PHP 5.6.19 has been released on March 3: http://php.net/archive/2016.php#id2016-03-03-3 It fixes several security bugs. There are no CVEs (yet?). http://php.net/ChangeLog-5.php#5.6.19 Updated packages uploaded for Mageia 5 and Cauldron. The timezone and php-timezonedb packages have also been updated. Advisory: ======================== Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.19, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. The timezone information in the timezone and php-timezonedb packages has also been updated to the latest, version 2016a. References: http://www.php.net/ChangeLog-5.php#5.6.19 http://mm.icann.org/pipermail/tz-announce/2015-October/000034.html http://mm.icann.org/pipermail/tz-announce/2016-January/000035.html ======================== Updated packages in core/updates_testing: ======================== php-ini-5.6.19-1.mga5 apache-mod_php-5.6.19-1.mga5 php-cli-5.6.19-1.mga5 php-cgi-5.6.19-1.mga5 libphp5_common5-5.6.19-1.mga5 php-devel-5.6.19-1.mga5 php-openssl-5.6.19-1.mga5 php-zlib-5.6.19-1.mga5 php-doc-5.6.19-1.mga5 php-bcmath-5.6.19-1.mga5 php-bz2-5.6.19-1.mga5 php-calendar-5.6.19-1.mga5 php-ctype-5.6.19-1.mga5 php-curl-5.6.19-1.mga5 php-dba-5.6.19-1.mga5 php-dom-5.6.19-1.mga5 php-enchant-5.6.19-1.mga5 php-exif-5.6.19-1.mga5 php-fileinfo-5.6.19-1.mga5 php-filter-5.6.19-1.mga5 php-ftp-5.6.19-1.mga5 php-gd-5.6.19-1.mga5 php-gettext-5.6.19-1.mga5 php-gmp-5.6.19-1.mga5 php-hash-5.6.19-1.mga5 php-iconv-5.6.19-1.mga5 php-imap-5.6.19-1.mga5 php-interbase-5.6.19-1.mga5 php-intl-5.6.19-1.mga5 php-json-5.6.19-1.mga5 php-ldap-5.6.19-1.mga5 php-mbstring-5.6.19-1.mga5 php-mcrypt-5.6.19-1.mga5 php-mssql-5.6.19-1.mga5 php-mysql-5.6.19-1.mga5 php-mysqli-5.6.19-1.mga5 php-mysqlnd-5.6.19-1.mga5 php-odbc-5.6.19-1.mga5 php-opcache-5.6.19-1.mga5 php-pcntl-5.6.19-1.mga5 php-pdo-5.6.19-1.mga5 php-pdo_dblib-5.6.19-1.mga5 php-pdo_firebird-5.6.19-1.mga5 php-pdo_mysql-5.6.19-1.mga5 php-pdo_odbc-5.6.19-1.mga5 php-pdo_pgsql-5.6.19-1.mga5 php-pdo_sqlite-5.6.19-1.mga5 php-pgsql-5.6.19-1.mga5 php-phar-5.6.19-1.mga5 php-posix-5.6.19-1.mga5 php-readline-5.6.19-1.mga5 php-recode-5.6.19-1.mga5 php-session-5.6.19-1.mga5 php-shmop-5.6.19-1.mga5 php-snmp-5.6.19-1.mga5 php-soap-5.6.19-1.mga5 php-sockets-5.6.19-1.mga5 php-sqlite3-5.6.19-1.mga5 php-sybase_ct-5.6.19-1.mga5 php-sysvmsg-5.6.19-1.mga5 php-sysvsem-5.6.19-1.mga5 php-sysvshm-5.6.19-1.mga5 php-tidy-5.6.19-1.mga5 php-tokenizer-5.6.19-1.mga5 php-xml-5.6.19-1.mga5 php-xmlreader-5.6.19-1.mga5 php-xmlrpc-5.6.19-1.mga5 php-xmlwriter-5.6.19-1.mga5 php-xsl-5.6.19-1.mga5 php-wddx-5.6.19-1.mga5 php-zip-5.6.19-1.mga5 php-fpm-5.6.19-1.mga5 phpdbg-5.6.19-1.mga5 timezone-2016a-1.mga5 timezone-java-2016a-1.mga5 php-timezonedb-2016.1-1.mga5 from SRPMS: php-5.6.19-mga5.src.rpm timezone-2016a-1.mga5.src.rpm php-timezonedb-2016.1-1.mga5.src.rpm
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
Fedora has issued an advisory for this on March 5: https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178442.html
URL: (none) => http://lwn.net/Vulnerabilities/674929/
In VirtualBox, M5, KDE, 32-bit Install and setup mariadb In root terminal: systemctl start mysqld.service Set password to: testphp [root@localhost wilcal]# mysqladmin -u root password type password "testphp" twice Package(s) under test: php-ini php-fpm mariadb phpmyadmin default install of php-ini php-fpm drupal glpi owncloud phpmyadmin [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.10-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.10-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.23-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.5-1.2.mga5.noarch is already installed localhost/phpmyadmin opens and creates a database named "test01" I can close localhost/phpmyadmin then reopen and access db test01 install php-ini & php-fpm from updates_testing [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.5-1.2.mga5.noarch is already installed localhost/phpmyadmin opens and I can access db "test01" localhost/phpmyadmin opens and creates a database named "test02" I can close localhost/phpmyadmin then reopen and access db's test01 & test02
CC: (none) => wilcal.int
In VirtualBox, M5, KDE, 64-bit Install and setup mariadb In root terminal: systemctl start mysqld.service Set password to: testphp [root@localhost wilcal]# mysqladmin -u root password type password "testphp" twice Package(s) under test: php-ini php-fpm mariadb phpmyadmin default install of php-ini php-fpm drupal glpi owncloud phpmyadmin [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.18-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.18-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.23-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.5-1.2.mga5.noarch is already installed localhost/phpmyadmin opens and creates a database named "test01" I can close localhost/phpmyadmin then reopen and access db test01 install php-ini & php-fpm from updates_testing [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.23-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.5-1.2.mga5.noarch is already installed localhost/phpmyadmin opens and I can access db "test01" localhost/phpmyadmin opens and creates a database named "test02" I can close localhost/phpmyadmin then reopen and access db's test01 & test02
Looks ok to me
CVEs have been requested: http://openwall.com/lists/oss-security/2016/03/10/5
Whiteboard: advisory => advisory MGA5-32-OK MGA5-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0110.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: http://lwn.net/Vulnerabilities/674929/ => http://lwn.net/Vulnerabilities/679764/
php#71587 - CVE-2016-3141 php#71498 - CVE-2016-3142 http://openwall.com/lists/oss-security/2016/03/14/7 http://openwall.com/lists/oss-security/2016/03/14/8