| Summary: | PHP 5.6.23 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, lewyssmith, lists.jjorge, makowski.mageia, marja11, oe, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/692867/ | ||
| Whiteboard: | MGA5-32-OK MGA5-64-OK advisory | ||
| Source RPM: | php-5.6.22-1.mga5, libgd | CVE: | |
| Status comment: | |||
| Bug Depends on: | 18805 | ||
| Bug Blocks: | |||
|
Description
David Walser
2016-06-22 20:22:29 CEST
(In reply to David Walser from comment #0) > PHP 5.6.23 has been tagged in git and the tarball should be available > shortly. > > Here's the NEWS file: > http://git.php.net/?p=php-src.git;a=blob;f=NEWS; > h=61ea56c65dc05a58f4e3723668c337b286a4bebc;hb=refs/heads/PHP-5.6.23 > > It looks like the gd fixes haven't made their way into libgd's git yet, but > it sounds like they should shortly and libgd 2.2.2 with the fixes should > also be available soon, according to a comment in this PHP bug: > https://bugs.php.net/bug.php?id=72446 > > So, we should update php and libgd together once they're available. Assigning to all packagers collectively, since there is no maintainer for php. @ Oden, I'm CC'ing you for libgd, *not* because I want to annoy you, but *only* because you're registered as its maintainer. Wouldn't you have released the packages you maintain if you don't want to get messages about them? CC:
(none) =>
makowski.mageia, marja11, oe CVE assignments: http://openwall.com/lists/oss-security/2016/06/23/4
David Walser
2016-06-28 00:21:18 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/692867/
David Walser
2016-06-28 00:54:48 CEST
Depends on:
(none) =>
18805 libgd update in Bug 18805. Advisory: ======================== Updated php packages fix security vulnerabilities: php-mbstring _php_mb_regex_ereg_replace_exec() - double free (CVE-2016-5768). php-mcrypt heap Overflow due to integer overflows (CVE-2016-5769). php-SPL int/size_t confusion in SplFileObject::fread (CVE-2016-5770). php-SPL Use After Free Vulnerability in PHP's GC algorithm and unserialize (CVE-2016-5771). php-WDDX Double Free Courruption in wddx_deserialize (CVE-2016-5772). php-zip ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize (CVE-2016-5773). The php package has been updated to version 5.6.23, fixing these issues and several other bugs. See the upstream ChangeLog for details. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773 http://php.net/ChangeLog-5.php#5.6.23 ======================== Updated packages in core/updates_testing: ======================== php-ini-5.6.23-1.mga5 apache-mod_php-5.6.23-1.mga5 php-cli-5.6.23-1.mga5 php-cgi-5.6.23-1.mga5 libphp5_common5-5.6.23-1.mga5 php-devel-5.6.23-1.mga5 php-openssl-5.6.23-1.mga5 php-zlib-5.6.23-1.mga5 php-doc-5.6.23-1.mga5 php-bcmath-5.6.23-1.mga5 php-bz2-5.6.23-1.mga5 php-calendar-5.6.23-1.mga5 php-ctype-5.6.23-1.mga5 php-curl-5.6.23-1.mga5 php-dba-5.6.23-1.mga5 php-dom-5.6.23-1.mga5 php-enchant-5.6.23-1.mga5 php-exif-5.6.23-1.mga5 php-fileinfo-5.6.23-1.mga5 php-filter-5.6.23-1.mga5 php-ftp-5.6.23-1.mga5 php-gd-5.6.23-1.mga5 php-gettext-5.6.23-1.mga5 php-gmp-5.6.23-1.mga5 php-hash-5.6.23-1.mga5 php-iconv-5.6.23-1.mga5 php-imap-5.6.23-1.mga5 php-interbase-5.6.23-1.mga5 php-intl-5.6.23-1.mga5 php-json-5.6.23-1.mga5 php-ldap-5.6.23-1.mga5 php-mbstring-5.6.23-1.mga5 php-mcrypt-5.6.23-1.mga5 php-mssql-5.6.23-1.mga5 php-mysql-5.6.23-1.mga5 php-mysqli-5.6.23-1.mga5 php-mysqlnd-5.6.23-1.mga5 php-odbc-5.6.23-1.mga5 php-opcache-5.6.23-1.mga5 php-pcntl-5.6.23-1.mga5 php-pdo-5.6.23-1.mga5 php-pdo_dblib-5.6.23-1.mga5 php-pdo_firebird-5.6.23-1.mga5 php-pdo_mysql-5.6.23-1.mga5 php-pdo_odbc-5.6.23-1.mga5 php-pdo_pgsql-5.6.23-1.mga5 php-pdo_sqlite-5.6.23-1.mga5 php-pgsql-5.6.23-1.mga5 php-phar-5.6.23-1.mga5 php-posix-5.6.23-1.mga5 php-readline-5.6.23-1.mga5 php-recode-5.6.23-1.mga5 php-session-5.6.23-1.mga5 php-shmop-5.6.23-1.mga5 php-snmp-5.6.23-1.mga5 php-soap-5.6.23-1.mga5 php-sockets-5.6.23-1.mga5 php-sqlite3-5.6.23-1.mga5 php-sybase_ct-5.6.23-1.mga5 php-sysvmsg-5.6.23-1.mga5 php-sysvsem-5.6.23-1.mga5 php-sysvshm-5.6.23-1.mga5 php-tidy-5.6.23-1.mga5 php-tokenizer-5.6.23-1.mga5 php-xml-5.6.23-1.mga5 php-xmlreader-5.6.23-1.mga5 php-xmlrpc-5.6.23-1.mga5 php-xmlwriter-5.6.23-1.mga5 php-xsl-5.6.23-1.mga5 php-wddx-5.6.23-1.mga5 php-zip-5.6.23-1.mga5 php-fpm-5.6.23-1.mga5 phpdbg-5.6.23-1.mga5 from php-5.6.23-1.mga5.src.rpm Assignee:
pkg-bugs =>
qa-bugs Tested with my X86_64 dev platform : kdevelop + xdebug. All is Ok. Status:
NEW =>
ASSIGNED Working fine with my normal battery of tests on Mageia 5 i586. Whiteboard:
MGA5-64-OK =>
MGA5-32-OK MGA5-64-OK Thanks to José & David for rapid tests, validating this update. Keywords:
(none) =>
validated_update
Dave Hodgins
2016-07-04 09:10:23 CEST
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0238.html Status:
ASSIGNED =>
RESOLVED |