PHP version 5.5.24 and 5.6.8 have been released on April 16: http://php.net/archive/2015.php#id2015-04-16-1 http://php.net/archive/2015.php#id2015-04-16-2 We included patches for CVE-2015-1351 and CVE-2015-1352 in our previous update (Bug 15319). The CVE-2015-2783 issue (php#69324) issue in php-phar as well as the buffer overflow in php-phar (php#69441) are new. A CVE has been requested for the latter issue here: http://openwall.com/lists/oss-security/2015/04/16/22 The remote code execution with apache 2.4 (php#69218) is also new and a CVE for that has been requested here: http://openwall.com/lists/oss-security/2015/04/17/3 There are various other use-after-free, type confusion, and segfault issues for which I have not seen CVE requests. The ChangeLog is here: http://www.php.net/ChangeLog-5.php#5.5.24 http://php.net/ChangeLog-5.php#5.6.8 Updates checked into Mageia 4 and Cauldron SVN. Freeze push requested for Cauldron. Reproducible: Steps to Reproduce:
URL: (none) => http://lwn.net/Vulnerabilities/640803/
(In reply to David Walser from comment #0) > The CVE-2015-2783 issue (php#69324) issue in php-phar as well as the buffer > overflow in php-phar (php#69441) are new. A CVE has been requested for the > latter issue here: > http://openwall.com/lists/oss-security/2015/04/16/22 This (php#69441) now has CVE-2015-3329: http://openwall.com/lists/oss-security/2015/04/17/6
(In reply to David Walser from comment #0) > The remote code execution with apache 2.4 (php#69218) is also new and a CVE > for that has been requested here: > http://openwall.com/lists/oss-security/2015/04/17/3 This is now CVE-2015-3330: http://openwall.com/lists/oss-security/2015/04/17/7
Advisory: ======================== Updated php packages fix security vulnerabilities: Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783). Buffer Overflow when parsing tar/zip/phar in phar_set_inode (CVE-2015-3329). Potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330). PHP has been updated to version 5.5.24, which fixes these issues and other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 http://www.php.net/ChangeLog-5.php#5.5.24 ======================== Updated packages in core/updates_testing: ======================== php-ini-5.5.24-1.mga4 apache-mod_php-5.5.24-1.mga4 php-cli-5.5.24-1.mga4 php-cgi-5.5.24-1.mga4 libphp5_common5-5.5.24-1.mga4 php-devel-5.5.24-1.mga4 php-openssl-5.5.24-1.mga4 php-zlib-5.5.24-1.mga4 php-doc-5.5.24-1.mga4 php-bcmath-5.5.24-1.mga4 php-bz2-5.5.24-1.mga4 php-calendar-5.5.24-1.mga4 php-ctype-5.5.24-1.mga4 php-curl-5.5.24-1.mga4 php-dba-5.5.24-1.mga4 php-dom-5.5.24-1.mga4 php-enchant-5.5.24-1.mga4 php-exif-5.5.24-1.mga4 php-fileinfo-5.5.24-1.mga4 php-filter-5.5.24-1.mga4 php-ftp-5.5.24-1.mga4 php-gd-5.5.24-1.mga4 php-gettext-5.5.24-1.mga4 php-gmp-5.5.24-1.mga4 php-hash-5.5.24-1.mga4 php-iconv-5.5.24-1.mga4 php-imap-5.5.24-1.mga4 php-interbase-5.5.24-1.mga4 php-intl-5.5.24-1.mga4 php-json-5.5.24-1.mga4 php-ldap-5.5.24-1.mga4 php-mbstring-5.5.24-1.mga4 php-mcrypt-5.5.24-1.mga4 php-mssql-5.5.24-1.mga4 php-mysql-5.5.24-1.mga4 php-mysqli-5.5.24-1.mga4 php-mysqlnd-5.5.24-1.mga4 php-odbc-5.5.24-1.mga4 php-opcache-5.5.24-1.mga4 php-pcntl-5.5.24-1.mga4 php-pdo-5.5.24-1.mga4 php-pdo_dblib-5.5.24-1.mga4 php-pdo_firebird-5.5.24-1.mga4 php-pdo_mysql-5.5.24-1.mga4 php-pdo_odbc-5.5.24-1.mga4 php-pdo_pgsql-5.5.24-1.mga4 php-pdo_sqlite-5.5.24-1.mga4 php-pgsql-5.5.24-1.mga4 php-phar-5.5.24-1.mga4 php-posix-5.5.24-1.mga4 php-readline-5.5.24-1.mga4 php-recode-5.5.24-1.mga4 php-session-5.5.24-1.mga4 php-shmop-5.5.24-1.mga4 php-snmp-5.5.24-1.mga4 php-soap-5.5.24-1.mga4 php-sockets-5.5.24-1.mga4 php-sqlite3-5.5.24-1.mga4 php-sybase_ct-5.5.24-1.mga4 php-sysvmsg-5.5.24-1.mga4 php-sysvsem-5.5.24-1.mga4 php-sysvshm-5.5.24-1.mga4 php-tidy-5.5.24-1.mga4 php-tokenizer-5.5.24-1.mga4 php-xml-5.5.24-1.mga4 php-xmlreader-5.5.24-1.mga4 php-xmlrpc-5.5.24-1.mga4 php-xmlwriter-5.5.24-1.mga4 php-xsl-5.5.24-1.mga4 php-wddx-5.5.24-1.mga4 php-zip-5.5.24-1.mga4 php-fpm-5.5.24-1.mga4 php-apc-3.1.15-4.14.mga4 php-apc-admin-3.1.15-4.14.mga4 php-timezonedb-2015.3-1.mga4 from SRPMS: php-5.5.24-1.mga4.src.rpm php-apc-3.1.15-4.14.mga4.src.rpm php-timezonedb-2015.3-1.mga4.src.rpm
Assignee: bugsquad => qa-bugs
LWN reference for CVE-2015-3329 and CVE-2015-3330: http://lwn.net/Vulnerabilities/641243/
Testing complete mga4 64 Tested at the same time as the wordpress update in bug 15745. Also tested zoneminder and php-apc at http://localhost/php-apc
Whiteboard: (none) => has_procedure mga4-64-ok
Advisory uploaded.
Whiteboard: has_procedure mga4-64-ok => has_procedure advisory mga4-64-ok
Testing complete mga4 32 Validating. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory mga4-64-ok => has_procedure advisory mga4-64-ok mga4-32-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0169.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
This also fixed CVE-2015-3307, CVE-2015-341[12], CVE-2015-459[89], and CVE-2015-460[0-5] according to RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1223441 https://bugzilla.redhat.com/show_bug.cgi?id=1213407 https://bugzilla.redhat.com/show_bug.cgi?id=1232823 https://bugzilla.redhat.com/show_bug.cgi?id=1232897 https://bugzilla.redhat.com/show_bug.cgi?id=1222538 https://bugzilla.redhat.com/show_bug.cgi?id=1232923 https://bugzilla.redhat.com/show_bug.cgi?id=1232918 https://bugzilla.redhat.com/show_bug.cgi?id=1213442