in session deserializer
https://bugzilla.redhat.com/show_bug.cgi?id=1260647
[ 8 ] Bug #1260711 – CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class
https://bugzilla.redhat.com/show_bug.cgi?id=1260711
[ 9 ] Bug #1260695 – php: Another use-after-free vulnerability in unserialize() with SplObjectStorage
https://bugzilla.redhat.com/show_bug.cgi?id=1260695
[ 10 ] Bug #1260671 – php: HAVAL gives wrong hashes in specific cases
https://bugzilla.redhat.com/show_bug.cgi?id=1260671
[ 11 ] Bug #1260707 – php: Another use-after-free vulnerability in unserialize() with SplDoublyLinkedList
https://bugzilla.redhat.com/show_bug.cgi?id=1260707
[ 12 ] Bug #1260748 – php: getimagesize() fails for very large WBMP causing an integer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1260748
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarijo Plepelic
Cert idNCERT-REF-2015-09-0007-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa openldap

Otkriven je sigurnosni nedostatak u programskom paketu openldap. Otkriveni nedostatak je posljedica neispravne obrade BER podataka. Potencijalnim udaljenim napadačima omogućuje...

Close