Upstream has released version 5.5.29 today (September 4): http://php.net/archive/2015.php#id2015-09-04-3 There are security fixes, but as usual, there are no CVEs yet. Advisory to come later. References: http://www.php.net/ChangeLog-5.php#5.5.29 Updated packages in core/updates_testing: ======================== php-ini-5.5.29-1.mga4 apache-mod_php-5.5.29-1.mga4 php-cli-5.5.29-1.mga4 php-cgi-5.5.29-1.mga4 libphp5_common5-5.5.29-1.mga4 php-devel-5.5.29-1.mga4 php-openssl-5.5.29-1.mga4 php-zlib-5.5.29-1.mga4 php-doc-5.5.29-1.mga4 php-bcmath-5.5.29-1.mga4 php-bz2-5.5.29-1.mga4 php-calendar-5.5.29-1.mga4 php-ctype-5.5.29-1.mga4 php-curl-5.5.29-1.mga4 php-dba-5.5.29-1.mga4 php-dom-5.5.29-1.mga4 php-enchant-5.5.29-1.mga4 php-exif-5.5.29-1.mga4 php-fileinfo-5.5.29-1.mga4 php-filter-5.5.29-1.mga4 php-ftp-5.5.29-1.mga4 php-gd-5.5.29-1.mga4 php-gettext-5.5.29-1.mga4 php-gmp-5.5.29-1.mga4 php-hash-5.5.29-1.mga4 php-iconv-5.5.29-1.mga4 php-imap-5.5.29-1.mga4 php-interbase-5.5.29-1.mga4 php-intl-5.5.29-1.mga4 php-json-5.5.29-1.mga4 php-ldap-5.5.29-1.mga4 php-mbstring-5.5.29-1.mga4 php-mcrypt-5.5.29-1.mga4 php-mssql-5.5.29-1.mga4 php-mysql-5.5.29-1.mga4 php-mysqli-5.5.29-1.mga4 php-mysqlnd-5.5.29-1.mga4 php-odbc-5.5.29-1.mga4 php-opcache-5.5.29-1.mga4 php-pcntl-5.5.29-1.mga4 php-pdo-5.5.29-1.mga4 php-pdo_dblib-5.5.29-1.mga4 php-pdo_firebird-5.5.29-1.mga4 php-pdo_mysql-5.5.29-1.mga4 php-pdo_odbc-5.5.29-1.mga4 php-pdo_pgsql-5.5.29-1.mga4 php-pdo_sqlite-5.5.29-1.mga4 php-pgsql-5.5.29-1.mga4 php-phar-5.5.29-1.mga4 php-posix-5.5.29-1.mga4 php-readline-5.5.29-1.mga4 php-recode-5.5.29-1.mga4 php-session-5.5.29-1.mga4 php-shmop-5.5.29-1.mga4 php-snmp-5.5.29-1.mga4 php-soap-5.5.29-1.mga4 php-sockets-5.5.29-1.mga4 php-sqlite3-5.5.29-1.mga4 php-sybase_ct-5.5.29-1.mga4 php-sysvmsg-5.5.29-1.mga4 php-sysvsem-5.5.29-1.mga4 php-sysvshm-5.5.29-1.mga4 php-tidy-5.5.29-1.mga4 php-tokenizer-5.5.29-1.mga4 php-xml-5.5.29-1.mga4 php-xmlreader-5.5.29-1.mga4 php-xmlrpc-5.5.29-1.mga4 php-xmlwriter-5.5.29-1.mga4 php-xsl-5.5.29-1.mga4 php-wddx-5.5.29-1.mga4 php-zip-5.5.29-1.mga4 php-fpm-5.5.29-1.mga4 php-apc-3.1.15-4.19.mga4 php-apc-admin-3.1.15-4.19.mga4 from SRPMS: php-5.5.29-1.mga4.src.rpm php-apc-3.1.15-4.19.mga4.src.rpm Reproducible: Steps to Reproduce:
Works fine Mageia 4 i586 with my usual test cases.
Whiteboard: (none) => MGA4-32-OK
CVE requests: http://openwall.com/lists/oss-security/2015/09/07/5
Advisory: ======================== Updated php packages fix security vulnerabilities: The php package has been updated to version 5.5.29, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. References: http://www.php.net/ChangeLog-5.php#5.5.29
Advisory uploaded.
Whiteboard: MGA4-32-OK => advisory MGA4-32-OK
CVE-2015-6834 through CVE-2015-6838 assigned to this update: http://openwall.com/lists/oss-security/2015/09/08/8 Advisory: ======================== Updated php packages fix security vulnerabilities: The php package has been updated to version 5.5.29, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6838 http://www.php.net/ChangeLog-5.php#5.5.29 http://openwall.com/lists/oss-security/2015/09/08/8
URL: (none) => http://lwn.net/Vulnerabilities/656983/
Validating. Advisory updated. Please push to 4 updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0365.html
Status: NEW => RESOLVEDResolution: (none) => FIXED