| Summary: | PHP 5.6.20 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | brtians1, davidwhodgins, dpremy, shlomif, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/682390/ | ||
| Whiteboard: | MGA5-64-OK MGA5-32-OK advisory | ||
| Source RPM: | php-5.6.19-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-03-31 17:03:09 CEST
Dave Hodgins
2016-03-31 19:23:20 CEST
CC:
(none) =>
davidwhodgins Tested phpmyadmin and a short proof-of-concept CLI PHP program - seems to work fine on mageia v5 x86-64. marking as MGA5-64-OK. CC:
(none) =>
shlomif Testing on x86_64 with working Dokuwiki on top of Nginx and php-fpm. After upgrade of installed packages dokuwiki is still working, I've logged in, can update pages, and various admin features are working.
Tested on:
Mageia release 5 (Official) for x86_64
Package(s) Under Test:
rpm -qa | egrep '^php.*5\.6\.*'
php-cli-5.6.19-1.mga5
php-ctype-5.6.19-1.mga5
php-dom-5.6.19-1.mga5
php-filter-5.6.19-1.mga5
php-fpm-5.6.19-1.mga5
php-ftp-5.6.19-1.mga5
php-gettext-5.6.19-1.mga5
php-hash-5.6.19-1.mga5
php-ini-5.6.19-1.mga5
php-json-5.6.19-1.mga5
php-openssl-5.6.19-1.mga5
php-posix-5.6.19-1.mga5
php-session-5.6.19-1.mga5
php-sysvsem-5.6.19-1.mga5
php-sysvshm-5.6.19-1.mga5
php-tokenizer-5.6.19-1.mga5
php-xml-5.6.19-1.mga5
php-xmlreader-5.6.19-1.mga5
php-xmlwriter-5.6.19-1.mga5
php-zlib-5.6.19-1.mga5
Package(s) Testing Upgrade:
urpmi {php-cli,php-ctype,php-dom,php-filter,php-fpm,php-ftp,php-gettext,php-hash,php-ini,php-json,php-openssl,php-posix,php-session,php-sysvsem,php-sysvshm,php-tokenizer,php-xml,php-xmlreader,php-xmlwriter,php-zlib}
rpm -qa | egrep '^php.*5\.6\.*'
php-zlib-5.6.20-1.mga5
php-hash-5.6.20-1.mga5
php-fpm-5.6.20-1.mga5
php-xmlwriter-5.6.20-1.mga5
php-gettext-5.6.20-1.mga5
php-xml-5.6.20-1.mga5
php-dom-5.6.20-1.mga5
php-ctype-5.6.20-1.mga5
php-ini-5.6.20-1.mga5
php-ftp-5.6.20-1.mga5
php-posix-5.6.20-1.mga5
php-filter-5.6.20-1.mga5
php-openssl-5.6.20-1.mga5
php-sysvsem-5.6.20-1.mga5
php-cli-5.6.20-1.mga5
php-json-5.6.20-1.mga5
php-session-5.6.20-1.mga5
php-xmlreader-5.6.20-1.mga5
php-sysvshm-5.6.20-1.mga5
php-tokenizer-5.6.20-1.mga5
Kernal Version:
4.1.15-desktop-2.mga5 x86_64
Hardware Information:
product: Standard PC (i440FX + PIIX, 1996)
vendor: QEMUCC:
(none) =>
dpremy Tested phpmyadmin and a short proof-of-concept CLI PHP program - seems to work fine on a mageia v5 32-bit i586 VM. Marking as MGA5-32-OK. Whiteboard:
MGA5-64-OK advisory =>
MGA5-64-OK MGA5-32-OK advisory Linux localhost 4.4.6-desktop586-1.mga5 #1 SMP Wed Mar 16 20:11:36 UTC 2016 i686 i686 i686 GNU/Linux installed php 5.6.20 - installed properly phpinfo Apache/2.4.10 (Mageia) OpenSSL/1.0.2g PHP/5.6.20 mod_perl/2.0.8-dev Perl/v5.20.1 seems to be working fine to me, I did not try any detailed file manipulation code. CC:
(none) =>
brtians1
David Walser
2016-04-04 23:33:11 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/682390/ Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0131.html Status:
NEW =>
RESOLVED CVE request: http://openwall.com/lists/oss-security/2016/04/11/7 CVEs have been assigned: http://openwall.com/lists/oss-security/2016/04/24/1 - CVE-2015-8865 - CVE-2016-4070 - CVE-2016-4071 - CVE-2016-4072 - CVE-2016-4073 - CVE-2016-8866 - CVE-2016-8867 |