PHP 5.6.21 has been released either yesterday or today (April 27-28). It has not yet been announced. You can see the ChangeLog in git: http://git.php.net/?p=php-src.git;a=blob;f=NEWS;h=4905156bc5a1b6e2c0cd1e06b5aacb8cb7c3ec3d;hb=refs/heads/PHP-5.6 Some of the fixes are likely security relevant. For the GD issues listed, php#71912 is CVE-2016-3074, which we already fixed in libgd (we don't use PHP's bundled copy), and php#71952 isn't a security issue according to upstream (and is in the php-gd code, not libgd). Updated php packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.21, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. References: http://www.php.net/ChangeLog-5.php#5.6.21 ======================== Updated packages in core/updates_testing: ======================== php-ini-5.6.21-1.mga5 apache-mod_php-5.6.21-1.mga5 php-cli-5.6.21-1.mga5 php-cgi-5.6.21-1.mga5 libphp5_common5-5.6.21-1.mga5 php-devel-5.6.21-1.mga5 php-openssl-5.6.21-1.mga5 php-zlib-5.6.21-1.mga5 php-doc-5.6.21-1.mga5 php-bcmath-5.6.21-1.mga5 php-bz2-5.6.21-1.mga5 php-calendar-5.6.21-1.mga5 php-ctype-5.6.21-1.mga5 php-curl-5.6.21-1.mga5 php-dba-5.6.21-1.mga5 php-dom-5.6.21-1.mga5 php-enchant-5.6.21-1.mga5 php-exif-5.6.21-1.mga5 php-fileinfo-5.6.21-1.mga5 php-filter-5.6.21-1.mga5 php-ftp-5.6.21-1.mga5 php-gd-5.6.21-1.mga5 php-gettext-5.6.21-1.mga5 php-gmp-5.6.21-1.mga5 php-hash-5.6.21-1.mga5 php-iconv-5.6.21-1.mga5 php-imap-5.6.21-1.mga5 php-interbase-5.6.21-1.mga5 php-intl-5.6.21-1.mga5 php-json-5.6.21-1.mga5 php-ldap-5.6.21-1.mga5 php-mbstring-5.6.21-1.mga5 php-mcrypt-5.6.21-1.mga5 php-mssql-5.6.21-1.mga5 php-mysql-5.6.21-1.mga5 php-mysqli-5.6.21-1.mga5 php-mysqlnd-5.6.21-1.mga5 php-odbc-5.6.21-1.mga5 php-opcache-5.6.21-1.mga5 php-pcntl-5.6.21-1.mga5 php-pdo-5.6.21-1.mga5 php-pdo_dblib-5.6.21-1.mga5 php-pdo_firebird-5.6.21-1.mga5 php-pdo_mysql-5.6.21-1.mga5 php-pdo_odbc-5.6.21-1.mga5 php-pdo_pgsql-5.6.21-1.mga5 php-pdo_sqlite-5.6.21-1.mga5 php-pgsql-5.6.21-1.mga5 php-phar-5.6.21-1.mga5 php-posix-5.6.21-1.mga5 php-readline-5.6.21-1.mga5 php-recode-5.6.21-1.mga5 php-session-5.6.21-1.mga5 php-shmop-5.6.21-1.mga5 php-snmp-5.6.21-1.mga5 php-soap-5.6.21-1.mga5 php-sockets-5.6.21-1.mga5 php-sqlite3-5.6.21-1.mga5 php-sybase_ct-5.6.21-1.mga5 php-sysvmsg-5.6.21-1.mga5 php-sysvsem-5.6.21-1.mga5 php-sysvshm-5.6.21-1.mga5 php-tidy-5.6.21-1.mga5 php-tokenizer-5.6.21-1.mga5 php-xml-5.6.21-1.mga5 php-xmlreader-5.6.21-1.mga5 php-xmlrpc-5.6.21-1.mga5 php-xmlwriter-5.6.21-1.mga5 php-xsl-5.6.21-1.mga5 php-wddx-5.6.21-1.mga5 php-zip-5.6.21-1.mga5 php-fpm-5.6.21-1.mga5 phpdbg-5.6.21-1.mga5 from php-5.6.21-1.mga5.src.rpm
In VirtualBox, M5, KDE, 32-bit Install and setup mariadb In root terminal: systemctl start mysqld.service Set password to: testphp [root@localhost wilcal]# mysqladmin -u root password type password "testphp" twice Package(s) under test: php-ini php-fpm mariadb phpmyadmin default install of php-ini php-fpm drupal glpi owncloud phpmyadmin [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.24-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.5-1.2.mga5.noarch is already installed localhost/phpmyadmin opens and creates a database named "test01" I can close localhost/phpmyadmin then reopen and access db test01 install php-ini & php-fpm from updates_testing [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.21-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.21-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.5-1.2.mga5.noarch is already installed localhost/phpmyadmin opens and I can access db "test01" localhost/phpmyadmin opens and creates a database named "test02" I can close localhost/phpmyadmin then reopen and access db's test01 & test02
CC: (none) => wilcal.intWhiteboard: (none) => MGA5-32-OK
In VirtualBox, M5, KDE, 64-bit Install and setup mariadb In root terminal: systemctl start mysqld.service Set password to: testphp [root@localhost wilcal]# mysqladmin -u root password type password "testphp" twice Package(s) under test: php-ini php-fpm mariadb phpmyadmin default install of php-ini php-fpm drupal glpi owncloud phpmyadmin [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.24-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.5-1.2.mga5.noarch is already installed localhost/phpmyadmin opens and creates a database named "test01" I can close localhost/phpmyadmin then reopen and access db test01 install php-ini & php-fpm from updates_testing [root@localhost wilcal]# urpmi php-ini Package php-ini-5.6.21-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi php-fpm Package php-fpm-5.6.21-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.5-1.2.mga5.noarch is already installed localhost/phpmyadmin opens and I can access db "test01" localhost/phpmyadmin opens and creates a database named "test02" I can close localhost/phpmyadmin then reopen and access db's test01 & test02
Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK
This update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA5-32-OK MGA5-64-OK => advisory MGA5-32-OK MGA5-64-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0159.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
CVE request: http://openwall.com/lists/oss-security/2016/05/05/21
URL: (none) => http://lwn.net/Vulnerabilities/685885/
(In reply to David Walser from comment #6) > CVE request: > http://openwall.com/lists/oss-security/2016/05/05/21 http://openwall.com/lists/oss-security/2016/05/05/24 - CVE-2016-4537 - CVE-2016-4538 - CVE-2016-4539 - CVE-2016-4540 - CVE-2016-4541 - CVE-2016-4542 - CVE-2016-4543 - CVE-2016-4544