PHP 5.5.15 has been released today (July 24): http://php.net/ChangeLog-5.php#5.5.15 It fixes two security issues in SPL (one CVE is in the bug report, the other is posted on the ChangeLog). No word yet on whether 5.4.x is affected (both bugs reported for 5.5.14). I'm not aware of CVEs for any other bugs fixed in 5.5.14. Reproducible: Steps to Reproduce:
PHP 5.4.31 has been released: http://php.net/ChangeLog-5.php#5.4.31 It doesn't list those two bugs. However, OpenSuSE has issued an advisory for this on July 30: http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html Their update is for PHP 5.3.x and 5.4.x, so perhaps they have patches.
URL: (none) => http://lwn.net/Vulnerabilities/607287/Whiteboard: (none) => MGA3TOO
php-5.4.31-1.1.mga3 fixes CVE-2014-4698 and CVE-2014-4670 as well.
Updated and patched packages uploaded by Oden. Thanks Oden! There is some discussion of these security issues in RedHat's Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4670 So it sounds like this is a low-priority update at this point in time. Advisory: ======================== Updated php packages fix security vulnerabilities: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (CVE-2014-4698). Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (CVE-2014-4670). The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for Mageia 4, and additional patches have been added to 5.4.31, fixing these issues and several other bugs. Also, php-apc has been rebuilt against the updated PHP versions and the php-timezonedb package has been updated to the latest version, 2014.5. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670 http://php.net/ChangeLog-5.php#5.4.31 http://php.net/ChangeLog-5.php#5.5.15 http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html ======================== Updated packages in core/updates_testing: ======================== php-ini-5.4.31-1.1.mga3 apache-mod_php-5.4.31-1.1.mga3 php-cli-5.4.31-1.1.mga3 php-cgi-5.4.31-1.1.mga3 libphp5_common5-5.4.31-1.1.mga3 php-devel-5.4.31-1.1.mga3 php-openssl-5.4.31-1.1.mga3 php-zlib-5.4.31-1.1.mga3 php-doc-5.4.31-1.1.mga3 php-bcmath-5.4.31-1.1.mga3 php-bz2-5.4.31-1.1.mga3 php-calendar-5.4.31-1.1.mga3 php-ctype-5.4.31-1.1.mga3 php-curl-5.4.31-1.1.mga3 php-dba-5.4.31-1.1.mga3 php-dom-5.4.31-1.1.mga3 php-enchant-5.4.31-1.1.mga3 php-exif-5.4.31-1.1.mga3 php-fileinfo-5.4.31-1.1.mga3 php-filter-5.4.31-1.1.mga3 php-ftp-5.4.31-1.1.mga3 php-gd-5.4.31-1.1.mga3 php-gettext-5.4.31-1.1.mga3 php-gmp-5.4.31-1.1.mga3 php-hash-5.4.31-1.1.mga3 php-iconv-5.4.31-1.1.mga3 php-imap-5.4.31-1.1.mga3 php-interbase-5.4.31-1.1.mga3 php-intl-5.4.31-1.1.mga3 php-json-5.4.31-1.1.mga3 php-ldap-5.4.31-1.1.mga3 php-mbstring-5.4.31-1.1.mga3 php-mcrypt-5.4.31-1.1.mga3 php-mssql-5.4.31-1.1.mga3 php-mysql-5.4.31-1.1.mga3 php-mysqli-5.4.31-1.1.mga3 php-mysqlnd-5.4.31-1.1.mga3 php-odbc-5.4.31-1.1.mga3 php-pcntl-5.4.31-1.1.mga3 php-pdo-5.4.31-1.1.mga3 php-pdo_dblib-5.4.31-1.1.mga3 php-pdo_firebird-5.4.31-1.1.mga3 php-pdo_mysql-5.4.31-1.1.mga3 php-pdo_odbc-5.4.31-1.1.mga3 php-pdo_pgsql-5.4.31-1.1.mga3 php-pdo_sqlite-5.4.31-1.1.mga3 php-pgsql-5.4.31-1.1.mga3 php-phar-5.4.31-1.1.mga3 php-posix-5.4.31-1.1.mga3 php-readline-5.4.31-1.1.mga3 php-recode-5.4.31-1.1.mga3 php-session-5.4.31-1.1.mga3 php-shmop-5.4.31-1.1.mga3 php-snmp-5.4.31-1.1.mga3 php-soap-5.4.31-1.1.mga3 php-sockets-5.4.31-1.1.mga3 php-sqlite3-5.4.31-1.1.mga3 php-sybase_ct-5.4.31-1.1.mga3 php-sysvmsg-5.4.31-1.1.mga3 php-sysvsem-5.4.31-1.1.mga3 php-sysvshm-5.4.31-1.1.mga3 php-tidy-5.4.31-1.1.mga3 php-tokenizer-5.4.31-1.1.mga3 php-xml-5.4.31-1.1.mga3 php-xmlreader-5.4.31-1.1.mga3 php-xmlrpc-5.4.31-1.1.mga3 php-xmlwriter-5.4.31-1.1.mga3 php-xsl-5.4.31-1.1.mga3 php-wddx-5.4.31-1.1.mga3 php-zip-5.4.31-1.1.mga3 php-fpm-5.4.31-1.1.mga3 php-apc-3.1.14-7.11.mga3 php-apc-admin-3.1.14-7.11.mga3 php-gd-bundled-5.4.31-1.mga3 php-timezonedb-2014.5-1.mga3 php-ini-5.5.15-1.mga4 apache-mod_php-5.5.15-1.mga4 php-cli-5.5.15-1.mga4 php-cgi-5.5.15-1.mga4 libphp5_common5-5.5.15-1.mga4 php-devel-5.5.15-1.mga4 php-openssl-5.5.15-1.mga4 php-zlib-5.5.15-1.mga4 php-doc-5.5.15-1.mga4 php-bcmath-5.5.15-1.mga4 php-bz2-5.5.15-1.mga4 php-calendar-5.5.15-1.mga4 php-ctype-5.5.15-1.mga4 php-curl-5.5.15-1.mga4 php-dba-5.5.15-1.mga4 php-dom-5.5.15-1.mga4 php-enchant-5.5.15-1.mga4 php-exif-5.5.15-1.mga4 php-fileinfo-5.5.15-1.mga4 php-filter-5.5.15-1.mga4 php-ftp-5.5.15-1.mga4 php-gd-5.5.15-1.mga4 php-gettext-5.5.15-1.mga4 php-gmp-5.5.15-1.mga4 php-hash-5.5.15-1.mga4 php-iconv-5.5.15-1.mga4 php-imap-5.5.15-1.mga4 php-interbase-5.5.15-1.mga4 php-intl-5.5.15-1.mga4 php-json-5.5.15-1.mga4 php-ldap-5.5.15-1.mga4 php-mbstring-5.5.15-1.mga4 php-mcrypt-5.5.15-1.mga4 php-mssql-5.5.15-1.mga4 php-mysql-5.5.15-1.mga4 php-mysqli-5.5.15-1.mga4 php-mysqlnd-5.5.15-1.mga4 php-odbc-5.5.15-1.mga4 php-opcache-5.5.15-1.mga4 php-pcntl-5.5.15-1.mga4 php-pdo-5.5.15-1.mga4 php-pdo_dblib-5.5.15-1.mga4 php-pdo_firebird-5.5.15-1.mga4 php-pdo_mysql-5.5.15-1.mga4 php-pdo_odbc-5.5.15-1.mga4 php-pdo_pgsql-5.5.15-1.mga4 php-pdo_sqlite-5.5.15-1.mga4 php-pgsql-5.5.15-1.mga4 php-phar-5.5.15-1.mga4 php-posix-5.5.15-1.mga4 php-readline-5.5.15-1.mga4 php-recode-5.5.15-1.mga4 php-session-5.5.15-1.mga4 php-shmop-5.5.15-1.mga4 php-snmp-5.5.15-1.mga4 php-soap-5.5.15-1.mga4 php-sockets-5.5.15-1.mga4 php-sqlite3-5.5.15-1.mga4 php-sybase_ct-5.5.15-1.mga4 php-sysvmsg-5.5.15-1.mga4 php-sysvsem-5.5.15-1.mga4 php-sysvshm-5.5.15-1.mga4 php-tidy-5.5.15-1.mga4 php-tokenizer-5.5.15-1.mga4 php-xml-5.5.15-1.mga4 php-xmlreader-5.5.15-1.mga4 php-xmlrpc-5.5.15-1.mga4 php-xmlwriter-5.5.15-1.mga4 php-xsl-5.5.15-1.mga4 php-wddx-5.5.15-1.mga4 php-zip-5.5.15-1.mga4 php-fpm-5.5.15-1.mga4 php-apc-3.1.15-4.6.mga4 php-apc-admin-3.1.15-4.6.mga4 php-timezonedb-2014.5-1.mga4 from SRPMS: php-5.4.31-1.1.mga3.src.rpm php-apc-3.1.14-7.11.mga3.src.rpm php-gd-bundled-5.4.31-1.mga3.src.rpm php-timezonedb-2014.5-1.mga3.src.rpm php-5.5.15-1.mga4.src.rpm php-apc-3.1.15-4.6.mga4.src.rpm php-timezonedb-2014.5-1.mga4.src.rpm
CC: (none) => oeAssignee: oe => qa-bugs
php-5.5.15-1.1.mga4 and php-5.4.31-1.2.mga3 also fixes CVE-2014-3538.
Thanks Oden! Advisory: ======================== Updated php packages fix security vulnerabilities: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (CVE-2014-4698). Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (CVE-2014-4670). file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for Mageia 4, and additional patches have been added to fix these issues and several other bugs. Also, php-apc has been rebuilt against the updated PHP versions and the php-timezonedb package has been updated to the latest version, 2014.5. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670 http://php.net/ChangeLog-5.php#5.4.31 http://php.net/ChangeLog-5.php#5.5.15 http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:146/ http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html ======================== Updated packages in core/updates_testing: ======================== php-ini-5.4.31-1.2.mga3 apache-mod_php-5.4.31-1.2.mga3 php-cli-5.4.31-1.2.mga3 php-cgi-5.4.31-1.2.mga3 libphp5_common5-5.4.31-1.2.mga3 php-devel-5.4.31-1.2.mga3 php-openssl-5.4.31-1.2.mga3 php-zlib-5.4.31-1.2.mga3 php-doc-5.4.31-1.2.mga3 php-bcmath-5.4.31-1.2.mga3 php-bz2-5.4.31-1.2.mga3 php-calendar-5.4.31-1.2.mga3 php-ctype-5.4.31-1.2.mga3 php-curl-5.4.31-1.2.mga3 php-dba-5.4.31-1.2.mga3 php-dom-5.4.31-1.2.mga3 php-enchant-5.4.31-1.2.mga3 php-exif-5.4.31-1.2.mga3 php-fileinfo-5.4.31-1.2.mga3 php-filter-5.4.31-1.2.mga3 php-ftp-5.4.31-1.2.mga3 php-gd-5.4.31-1.2.mga3 php-gettext-5.4.31-1.2.mga3 php-gmp-5.4.31-1.2.mga3 php-hash-5.4.31-1.2.mga3 php-iconv-5.4.31-1.2.mga3 php-imap-5.4.31-1.2.mga3 php-interbase-5.4.31-1.2.mga3 php-intl-5.4.31-1.2.mga3 php-json-5.4.31-1.2.mga3 php-ldap-5.4.31-1.2.mga3 php-mbstring-5.4.31-1.2.mga3 php-mcrypt-5.4.31-1.2.mga3 php-mssql-5.4.31-1.2.mga3 php-mysql-5.4.31-1.2.mga3 php-mysqli-5.4.31-1.2.mga3 php-mysqlnd-5.4.31-1.2.mga3 php-odbc-5.4.31-1.2.mga3 php-pcntl-5.4.31-1.2.mga3 php-pdo-5.4.31-1.2.mga3 php-pdo_dblib-5.4.31-1.2.mga3 php-pdo_firebird-5.4.31-1.2.mga3 php-pdo_mysql-5.4.31-1.2.mga3 php-pdo_odbc-5.4.31-1.2.mga3 php-pdo_pgsql-5.4.31-1.2.mga3 php-pdo_sqlite-5.4.31-1.2.mga3 php-pgsql-5.4.31-1.2.mga3 php-phar-5.4.31-1.2.mga3 php-posix-5.4.31-1.2.mga3 php-readline-5.4.31-1.2.mga3 php-recode-5.4.31-1.2.mga3 php-session-5.4.31-1.2.mga3 php-shmop-5.4.31-1.2.mga3 php-snmp-5.4.31-1.2.mga3 php-soap-5.4.31-1.2.mga3 php-sockets-5.4.31-1.2.mga3 php-sqlite3-5.4.31-1.2.mga3 php-sybase_ct-5.4.31-1.2.mga3 php-sysvmsg-5.4.31-1.2.mga3 php-sysvsem-5.4.31-1.2.mga3 php-sysvshm-5.4.31-1.2.mga3 php-tidy-5.4.31-1.2.mga3 php-tokenizer-5.4.31-1.2.mga3 php-xml-5.4.31-1.2.mga3 php-xmlreader-5.4.31-1.2.mga3 php-xmlrpc-5.4.31-1.2.mga3 php-xmlwriter-5.4.31-1.2.mga3 php-xsl-5.4.31-1.2.mga3 php-wddx-5.4.31-1.2.mga3 php-zip-5.4.31-1.2.mga3 php-fpm-5.4.31-1.2.mga3 php-apc-3.1.14-7.11.mga3 php-apc-admin-3.1.14-7.11.mga3 php-gd-bundled-5.4.31-1.mga3 php-timezonedb-2014.5-1.mga3 php-ini-5.5.15-1.1.mga4 apache-mod_php-5.5.15-1.1.mga4 php-cli-5.5.15-1.1.mga4 php-cgi-5.5.15-1.1.mga4 libphp5_common5-5.5.15-1.1.mga4 php-devel-5.5.15-1.1.mga4 php-openssl-5.5.15-1.1.mga4 php-zlib-5.5.15-1.1.mga4 php-doc-5.5.15-1.1.mga4 php-bcmath-5.5.15-1.1.mga4 php-bz2-5.5.15-1.1.mga4 php-calendar-5.5.15-1.1.mga4 php-ctype-5.5.15-1.1.mga4 php-curl-5.5.15-1.1.mga4 php-dba-5.5.15-1.1.mga4 php-dom-5.5.15-1.1.mga4 php-enchant-5.5.15-1.1.mga4 php-exif-5.5.15-1.1.mga4 php-fileinfo-5.5.15-1.1.mga4 php-filter-5.5.15-1.1.mga4 php-ftp-5.5.15-1.1.mga4 php-gd-5.5.15-1.1.mga4 php-gettext-5.5.15-1.1.mga4 php-gmp-5.5.15-1.1.mga4 php-hash-5.5.15-1.1.mga4 php-iconv-5.5.15-1.1.mga4 php-imap-5.5.15-1.1.mga4 php-interbase-5.5.15-1.1.mga4 php-intl-5.5.15-1.1.mga4 php-json-5.5.15-1.1.mga4 php-ldap-5.5.15-1.1.mga4 php-mbstring-5.5.15-1.1.mga4 php-mcrypt-5.5.15-1.1.mga4 php-mssql-5.5.15-1.1.mga4 php-mysql-5.5.15-1.1.mga4 php-mysqli-5.5.15-1.1.mga4 php-mysqlnd-5.5.15-1.1.mga4 php-odbc-5.5.15-1.1.mga4 php-opcache-5.5.15-1.1.mga4 php-pcntl-5.5.15-1.1.mga4 php-pdo-5.5.15-1.1.mga4 php-pdo_dblib-5.5.15-1.1.mga4 php-pdo_firebird-5.5.15-1.1.mga4 php-pdo_mysql-5.5.15-1.1.mga4 php-pdo_odbc-5.5.15-1.1.mga4 php-pdo_pgsql-5.5.15-1.1.mga4 php-pdo_sqlite-5.5.15-1.1.mga4 php-pgsql-5.5.15-1.1.mga4 php-phar-5.5.15-1.1.mga4 php-posix-5.5.15-1.1.mga4 php-readline-5.5.15-1.1.mga4 php-recode-5.5.15-1.1.mga4 php-session-5.5.15-1.1.mga4 php-shmop-5.5.15-1.1.mga4 php-snmp-5.5.15-1.1.mga4 php-soap-5.5.15-1.1.mga4 php-sockets-5.5.15-1.1.mga4 php-sqlite3-5.5.15-1.1.mga4 php-sybase_ct-5.5.15-1.1.mga4 php-sysvmsg-5.5.15-1.1.mga4 php-sysvsem-5.5.15-1.1.mga4 php-sysvshm-5.5.15-1.1.mga4 php-tidy-5.5.15-1.1.mga4 php-tokenizer-5.5.15-1.1.mga4 php-xml-5.5.15-1.1.mga4 php-xmlreader-5.5.15-1.1.mga4 php-xmlrpc-5.5.15-1.1.mga4 php-xmlwriter-5.5.15-1.1.mga4 php-xsl-5.5.15-1.1.mga4 php-wddx-5.5.15-1.1.mga4 php-zip-5.5.15-1.1.mga4 php-fpm-5.5.15-1.1.mga4 php-apc-3.1.15-4.6.mga4 php-apc-admin-3.1.15-4.6.mga4 php-timezonedb-2014.5-1.mga4 from SRPMS: php-5.4.31-1.2.mga3.src.rpm php-apc-3.1.14-7.11.mga3.src.rpm php-gd-bundled-5.4.31-1.mga3.src.rpm php-timezonedb-2014.5-1.mga3.src.rpm php-5.5.15-1.1.mga4.src.rpm php-apc-3.1.15-4.6.mga4.src.rpm php-timezonedb-2014.5-1.mga4.src.rpm
Severity: normal => major
Note: php-5.5.15-*.mga4 also updates jsonc to the 1.3.6 version http://pecl.php.net/package-changelog.php?package=jsonc&release=1.3.6
Mandriva has issued an advisory for this today (August 6): http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:149/ Now that we've added the additional patch for the file/libmagic issue, this raises the priority. This update is ready to test and go. Updating the advisory based on Oden's last comment. Advisory: ======================== Updated php packages fix security vulnerabilities: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (CVE-2014-4698). Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (CVE-2014-4670). file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for Mageia 4, and additional patches have been added to fix these issues and several other bugs. Also, php-apc has been rebuilt against the updated PHP versions and the php-timezonedb package has been updated to the latest version, 2014.5. Additionally, the jsonc extension has been upgraded to the 1.3.6 version. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670 http://php.net/ChangeLog-5.php#5.4.31 http://php.net/ChangeLog-5.php#5.5.15 http://pecl.php.net/package-changelog.php?package=jsonc&release=1.3.6 http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:149/
Testing complete mga3 64 Tested with drupal, phpmyadmin, wordpress & checked http://localhost/php-apc
Whiteboard: MGA3TOO => MGA3TOO has_procedure mga3-64-ok
Testing complete mga4 64 Tested with zencart, zoneminder, phpmyadmin and php-apc
Whiteboard: MGA3TOO has_procedure mga3-64-ok => MGA3TOO has_procedure mga3-64-ok mga4-64-ok
Summary: php new security issues CVE-2014-4698 and CVE-2014-4670 => php new security issues CVE-2014-3538, CVE-2014-4698, and CVE-2014-4670
Testing complete mga4 32 Owncloud, phpmyadmin, drupal and php-apc
Whiteboard: MGA3TOO has_procedure mga3-64-ok mga4-64-ok => MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok
Testing complete mga3 32 with drupal from updates/testing.
CC: (none) => remiWhiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
Validating update. Advisory uploaded. Please push php* to Mageia 3 & 4 core/updates.
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok advisoryCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0324.html
Status: NEW => RESOLVEDResolution: (none) => FIXED