Bug 15319 - php new security issues CVE-2015-1351, CVE-2015-1352, and CVE-2015-0273
Summary: php new security issues CVE-2015-1351, CVE-2015-1352, and CVE-2015-0273
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/633839/
Whiteboard: has_procedure advisory MGA4-64-OK MGA...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-02-18 23:16 CET by David Walser
Modified: 2015-03-18 17:20 CET (History)
4 users (show)

See Also:
Source RPM: php-5.6.5-2.mga5.src.rpm
CVE:
Status comment:


Attachments
PoCs used in previous comment (360 bytes, application/gzip)
2015-02-24 17:22 CET, olivier charles
Details

Description David Walser 2015-02-18 23:16:37 CET
Ubuntu has issued an advisory on February 17:
http://www.ubuntu.com/usn/usn-2501-1/

These CVE assignments were made here:
http://openwall.com/lists/oss-security/2015/01/24/9

I would imagine these fixes will be included in the next upstream updates.

CVE-2014-9652 was already fixed in Bug 15121.

Reproducible: 

Steps to Reproduce:
David Walser 2015-02-18 23:16:43 CET

Whiteboard: (none) => MGA4TOO

Comment 1 David Walser 2015-02-19 21:29:22 CET
PHP 5.5.22 has been released today:
http://php.net/archive/2015.php#id2015-02-19-1

It actually does not include the fixes for CVE-2015-135[12], but I was able to rediff the patches for 5.6.6 and 5.5.22 (actually only the first one required rediffing) and add those as well.  The updates are committed in SVN, waiting for a freeze push in Cauldron.

The updated versions also fix php#68942 (Use after free vulnerability in unserialize() with DateTimeZone, CVE-2015-0273) and have a GHOST mitigation.

The ChangeLog is here:
http://php.net/ChangeLog-5.php#5.5.22

Summary: php new security issues CVE-2015-1351 and CVE-2015-1352 => php new security issues CVE-2015-1351, CVE-2015-1352, and CVE-2015-0273

Comment 2 David Walser 2015-02-19 21:35:17 CET
Also fixed in 5.5.22 that may be security relevant:
php#68552 (heap buffer overflow in enchant_broker_request_dict()).
php#68901 (use after free in phar_object.c).
Comment 3 David Walser 2015-02-19 23:04:23 CET
Advisory:
========================

Updated php packages fix security vulnerabilities:

It was discovered that the PHP opcache component incorrectly handled
memory. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2015-1351).

It was discovered that the PHP PostgreSQL database extension incorrectly
handled certain pointers. A remote attacker could possibly use this issue
to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code (CVE-2015-1352).

Use after free vulnerability in unserialize() with DateTimeZone in PHP before
5.5.22 (CVE-2015-0273).

PHP has been updated to version 5.5.22, which fixes these issues and other
bugs.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
http://php.net/ChangeLog-5.php#5.5.22
http://www.ubuntu.com/usn/usn-2501-1/
========================

Updated packages in core/updates_testing:
========================
php-ini-5.5.22-1.mga4
apache-mod_php-5.5.22-1.mga4
php-cli-5.5.22-1.mga4
php-cgi-5.5.22-1.mga4
libphp5_common5-5.5.22-1.mga4
php-devel-5.5.22-1.mga4
php-openssl-5.5.22-1.mga4
php-zlib-5.5.22-1.mga4
php-doc-5.5.22-1.mga4
php-bcmath-5.5.22-1.mga4
php-bz2-5.5.22-1.mga4
php-calendar-5.5.22-1.mga4
php-ctype-5.5.22-1.mga4
php-curl-5.5.22-1.mga4
php-dba-5.5.22-1.mga4
php-dom-5.5.22-1.mga4
php-enchant-5.5.22-1.mga4
php-exif-5.5.22-1.mga4
php-fileinfo-5.5.22-1.mga4
php-filter-5.5.22-1.mga4
php-ftp-5.5.22-1.mga4
php-gd-5.5.22-1.mga4
php-gettext-5.5.22-1.mga4
php-gmp-5.5.22-1.mga4
php-hash-5.5.22-1.mga4
php-iconv-5.5.22-1.mga4
php-imap-5.5.22-1.mga4
php-interbase-5.5.22-1.mga4
php-intl-5.5.22-1.mga4
php-json-5.5.22-1.mga4
php-ldap-5.5.22-1.mga4
php-mbstring-5.5.22-1.mga4
php-mcrypt-5.5.22-1.mga4
php-mssql-5.5.22-1.mga4
php-mysql-5.5.22-1.mga4
php-mysqli-5.5.22-1.mga4
php-mysqlnd-5.5.22-1.mga4
php-odbc-5.5.22-1.mga4
php-opcache-5.5.22-1.mga4
php-pcntl-5.5.22-1.mga4
php-pdo-5.5.22-1.mga4
php-pdo_dblib-5.5.22-1.mga4
php-pdo_firebird-5.5.22-1.mga4
php-pdo_mysql-5.5.22-1.mga4
php-pdo_odbc-5.5.22-1.mga4
php-pdo_pgsql-5.5.22-1.mga4
php-pdo_sqlite-5.5.22-1.mga4
php-pgsql-5.5.22-1.mga4
php-phar-5.5.22-1.mga4
php-posix-5.5.22-1.mga4
php-readline-5.5.22-1.mga4
php-recode-5.5.22-1.mga4
php-session-5.5.22-1.mga4
php-shmop-5.5.22-1.mga4
php-snmp-5.5.22-1.mga4
php-soap-5.5.22-1.mga4
php-sockets-5.5.22-1.mga4
php-sqlite3-5.5.22-1.mga4
php-sybase_ct-5.5.22-1.mga4
php-sysvmsg-5.5.22-1.mga4
php-sysvsem-5.5.22-1.mga4
php-sysvshm-5.5.22-1.mga4
php-tidy-5.5.22-1.mga4
php-tokenizer-5.5.22-1.mga4
php-xml-5.5.22-1.mga4
php-xmlreader-5.5.22-1.mga4
php-xmlrpc-5.5.22-1.mga4
php-xmlwriter-5.5.22-1.mga4
php-xsl-5.5.22-1.mga4
php-wddx-5.5.22-1.mga4
php-zip-5.5.22-1.mga4
php-fpm-5.5.22-1.mga4
php-apc-3.1.15-4.12.mga4
php-apc-admin-3.1.15-4.12.mga4

from SRPMS:
php-5.5.22-1.mga4.src.rpm
php-apc-3.1.15-4.12.mga4.src.rpm

Version: Cauldron => 4
Assignee: oe => qa-bugs
Whiteboard: MGA4TOO => (none)
Severity: normal => major

Comment 4 Oden Eriksson 2015-02-20 07:38:18 CET
Please use 5.5.22-1.1.mga4 which has jsonc-1.3.7:

http://pecl.php.net/package-changelog.php?package=jsonc&release=1.3.7

CC: (none) => oe

Comment 5 David Walser 2015-02-20 15:14:21 CET
php-ini-5.5.22-1.1.mga4
apache-mod_php-5.5.22-1.1.mga4
php-cli-5.5.22-1.1.mga4
php-cgi-5.5.22-1.1.mga4
libphp5_common5-5.5.22-1.1.mga4
php-devel-5.5.22-1.1.mga4
php-openssl-5.5.22-1.1.mga4
php-zlib-5.5.22-1.1.mga4
php-doc-5.5.22-1.1.mga4
php-bcmath-5.5.22-1.1.mga4
php-bz2-5.5.22-1.1.mga4
php-calendar-5.5.22-1.1.mga4
php-ctype-5.5.22-1.1.mga4
php-curl-5.5.22-1.1.mga4
php-dba-5.5.22-1.1.mga4
php-dom-5.5.22-1.1.mga4
php-enchant-5.5.22-1.1.mga4
php-exif-5.5.22-1.1.mga4
php-fileinfo-5.5.22-1.1.mga4
php-filter-5.5.22-1.1.mga4
php-ftp-5.5.22-1.1.mga4
php-gd-5.5.22-1.1.mga4
php-gettext-5.5.22-1.1.mga4
php-gmp-5.5.22-1.1.mga4
php-hash-5.5.22-1.1.mga4
php-iconv-5.5.22-1.1.mga4
php-imap-5.5.22-1.1.mga4
php-interbase-5.5.22-1.1.mga4
php-intl-5.5.22-1.1.mga4
php-json-5.5.22-1.1.mga4
php-ldap-5.5.22-1.1.mga4
php-mbstring-5.5.22-1.1.mga4
php-mcrypt-5.5.22-1.1.mga4
php-mssql-5.5.22-1.1.mga4
php-mysql-5.5.22-1.1.mga4
php-mysqli-5.5.22-1.1.mga4
php-mysqlnd-5.5.22-1.1.mga4
php-odbc-5.5.22-1.1.mga4
php-opcache-5.5.22-1.1.mga4
php-pcntl-5.5.22-1.1.mga4
php-pdo-5.5.22-1.1.mga4
php-pdo_dblib-5.5.22-1.1.mga4
php-pdo_firebird-5.5.22-1.1.mga4
php-pdo_mysql-5.5.22-1.1.mga4
php-pdo_odbc-5.5.22-1.1.mga4
php-pdo_pgsql-5.5.22-1.1.mga4
php-pdo_sqlite-5.5.22-1.1.mga4
php-pgsql-5.5.22-1.1.mga4
php-phar-5.5.22-1.1.mga4
php-posix-5.5.22-1.1.mga4
php-readline-5.5.22-1.1.mga4
php-recode-5.5.22-1.1.mga4
php-session-5.5.22-1.1.mga4
php-shmop-5.5.22-1.1.mga4
php-snmp-5.5.22-1.1.mga4
php-soap-5.5.22-1.1.mga4
php-sockets-5.5.22-1.1.mga4
php-sqlite3-5.5.22-1.1.mga4
php-sybase_ct-5.5.22-1.1.mga4
php-sysvmsg-5.5.22-1.1.mga4
php-sysvsem-5.5.22-1.1.mga4
php-sysvshm-5.5.22-1.1.mga4
php-tidy-5.5.22-1.1.mga4
php-tokenizer-5.5.22-1.1.mga4
php-xml-5.5.22-1.1.mga4
php-xmlreader-5.5.22-1.1.mga4
php-xmlrpc-5.5.22-1.1.mga4
php-xmlwriter-5.5.22-1.1.mga4
php-xsl-5.5.22-1.1.mga4
php-wddx-5.5.22-1.1.mga4
php-zip-5.5.22-1.1.mga4
php-fpm-5.5.22-1.1.mga4
php-apc-3.1.15-4.12.mga4
php-apc-admin-3.1.15-4.12.mga4

from SRPMS:
php-5.5.22-1.1.mga4.src.rpm
php-apc-3.1.15-4.12.mga4.src.rpm
Comment 6 olivier charles 2015-02-20 20:38:56 CET
Testing on Mageia 4x32 real hardware

From current packages :
---------------------
of PHP Version 5.5.21 already installed from previous test
(https://bugs.mageia.org/show_bug.cgi?id=15121)

To updated testing packages :
---------------------------
All php-5.5.22-1.1.mga4 packages except php-opcache
and
php-apc-3.1.15-4.12.mga4

Browsed to http://localhost/wordpress where I found wordpress test blog made during previous php testing.Logged in, created new page...
Used phpmyadmin : ok
Browsed to http://localhost/php-apc/ : ok
As I had seen in Comment 3 there was an issue with PHP PostgreSQL
Created drupal site using postgresql9.3 : ok

In Comment 3, an issue about opcache is mentionned so :
Installed php-opcache-5.5.22-1.1.mga4.i586
which uninstalled php-apc and php-apc-admin

To configure php-opcache,
# nano /etc/php.ini
; Determines if Zend OPCache is enabled
opcache.enable=1
; The OPcache shared memory storage size.
opcache.memory_consumption=128
; The maximum number of keys (scripts) in the OPcache hash table.
; Only numbers between 200 and 100000 are allowed.
opcache.max_accelerated_files=4000
; How often (in seconds) to check file timestamps for changes to the shared
; memory storage allocation. ("1" means validate once per second, but only
; once per request. "0" means always validate)
opcache.revalidate_freq=60

Created php script (opcachecp.php) in /var/www/html from script found here in order to have an opcache control panel 
https://gist.github.com/ck-on/4959032/?ocp.php
Browsed to http://opcachecp.php
which showed me php-opcache was functionnal.

OK

CC: (none) => olchal
Whiteboard: (none) => MGA4-32-OK

Comment 7 olivier charles 2015-02-24 17:20:07 CET
Testing on Mageia 4x64 real hardware

From current packages :
---------------------
php-5.5.21-1.mga4 packages
and php-apc-3.1.15-4.11.mga4 packages

phpmyadmin OK
wordpress installation and usage OK
http://localhost/php-apc/

To updated testing packages :
---------------------------
php-5.5.22-1.1.mga4 packages
and php-apc-3.1.15-4.12.mga4 packages
phpmyadmin OK
wordpress OK (previous installation)
Installing and using drupal with postgresql OK
http://localhost/php-apc/ OK

So long so good.

BUT
---
Reading in comment 1 that :
The updated versions also fix php#68942 (Use after free vulnerability in unserialize() with DateTimeZone, CVE-2015-0273)

I used the 2 PoCs found at : https://bugs.php.net/bug.php?id=68942

With current packages :
---------------------
1st PoC (which I called : fakezval.php)
results in a leak :
$ php fakezval.php 
array(2) {
  [0]=>
  object(DateTimeZone)#1 (2) {
    ["timezone_type"]=>
    int(2)
    ["timezone"]=>
    string(1) "A"
  }
  [1]=>
  string(17) "3"
}

2nd PoC (zstrval.php)
gives a segmentation fault
$ php zstrval.php
Erreur de segmentation

To updated testing packages :
---------------------------
$ php fakezval.php 
PHP Fatal error:  DateTimeZone::__wakeup(): Timezone initialization failed in /home/zitounu/qa/fakezval.php on line 11

Returns now an error instead of leaking code. That sounds OK.

$ php zstrval.php 
Erreur de segmentation

Still a segmentation fault here.

So  bug #68942 is not entirely solved by this testing package from what I see.
-----------------------------------------------------------------------------
Comment 8 olivier charles 2015-02-24 17:22:50 CET
Created attachment 5944 [details]
PoCs used in previous comment
Comment 9 William Kenney 2015-02-24 18:04:07 CET
In VirtualBox, M4, KDE, 64-bit

Package(s) under test:
php-ini php-fpm drupal glpi owncloud phpmyadmin

default install of php-ini php-fpm drupal glpi owncloud phpmyadmin

[root@localhost wilcal]# urpmi php-ini
Package php-ini-5.5.21-1.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi php-fpm
Package php-fpm-5.5.21-1.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi drupal
Package drupal-7.34-1.mga4.noarch is already installed
[root@localhost wilcal]# urpmi glpi
Package glpi-0.84.3-1.2.mga4.noarch is already installed
[root@localhost wilcal]# urpmi owncloud
Package owncloud-6.0.4-1.mga4.noarch is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.1.14.8-1.mga4.noarch is already installed

localhost/drupal opens and runs
localhost/glpi opens and runs
localhost/owncloud opens and runs
set up phpmyadmin config file 
localhost/phpmyadmin opens and runs

install php-ini & php-fpm from updates_testing

[root@localhost wilcal]# urpmi php-ini
Package php-ini-5.5.22-1.1.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi php-fpm
Package php-fpm-5.5.22-1.1.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi drupal
Package drupal-7.34-1.mga4.noarch is already installed
[root@localhost wilcal]# urpmi glpi
Package glpi-0.84.3-1.2.mga4.noarch is already installed
[root@localhost wilcal]# urpmi owncloud
Package owncloud-6.0.4-1.mga4.noarch is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.1.14.8-1.mga4.noarch is already installed

localhost/drupal opens and runs
localhost/glpi opens and runs
localhost/owncloud opens and runs
localhost/phpmyadmin opens and runs

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
virtualbox-4.3.10-1.1.mga4.x86_64
virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64

CC: (none) => wilcal.int

Comment 10 David Walser 2015-02-24 18:38:44 CET
LWN reference for CVE-2015-0273:
http://lwn.net/Vulnerabilities/634614/
Comment 11 David Walser 2015-02-26 23:31:53 CET
OK, I see, this was at the bottom of the original report:
II. Type confusion vulnerability

Z_STRVAL_PP leads to various problems.

The following code should crash PHP:

<?php

$data = unserialize('O:12:"DateTimeZone":2:{s:13:"timezone_type";i:1;s:8:"timezone";i:1;}');

?>

and that wasn't fixed.  Only the two examples that it said should leak memory (part I of the original report and a later comment) were fixed, as those correspond to the two test cases added upstream.  I don't know if they just missed the part II of the original report, or if they considered it a different issue.

I added a comment about it on the upstream bug report and asked:
https://bugs.php.net/bug.php?id=68942
Comment 12 David Walser 2015-02-27 02:12:49 CET
(In reply to David Walser from comment #11)
> I added a comment about it on the upstream bug report and asked:
> https://bugs.php.net/bug.php?id=68942

The original reporter says it's a security issue, but a seperate one, so it won't hold up this update unless a new patch for it appears very soon.
Comment 13 claire robinson 2015-02-27 10:30:33 CET
a fix has been committed now by the looks of it David.
Comment 15 David Walser 2015-02-27 14:33:39 CET
I've added the patch locally and now believe I get the intended results for the 4 PoCs:
$ php fakezval.php 
PHP Fatal error:  DateTimeZone::__wakeup(): Timezone initialization failed in /tmp/fakezval.php on line 12
$ php zstrval.php 
PHP Fatal error:  DateTimeZone::__wakeup(): Timezone initialization failed in /tmp/zstrval.php on line 4
$ php fakezval2.php 
PHP Fatal error:  Invalid serialization data for DateTime object in /tmp/fakezval2.php on line 13
$ php infoleak.php 
PHP Notice:  unserialize(): Error at offset 63 of 76 bytes in /tmp/infoleak.php on line 4

I'll ask for a push in Cauldron first.
Comment 16 David Walser 2015-03-01 22:43:28 CET
OK the patched version for the other issue in php#68942 has been uploaded in Cauldron and is building now in Mageia 4.  Please re-test when it's available.

php-ini-5.5.22-1.2.mga4
apache-mod_php-5.5.22-1.2.mga4
php-cli-5.5.22-1.2.mga4
php-cgi-5.5.22-1.2.mga4
libphp5_common5-5.5.22-1.2.mga4
php-devel-5.5.22-1.2.mga4
php-openssl-5.5.22-1.2.mga4
php-zlib-5.5.22-1.2.mga4
php-doc-5.5.22-1.2.mga4
php-bcmath-5.5.22-1.2.mga4
php-bz2-5.5.22-1.2.mga4
php-calendar-5.5.22-1.2.mga4
php-ctype-5.5.22-1.2.mga4
php-curl-5.5.22-1.2.mga4
php-dba-5.5.22-1.2.mga4
php-dom-5.5.22-1.2.mga4
php-enchant-5.5.22-1.2.mga4
php-exif-5.5.22-1.2.mga4
php-fileinfo-5.5.22-1.2.mga4
php-filter-5.5.22-1.2.mga4
php-ftp-5.5.22-1.2.mga4
php-gd-5.5.22-1.2.mga4
php-gettext-5.5.22-1.2.mga4
php-gmp-5.5.22-1.2.mga4
php-hash-5.5.22-1.2.mga4
php-iconv-5.5.22-1.2.mga4
php-imap-5.5.22-1.2.mga4
php-interbase-5.5.22-1.2.mga4
php-intl-5.5.22-1.2.mga4
php-json-5.5.22-1.2.mga4
php-ldap-5.5.22-1.2.mga4
php-mbstring-5.5.22-1.2.mga4
php-mcrypt-5.5.22-1.2.mga4
php-mssql-5.5.22-1.2.mga4
php-mysql-5.5.22-1.2.mga4
php-mysqli-5.5.22-1.2.mga4
php-mysqlnd-5.5.22-1.2.mga4
php-odbc-5.5.22-1.2.mga4
php-opcache-5.5.22-1.2.mga4
php-pcntl-5.5.22-1.2.mga4
php-pdo-5.5.22-1.2.mga4
php-pdo_dblib-5.5.22-1.2.mga4
php-pdo_firebird-5.5.22-1.2.mga4
php-pdo_mysql-5.5.22-1.2.mga4
php-pdo_odbc-5.5.22-1.2.mga4
php-pdo_pgsql-5.5.22-1.2.mga4
php-pdo_sqlite-5.5.22-1.2.mga4
php-pgsql-5.5.22-1.2.mga4
php-phar-5.5.22-1.2.mga4
php-posix-5.5.22-1.2.mga4
php-readline-5.5.22-1.2.mga4
php-recode-5.5.22-1.2.mga4
php-session-5.5.22-1.2.mga4
php-shmop-5.5.22-1.2.mga4
php-snmp-5.5.22-1.2.mga4
php-soap-5.5.22-1.2.mga4
php-sockets-5.5.22-1.2.mga4
php-sqlite3-5.5.22-1.2.mga4
php-sybase_ct-5.5.22-1.2.mga4
php-sysvmsg-5.5.22-1.2.mga4
php-sysvsem-5.5.22-1.2.mga4
php-sysvshm-5.5.22-1.2.mga4
php-tidy-5.5.22-1.2.mga4
php-tokenizer-5.5.22-1.2.mga4
php-xml-5.5.22-1.2.mga4
php-xmlreader-5.5.22-1.2.mga4
php-xmlrpc-5.5.22-1.2.mga4
php-xmlwriter-5.5.22-1.2.mga4
php-xsl-5.5.22-1.2.mga4
php-wddx-5.5.22-1.2.mga4
php-zip-5.5.22-1.2.mga4
php-fpm-5.5.22-1.2.mga4
php-apc-3.1.15-4.12.mga4
php-apc-admin-3.1.15-4.12.mga4

from SRPMS:
php-5.5.22-1.2.mga4.src.rpm
php-apc-3.1.15-4.12.mga4.src.rpm

Whiteboard: MGA4-32-OK => (none)

Comment 17 olivier charles 2015-03-02 20:38:54 CET
Testing on Mageia 4x64 real hardware

php-apc-3.1.15-4.11.mga4.x86_64 and all php-5.5.22-1.2.mga4 packages except php-opcache

Logged in previous wordpress installation and made some changes : OK
/localhost/php-apc : OK
Drupal creation with postgresql and usage : OK
Phpmyadmin : OK

Installed php-opcache-5.5.21-1.mga4.x86_64 (which uninstalled php-apc packages)
and tested it as in comment 6 : OK

Retried the 2 PoCs from attachment 5944 [details]

# php fakezval.php 
PHP Fatal error:  DateTimeZone::__wakeup(): Timezone initialization failed in /home/zitounu/qa/fakezval.php on line 11
# php zstrval.php 
PHP Fatal error:  DateTimeZone::__wakeup(): Timezone initialization failed in /home/zitounu/qa/zstrval.php on line 3

Both of them now result in PHP Fatal error : no more memory leakage or segmentation fault.

All OK on Mageia4x64.

Whiteboard: (none) => MGA4-64-OK

Comment 18 olivier charles 2015-03-02 20:52:11 CET
Sorry error in previous comment :

That was update testing
# rpm -q php-apc
php-apc-3.1.15-4.12.mga4

and not php-apc-3.1.15-4.11.mga4.x86_64 I used in comment 17 (which is current version)
Comment 19 olivier charles 2015-03-03 17:15:56 CET
Testing on Mageia 4x32, real hardware, using same procedure as in comment 17

# rpm -q php-ini php-apc
php-ini-5.5.22-1.2.mga4
php-apc-3.1.15-4.12.mga4

Drupal installation with postgresql and usage : OK
localhost/php-apc : OK
phpmyadmin : OK

Installed php-opcache and uninstalled php-apc
# rpm -q php-opcache
php-opcache-5.5.22-1.2.mga4

opcache php file test : OK

PoC test files : OK

All OK for Mageia 4x32

Whiteboard: MGA4-64-OK => MGA4-64-OK MGA4-32-OK

Comment 20 claire robinson 2015-03-03 18:05:35 CET
Well done Olivier. This was good testing.

Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA4-64-OK MGA4-32-OK => has_procedure advisory MGA4-64-OK MGA4-32-OK
CC: (none) => sysadmin-bugs

Comment 21 Mageia Robot 2015-03-03 22:16:31 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0090.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 22 David Walser 2015-03-16 14:43:18 CET
Two of the other issues fixed in 5.5.22 that I mentioned earlier have been assigned CVEs:
http://openwall.com/lists/oss-security/2015/03/15/6

(In reply to David Walser from comment #2)
> Also fixed in 5.5.22 that may be security relevant:
> php#68552 (heap buffer overflow in enchant_broker_request_dict()).

This is now CVE-2014-9705.

> php#68901 (use after free in phar_object.c).

This is now CVE-2015-2301.
Comment 23 David Walser 2015-03-18 17:20:15 CET
LWN reference for CVE-2015-2301:
http://lwn.net/Vulnerabilities/637140/

LWN reference for CVE-2014-9705:
http://lwn.net/Vulnerabilities/637136/

That entry also lists CVE-2015-2305, a minor issue that we'll have to address in a future update.

Note You need to log in before you can comment on or make changes to this bug.