Upstream has released version 5.6.13 today (September 4): http://php.net/archive/2015.php#id2015-09-04-2 There are security fixes, but as usual, there are no CVEs yet. Advisory to come later. References: http://www.php.net/ChangeLog-5.php#5.6.13 Updated packages in core/updates_testing: ======================== php-ini-5.6.13-1.mga5 apache-mod_php-5.6.13-1.mga5 php-cli-5.6.13-1.mga5 php-cgi-5.6.13-1.mga5 libphp5_common5-5.6.13-1.mga5 php-devel-5.6.13-1.mga5 php-openssl-5.6.13-1.mga5 php-zlib-5.6.13-1.mga5 php-doc-5.6.13-1.mga5 php-bcmath-5.6.13-1.mga5 php-bz2-5.6.13-1.mga5 php-calendar-5.6.13-1.mga5 php-ctype-5.6.13-1.mga5 php-curl-5.6.13-1.mga5 php-dba-5.6.13-1.mga5 php-dom-5.6.13-1.mga5 php-enchant-5.6.13-1.mga5 php-exif-5.6.13-1.mga5 php-fileinfo-5.6.13-1.mga5 php-filter-5.6.13-1.mga5 php-ftp-5.6.13-1.mga5 php-gd-5.6.13-1.mga5 php-gettext-5.6.13-1.mga5 php-gmp-5.6.13-1.mga5 php-hash-5.6.13-1.mga5 php-iconv-5.6.13-1.mga5 php-imap-5.6.13-1.mga5 php-interbase-5.6.13-1.mga5 php-intl-5.6.13-1.mga5 php-json-5.6.13-1.mga5 php-ldap-5.6.13-1.mga5 php-mbstring-5.6.13-1.mga5 php-mcrypt-5.6.13-1.mga5 php-mssql-5.6.13-1.mga5 php-mysql-5.6.13-1.mga5 php-mysqli-5.6.13-1.mga5 php-mysqlnd-5.6.13-1.mga5 php-odbc-5.6.13-1.mga5 php-opcache-5.6.13-1.mga5 php-pcntl-5.6.13-1.mga5 php-pdo-5.6.13-1.mga5 php-pdo_dblib-5.6.13-1.mga5 php-pdo_firebird-5.6.13-1.mga5 php-pdo_mysql-5.6.13-1.mga5 php-pdo_odbc-5.6.13-1.mga5 php-pdo_pgsql-5.6.13-1.mga5 php-pdo_sqlite-5.6.13-1.mga5 php-pgsql-5.6.13-1.mga5 php-phar-5.6.13-1.mga5 php-posix-5.6.13-1.mga5 php-readline-5.6.13-1.mga5 php-recode-5.6.13-1.mga5 php-session-5.6.13-1.mga5 php-shmop-5.6.13-1.mga5 php-snmp-5.6.13-1.mga5 php-soap-5.6.13-1.mga5 php-sockets-5.6.13-1.mga5 php-sqlite3-5.6.13-1.mga5 php-sybase_ct-5.6.13-1.mga5 php-sysvmsg-5.6.13-1.mga5 php-sysvsem-5.6.13-1.mga5 php-sysvshm-5.6.13-1.mga5 php-tidy-5.6.13-1.mga5 php-tokenizer-5.6.13-1.mga5 php-xml-5.6.13-1.mga5 php-xmlreader-5.6.13-1.mga5 php-xmlrpc-5.6.13-1.mga5 php-xmlwriter-5.6.13-1.mga5 php-xsl-5.6.13-1.mga5 php-wddx-5.6.13-1.mga5 php-zip-5.6.13-1.mga5 php-fpm-5.6.13-1.mga5 phpdbg-5.6.13-1.mga5 from php-5.6.13-mga5.src.rpm Reproducible: Steps to Reproduce:
Works fine Mageia 5 i586 with my usual test cases.
Whiteboard: (none) => MGA5-32-OK
CVE requests: http://openwall.com/lists/oss-security/2015/09/07/5
$ cat /etc/release Mageia release 5 (Official) for x86_64 Ran my tests - seems to be working as designed.
CC: (none) => brtians1Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK
Validating. Needs advisory please David.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Still no response to CVE request, general advisory for now. Advisory: ======================== Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.13, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. References: http://www.php.net/ChangeLog-5.php#5.6.13
Does php not require php-apcu updating at the same time, now it has a U?
Advisory uploaded.
Whiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisory
Unvalidating temporarily so it isn't pushed yet, see comment 6 pls.
Keywords: validated_update => (none)
(In reply to claire robinson from comment #6) > Does php not require php-apcu updating at the same time, now it has a U? No it does not. php-apc (Mageia 4 and older) contained a user cache and opcode cache, it was because of the opcode cache that it needed to be rebuilt. The opcode cache wasn't ported to PHP 5.6 and is thought to be not needed (because of the upstream php-opcache), so all that's left is php-apcu, the user cache, which does not need to be rebuilt.
Validating then.
Keywords: (none) => validated_update
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0357.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
CVE-2015-6834 through CVE-2015-6838 assigned to this update: http://openwall.com/lists/oss-security/2015/09/08/8 Advisory: ======================== Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.13, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6838 http://www.php.net/ChangeLog-5.php#5.6.13 http://openwall.com/lists/oss-security/2015/09/08/8
URL: (none) => http://lwn.net/Vulnerabilities/656983/