+++ This bug was initially created as a clone of Bug #13460 +++ Upstream has released versions 5.4.29 and 5.5.12 on May 29: http://www.php.net/archive/2014.php#id2014-05-29-5 http://www.php.net/archive/2014.php#id2014-05-29-3 As with other recent PHP CVEs, these were issues in fileinfo, so the file package may also be affected. Reproducible: Steps to Reproduce:
Let's use this bug for the PHP update.
Depends on: 13460 => (none)Assignee: bugsquad => oeWhiteboard: (none) => MGA3TOO
Updated packages uploaded for Mageia 3 and Mageia 4. Advisory: ======================== Updated php packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237). A flaw was found in the way file parsed property information from Composite Document Files (CDF) files. A property entry with 0 elements triggers an infinite loop (CVE-2014-0238). PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to this issue. It has been updated to versions 5.4.29 and 5.5.13, which fix this issue and several other bugs. Additionally, php-apc has been rebuilt against the updated php packages. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238 http://www.php.net/ChangeLog-5.php#5.4.29 http://www.php.net/ChangeLog-5.php#5.5.13 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0237 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0238 ======================== Updated packages in core/updates_testing: ======================== php-ini-5.4.29-1.mga3 apache-mod_php-5.4.29-1.mga3 php-cli-5.4.29-1.mga3 php-cgi-5.4.29-1.mga3 libphp5_common5-5.4.29-1.mga3 php-devel-5.4.29-1.mga3 php-openssl-5.4.29-1.mga3 php-zlib-5.4.29-1.mga3 php-doc-5.4.29-1.mga3 php-bcmath-5.4.29-1.mga3 php-bz2-5.4.29-1.mga3 php-calendar-5.4.29-1.mga3 php-ctype-5.4.29-1.mga3 php-curl-5.4.29-1.mga3 php-dba-5.4.29-1.mga3 php-dom-5.4.29-1.mga3 php-enchant-5.4.29-1.mga3 php-exif-5.4.29-1.mga3 php-fileinfo-5.4.29-1.mga3 php-filter-5.4.29-1.mga3 php-ftp-5.4.29-1.mga3 php-gd-5.4.29-1.mga3 php-gettext-5.4.29-1.mga3 php-gmp-5.4.29-1.mga3 php-hash-5.4.29-1.mga3 php-iconv-5.4.29-1.mga3 php-imap-5.4.29-1.mga3 php-interbase-5.4.29-1.mga3 php-intl-5.4.29-1.mga3 php-json-5.4.29-1.mga3 php-ldap-5.4.29-1.mga3 php-mbstring-5.4.29-1.mga3 php-mcrypt-5.4.29-1.mga3 php-mssql-5.4.29-1.mga3 php-mysql-5.4.29-1.mga3 php-mysqli-5.4.29-1.mga3 php-mysqlnd-5.4.29-1.mga3 php-odbc-5.4.29-1.mga3 php-pcntl-5.4.29-1.mga3 php-pdo-5.4.29-1.mga3 php-pdo_dblib-5.4.29-1.mga3 php-pdo_firebird-5.4.29-1.mga3 php-pdo_mysql-5.4.29-1.mga3 php-pdo_odbc-5.4.29-1.mga3 php-pdo_pgsql-5.4.29-1.mga3 php-pdo_sqlite-5.4.29-1.mga3 php-pgsql-5.4.29-1.mga3 php-phar-5.4.29-1.mga3 php-posix-5.4.29-1.mga3 php-readline-5.4.29-1.mga3 php-recode-5.4.29-1.mga3 php-session-5.4.29-1.mga3 php-shmop-5.4.29-1.mga3 php-snmp-5.4.29-1.mga3 php-soap-5.4.29-1.mga3 php-sockets-5.4.29-1.mga3 php-sqlite3-5.4.29-1.mga3 php-sybase_ct-5.4.29-1.mga3 php-sysvmsg-5.4.29-1.mga3 php-sysvsem-5.4.29-1.mga3 php-sysvshm-5.4.29-1.mga3 php-tidy-5.4.29-1.mga3 php-tokenizer-5.4.29-1.mga3 php-xml-5.4.29-1.mga3 php-xmlreader-5.4.29-1.mga3 php-xmlrpc-5.4.29-1.mga3 php-xmlwriter-5.4.29-1.mga3 php-xsl-5.4.29-1.mga3 php-wddx-5.4.29-1.mga3 php-zip-5.4.29-1.mga3 php-fpm-5.4.29-1.mga3 php-apc-3.1.14-7.7.mga3 php-apc-admin-3.1.14-7.7.mga3 php-timezonedb-2014.2-1.mga3 php-gd-bundled-5.4.29-1.mga3 php-ini-5.5.13-1.mga4 apache-mod_php-5.5.13-1.mga4 php-cli-5.5.13-1.mga4 php-cgi-5.5.13-1.mga4 libphp5_common5-5.5.13-1.mga4 php-devel-5.5.13-1.mga4 php-openssl-5.5.13-1.mga4 php-zlib-5.5.13-1.mga4 php-doc-5.5.13-1.mga4 php-bcmath-5.5.13-1.mga4 php-bz2-5.5.13-1.mga4 php-calendar-5.5.13-1.mga4 php-ctype-5.5.13-1.mga4 php-curl-5.5.13-1.mga4 php-dba-5.5.13-1.mga4 php-dom-5.5.13-1.mga4 php-enchant-5.5.13-1.mga4 php-exif-5.5.13-1.mga4 php-fileinfo-5.5.13-1.mga4 php-filter-5.5.13-1.mga4 php-ftp-5.5.13-1.mga4 php-gd-5.5.13-1.mga4 php-gettext-5.5.13-1.mga4 php-gmp-5.5.13-1.mga4 php-hash-5.5.13-1.mga4 php-iconv-5.5.13-1.mga4 php-imap-5.5.13-1.mga4 php-interbase-5.5.13-1.mga4 php-intl-5.5.13-1.mga4 php-json-5.5.13-1.mga4 php-ldap-5.5.13-1.mga4 php-mbstring-5.5.13-1.mga4 php-mcrypt-5.5.13-1.mga4 php-mssql-5.5.13-1.mga4 php-mysql-5.5.13-1.mga4 php-mysqli-5.5.13-1.mga4 php-mysqlnd-5.5.13-1.mga4 php-odbc-5.5.13-1.mga4 php-opcache-5.5.13-1.mga4 php-pcntl-5.5.13-1.mga4 php-pdo-5.5.13-1.mga4 php-pdo_dblib-5.5.13-1.mga4 php-pdo_firebird-5.5.13-1.mga4 php-pdo_mysql-5.5.13-1.mga4 php-pdo_odbc-5.5.13-1.mga4 php-pdo_pgsql-5.5.13-1.mga4 php-pdo_sqlite-5.5.13-1.mga4 php-pgsql-5.5.13-1.mga4 php-phar-5.5.13-1.mga4 php-posix-5.5.13-1.mga4 php-readline-5.5.13-1.mga4 php-recode-5.5.13-1.mga4 php-session-5.5.13-1.mga4 php-shmop-5.5.13-1.mga4 php-snmp-5.5.13-1.mga4 php-soap-5.5.13-1.mga4 php-sockets-5.5.13-1.mga4 php-sqlite3-5.5.13-1.mga4 php-sybase_ct-5.5.13-1.mga4 php-sysvmsg-5.5.13-1.mga4 php-sysvsem-5.5.13-1.mga4 php-sysvshm-5.5.13-1.mga4 php-tidy-5.5.13-1.mga4 php-tokenizer-5.5.13-1.mga4 php-xml-5.5.13-1.mga4 php-xmlreader-5.5.13-1.mga4 php-xmlrpc-5.5.13-1.mga4 php-xmlwriter-5.5.13-1.mga4 php-xsl-5.5.13-1.mga4 php-wddx-5.5.13-1.mga4 php-zip-5.5.13-1.mga4 php-fpm-5.5.13-1.mga4 php-apc-3.1.15-4.2.mga4 php-apc-admin-3.1.15-4.2.mga4 php-timezonedb-2014.2-1.mga4 from SRPMS: php-5.4.29-1.mga3.src.rpm php-apc-3.1.14-7.9.mga3.src.rpm php-gd-bundled-5.4.29-1.mga3.src.rpm php-5.5.13-1.mga4.src.rpm php-apc-3.1.15-4.4.mga4.src.rpm
CC: (none) => oeAssignee: oe => qa-bugs
Testing complete mga4 64 Testing with the new wordpress in updates testing, http://localhost/php-apc, owncloud and the snippet below (which uses the libmagic function built into php) saved to snippet.php and run with 'php snippet.php' $ cat snippet.php <?php $finfo = finfo_open(FILEINFO_MIME_TYPE); // return mime type ala mimetype extension foreach (glob("*") as $filename) { echo $filename . " " . finfo_file($finfo, $filename) . "\n"; } finfo_close($finfo); ?> It should show file information for all files in the current directory.
Whiteboard: MGA3TOO => MGA3TOO has_procedure mga4-64-ok
Testing mga3 32 php-fileinfo doesn't appear to be working, or perhaps uses a different syntax in the older php version. I don't have time to debug it at the moment, I'm on my way out. Tried restarting httpd and checked /etc/php.d/32_fileinfo.ini which has.. extension = fileinfo.so # php -n snippet.php Fatal error: Call to undefined function finfo_open() in /root/snippet.php on line 2
php -i | grep fileinfo shows.. fileinfo fileinfo support => enabled so may be different syntax, but I can't check until later.
Testing complete mga3 32 This is working today for some reason. It showed no output yesterday but the machine has been rebooted since. $ php snippet.php song.mp3 audio/mpeg picture.png image/png ...etc php -n snippet.php shows an error but checking what it actually does, now I have time, shows I was both rushing and acting on bad info. It tells php to use no php.ini file which is obviously a bad idea. I suspect I hadn't tried php without -n after restarting httpd but will confirm with mga3 64 next..
Whiteboard: MGA3TOO has_procedure mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga4-64-ok
Testing complete mga3 64 No issues.
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok
Testing complete mga4 32
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0258.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED