Bug 16703

Summary: PHP 5.5.29
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/656983/
Whiteboard: advisory MGA4-32-OK
Source RPM: php-5.5.28-1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-09-04 20:10:49 CEST 
Upstream has released version 5.5.29 today (September 4):
http://php.net/archive/2015.php#id2015-09-04-3

There are security fixes, but as usual, there are no CVEs yet.  Advisory to come later.

References:
http://www.php.net/ChangeLog-5.php#5.5.29

Updated packages in core/updates_testing:
========================
php-ini-5.5.29-1.mga4
apache-mod_php-5.5.29-1.mga4
php-cli-5.5.29-1.mga4
php-cgi-5.5.29-1.mga4
libphp5_common5-5.5.29-1.mga4
php-devel-5.5.29-1.mga4
php-openssl-5.5.29-1.mga4
php-zlib-5.5.29-1.mga4
php-doc-5.5.29-1.mga4
php-bcmath-5.5.29-1.mga4
php-bz2-5.5.29-1.mga4
php-calendar-5.5.29-1.mga4
php-ctype-5.5.29-1.mga4
php-curl-5.5.29-1.mga4
php-dba-5.5.29-1.mga4
php-dom-5.5.29-1.mga4
php-enchant-5.5.29-1.mga4
php-exif-5.5.29-1.mga4
php-fileinfo-5.5.29-1.mga4
php-filter-5.5.29-1.mga4
php-ftp-5.5.29-1.mga4
php-gd-5.5.29-1.mga4
php-gettext-5.5.29-1.mga4
php-gmp-5.5.29-1.mga4
php-hash-5.5.29-1.mga4
php-iconv-5.5.29-1.mga4
php-imap-5.5.29-1.mga4
php-interbase-5.5.29-1.mga4
php-intl-5.5.29-1.mga4
php-json-5.5.29-1.mga4
php-ldap-5.5.29-1.mga4
php-mbstring-5.5.29-1.mga4
php-mcrypt-5.5.29-1.mga4
php-mssql-5.5.29-1.mga4
php-mysql-5.5.29-1.mga4
php-mysqli-5.5.29-1.mga4
php-mysqlnd-5.5.29-1.mga4
php-odbc-5.5.29-1.mga4
php-opcache-5.5.29-1.mga4
php-pcntl-5.5.29-1.mga4
php-pdo-5.5.29-1.mga4
php-pdo_dblib-5.5.29-1.mga4
php-pdo_firebird-5.5.29-1.mga4
php-pdo_mysql-5.5.29-1.mga4
php-pdo_odbc-5.5.29-1.mga4
php-pdo_pgsql-5.5.29-1.mga4
php-pdo_sqlite-5.5.29-1.mga4
php-pgsql-5.5.29-1.mga4
php-phar-5.5.29-1.mga4
php-posix-5.5.29-1.mga4
php-readline-5.5.29-1.mga4
php-recode-5.5.29-1.mga4
php-session-5.5.29-1.mga4
php-shmop-5.5.29-1.mga4
php-snmp-5.5.29-1.mga4
php-soap-5.5.29-1.mga4
php-sockets-5.5.29-1.mga4
php-sqlite3-5.5.29-1.mga4
php-sybase_ct-5.5.29-1.mga4
php-sysvmsg-5.5.29-1.mga4
php-sysvsem-5.5.29-1.mga4
php-sysvshm-5.5.29-1.mga4
php-tidy-5.5.29-1.mga4
php-tokenizer-5.5.29-1.mga4
php-xml-5.5.29-1.mga4
php-xmlreader-5.5.29-1.mga4
php-xmlrpc-5.5.29-1.mga4
php-xmlwriter-5.5.29-1.mga4
php-xsl-5.5.29-1.mga4
php-wddx-5.5.29-1.mga4
php-zip-5.5.29-1.mga4
php-fpm-5.5.29-1.mga4
php-apc-3.1.15-4.19.mga4
php-apc-admin-3.1.15-4.19.mga4

from SRPMS:
php-5.5.29-1.mga4.src.rpm
php-apc-3.1.15-4.19.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-09-07 02:56:16 CEST 
Works fine Mageia 4 i586 with my usual test cases.

Whiteboard: (none) => MGA4-32-OK

Comment 2 David Walser 2015-09-07 19:24:18 CEST 
CVE requests:
http://openwall.com/lists/oss-security/2015/09/07/5
Comment 3 David Walser 2015-09-08 16:25:56 CEST 
Advisory:
========================

Updated php packages fix security vulnerabilities:

The php package has been updated to version 5.5.29, which fixes several
security issues and other bugs.  See the upstream ChangeLog for more details.

References:
http://www.php.net/ChangeLog-5.php#5.5.29
Comment 4 claire robinson 2015-09-08 16:39:57 CEST 
Advisory uploaded.

Whiteboard: MGA4-32-OK => advisory MGA4-32-OK

Comment 5 David Walser 2015-09-08 21:08:29 CEST 
CVE-2015-6834 through CVE-2015-6838 assigned to this update:
http://openwall.com/lists/oss-security/2015/09/08/8

Advisory:
========================

Updated php packages fix security vulnerabilities:

The php package has been updated to version 5.5.29, which fixes several
security issues and other bugs.  See the upstream ChangeLog for more details.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6838
http://www.php.net/ChangeLog-5.php#5.5.29
http://openwall.com/lists/oss-security/2015/09/08/8
David Walser 2015-09-09 19:49:53 CEST

URL: (none) => http://lwn.net/Vulnerabilities/656983/

Comment 6 claire robinson 2015-09-13 22:09:12 CEST 
Validating. Advisory updated.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2015-09-13 23:59:37 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0365.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED