Bug 22843

Summary: PHP 5.6.35
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia, sysadmin-bugs, tarazed25
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK
Source RPM: php-5.6.34-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2018-03-31 17:47:28 CEST 
Upstream has released PHP 5.6.35 on March 29:
http://us3.php.net/archive/2018.php#id2018-03-29-3

It fixes one security issue:
http://www.php.net/ChangeLog-5.php#5.6.35

Advisory:
========================

Updated php packages fix security vulnerability:

Dumpable FPM child processes allow bypassing opcache access controls
(php#75605).

References:
http://php.net/ChangeLog-5.php#5.6.35
========================

Updated packages in core/updates_testing:
========================
php-ini-5.6.35-1.mga5
apache-mod_php-5.6.35-1.mga5
php-cli-5.6.35-1.mga5
php-cgi-5.6.35-1.mga5
lib64php5_common5-5.6.35-1.mga5
php-devel-5.6.35-1.mga5
php-openssl-5.6.35-1.mga5
php-zlib-5.6.35-1.mga5
php-doc-5.6.35-1.mga5
php-bcmath-5.6.35-1.mga5
php-bz2-5.6.35-1.mga5
php-calendar-5.6.35-1.mga5
php-ctype-5.6.35-1.mga5
php-curl-5.6.35-1.mga5
php-dba-5.6.35-1.mga5
php-dom-5.6.35-1.mga5
php-enchant-5.6.35-1.mga5
php-exif-5.6.35-1.mga5
php-fileinfo-5.6.35-1.mga5
php-filter-5.6.35-1.mga5
php-ftp-5.6.35-1.mga5
php-gd-5.6.35-1.mga5
php-gettext-5.6.35-1.mga5
php-gmp-5.6.35-1.mga5
php-hash-5.6.35-1.mga5
php-iconv-5.6.35-1.mga5
php-imap-5.6.35-1.mga5
php-interbase-5.6.35-1.mga5
php-intl-5.6.35-1.mga5
php-json-5.6.35-1.mga5
php-ldap-5.6.35-1.mga5
php-mbstring-5.6.35-1.mga5
php-mcrypt-5.6.35-1.mga5
php-mssql-5.6.35-1.mga5
php-mysql-5.6.35-1.mga5
php-mysqli-5.6.35-1.mga5
php-mysqlnd-5.6.35-1.mga5
php-odbc-5.6.35-1.mga5
php-opcache-5.6.35-1.mga5
php-pcntl-5.6.35-1.mga5
php-pdo-5.6.35-1.mga5
php-pdo_dblib-5.6.35-1.mga5
php-pdo_firebird-5.6.35-1.mga5
php-pdo_mysql-5.6.35-1.mga5
php-pdo_odbc-5.6.35-1.mga5
php-pdo_pgsql-5.6.35-1.mga5
php-pdo_sqlite-5.6.35-1.mga5
php-pgsql-5.6.35-1.mga5
php-phar-5.6.35-1.mga5
php-posix-5.6.35-1.mga5
php-readline-5.6.35-1.mga5
php-recode-5.6.35-1.mga5
php-session-5.6.35-1.mga5
php-shmop-5.6.35-1.mga5
php-snmp-5.6.35-1.mga5
php-soap-5.6.35-1.mga5
php-sockets-5.6.35-1.mga5
php-sqlite3-5.6.35-1.mga5
php-sybase_ct-5.6.35-1.mga5
php-sysvmsg-5.6.35-1.mga5
php-sysvsem-5.6.35-1.mga5
php-sysvshm-5.6.35-1.mga5
php-tidy-5.6.35-1.mga5
php-tokenizer-5.6.35-1.mga5
php-xml-5.6.35-1.mga5
php-xmlreader-5.6.35-1.mga5
php-xmlrpc-5.6.35-1.mga5
php-xmlwriter-5.6.35-1.mga5
php-xsl-5.6.35-1.mga5
php-wddx-5.6.35-1.mga5
php-zip-5.6.35-1.mga5
php-fpm-5.6.35-1.mga5
phpdbg-5.6.35-1.mga5
php-ini-5.6.35-1.mga6
apache-mod_php-5.6.35-1.mga6
php-cli-5.6.35-1.mga6
php-cgi-5.6.35-1.mga6
lib64php5_common5-5.6.35-1.mga6
php-devel-5.6.35-1.mga6
php-openssl-5.6.35-1.mga6
php-zlib-5.6.35-1.mga6
php-doc-5.6.35-1.mga6
php-bcmath-5.6.35-1.mga6
php-bz2-5.6.35-1.mga6
php-calendar-5.6.35-1.mga6
php-ctype-5.6.35-1.mga6
php-curl-5.6.35-1.mga6
php-dba-5.6.35-1.mga6
php-dom-5.6.35-1.mga6
php-enchant-5.6.35-1.mga6
php-exif-5.6.35-1.mga6
php-fileinfo-5.6.35-1.mga6
php-filter-5.6.35-1.mga6
php-ftp-5.6.35-1.mga6
php-gd-5.6.35-1.mga6
php-gettext-5.6.35-1.mga6
php-gmp-5.6.35-1.mga6
php-hash-5.6.35-1.mga6
php-iconv-5.6.35-1.mga6
php-imap-5.6.35-1.mga6
php-interbase-5.6.35-1.mga6
php-intl-5.6.35-1.mga6
php-json-5.6.35-1.mga6
php-ldap-5.6.35-1.mga6
php-mbstring-5.6.35-1.mga6
php-mcrypt-5.6.35-1.mga6
php-mssql-5.6.35-1.mga6
php-mysql-5.6.35-1.mga6
php-mysqli-5.6.35-1.mga6
php-mysqlnd-5.6.35-1.mga6
php-odbc-5.6.35-1.mga6
php-opcache-5.6.35-1.mga6
php-pcntl-5.6.35-1.mga6
php-pdo-5.6.35-1.mga6
php-pdo_dblib-5.6.35-1.mga6
php-pdo_firebird-5.6.35-1.mga6
php-pdo_mysql-5.6.35-1.mga6
php-pdo_odbc-5.6.35-1.mga6
php-pdo_pgsql-5.6.35-1.mga6
php-pdo_sqlite-5.6.35-1.mga6
php-pgsql-5.6.35-1.mga6
php-phar-5.6.35-1.mga6
php-posix-5.6.35-1.mga6
php-readline-5.6.35-1.mga6
php-recode-5.6.35-1.mga6
php-session-5.6.35-1.mga6
php-shmop-5.6.35-1.mga6
php-snmp-5.6.35-1.mga6
php-soap-5.6.35-1.mga6
php-sockets-5.6.35-1.mga6
php-sqlite3-5.6.35-1.mga6
php-sybase_ct-5.6.35-1.mga6
php-sysvmsg-5.6.35-1.mga6
php-sysvsem-5.6.35-1.mga6
php-sysvshm-5.6.35-1.mga6
php-tidy-5.6.35-1.mga6
php-tokenizer-5.6.35-1.mga6
php-xml-5.6.35-1.mga6
php-xmlreader-5.6.35-1.mga6
php-xmlrpc-5.6.35-1.mga6
php-xmlwriter-5.6.35-1.mga6
php-xsl-5.6.35-1.mga6
php-wddx-5.6.35-1.mga6
php-zip-5.6.35-1.mga6
php-fpm-5.6.35-1.mga6
phpdbg-5.6.35-1.mga6

from SRPMS:
php-5.6.35-1.mga5.src.rpm
php-5.6.35-1.mga6.src.rpm
David Walser 2018-03-31 17:47:36 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 PC LX 2018-04-01 00:28:09 CEST 
Installed and tested without issues.

Tested using several small and large scripts (e.g. wordpress, drupal, custom scripts).

System: Mageia 6, x86_64, Intel CPU.

$ uname -a
Linux marte 4.14.30-desktop-3.mga6 #1 SMP Sun Mar 25 22:17:31 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep php | sort                                                                                                                                                      
apache-mod_php-5.6.35-1.mga6                                                                                                                                                                 
lib64php5_common5-5.6.35-1.mga6
php-cli-5.6.35-1.mga6
php-ctype-5.6.35-1.mga6
php-curl-5.6.35-1.mga6
php-dom-5.6.35-1.mga6
php-filter-5.6.35-1.mga6
php-ftp-5.6.35-1.mga6
php-gd-5.6.35-1.mga6
php-gettext-5.6.35-1.mga6
php-hash-5.6.35-1.mga6
php-ini-5.6.35-1.mga6
php-intl-5.6.35-1.mga6
php-json-5.6.35-1.mga6
php-mbstring-5.6.35-1.mga6
php-memcached-2.2.0-2.mga6
php-mysqli-5.6.35-1.mga6
php-mysqlnd-5.6.35-1.mga6
php-openssl-5.6.35-1.mga6
php-pdo-5.6.35-1.mga6
php-pdo_mysql-5.6.35-1.mga6
php-pdo_pgsql-5.6.35-1.mga6
php-pdo_sqlite-5.6.35-1.mga6
php-phpmailer-5.2.24-1.1.mga6
php-posix-5.6.35-1.mga6
php-session-5.6.35-1.mga6
php-suhosin-0.9.38-1.mga6
php-sysvsem-5.6.35-1.mga6
php-sysvshm-5.6.35-1.mga6
php-timezonedb-2017.2-1.mga6
php-tokenizer-5.6.35-1.mga6
php-xdebug-2.4.0-1.mga6
php-xml-5.6.35-1.mga6
php-xmlreader-5.6.35-1.mga6
php-xmlwriter-5.6.35-1.mga6
php-zlib-5.6.35-1.mga6

CC: (none) => mageia

Comment 2 Len Lawrence 2018-04-02 12:51:48 CEST 
Mageia 5 :: x86_64

It is a fairly complex process to demonstrate this bug so we shall not attempt it.  Installed all packages and then updated them all.

Some basic tests:

$ php -r 'phpinfo();'
<lots of information about the PHP installation>

$ php -S localhost:8000 -t php
PHP 5.6.35 Development Server started at Mon Apr  2 11:30:11 2018
Listening on http://localhost:8000
Document root is /home/lcl/dev/php
Press Ctrl-C to quit.

With the php server running localhost:8000 in a browser shows a page with "It works!" and localhost:8000/sample.php shows a message from the sample script.

localhost:8000/create-png.php
This displays a page containing a blue square on a black background.

I do not have anything more complex with which to test php so am passing it as OK for 64-bits and also adding the OK for mga6 based on comment 1.

Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK MGA6-64-OK
CC: (none) => tarazed25

Comment 3 Lewis Smith 2018-04-03 11:33:50 CEST 
Thanks PC_LX & Len. Advisory from c0, no CVE yet. Validating.

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2018-04-03 20:49:12 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0191.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED