PHP 5.6.26 should be available soon (tarball isn't yet). CVE assignments: http://www.openwall.com/lists/oss-security/2016/09/15/10
Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated php packages fix security vulnerabilities: Memory Corruption in During Deserialized-object Destruction) (CVE-2016-7411). Heap overflow in mysqlnd related to BIT fields) (CVE-2016-7412). wddx_deserialize use-after-free (CVE-2016-7413). Out of bound when verify signature of zip phar in phar_parse_zipfile) (CVE-2016-7414). Missing locale length check in php-intl (CVE-2016-7416). Missing type check when unserializing SplArray) (CVE-2016-7417). Out-Of-Bounds Read in php_wddx_push_element) (CVE-2016-7418). The php package has been updated to version 5.6.26, which fixes these issues and other bugs. See the upstream ChangeLog for more details. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418 http://www.php.net/ChangeLog-5.php#5.6.26 http://www.openwall.com/lists/oss-security/2016/09/15/10 ======================== Updated packages in core/updates_testing: ======================== php-ini-5.6.26-1.mga5 apache-mod_php-5.6.26-1.mga5 php-cli-5.6.26-1.mga5 php-cgi-5.6.26-1.mga5 libphp5_common5-5.6.26-1.mga5 php-devel-5.6.26-1.mga5 php-openssl-5.6.26-1.mga5 php-zlib-5.6.26-1.mga5 php-doc-5.6.26-1.mga5 php-bcmath-5.6.26-1.mga5 php-bz2-5.6.26-1.mga5 php-calendar-5.6.26-1.mga5 php-ctype-5.6.26-1.mga5 php-curl-5.6.26-1.mga5 php-dba-5.6.26-1.mga5 php-dom-5.6.26-1.mga5 php-enchant-5.6.26-1.mga5 php-exif-5.6.26-1.mga5 php-fileinfo-5.6.26-1.mga5 php-filter-5.6.26-1.mga5 php-ftp-5.6.26-1.mga5 php-gd-5.6.26-1.mga5 php-gettext-5.6.26-1.mga5 php-gmp-5.6.26-1.mga5 php-hash-5.6.26-1.mga5 php-iconv-5.6.26-1.mga5 php-imap-5.6.26-1.mga5 php-interbase-5.6.26-1.mga5 php-intl-5.6.26-1.mga5 php-json-5.6.26-1.mga5 php-ldap-5.6.26-1.mga5 php-mbstring-5.6.26-1.mga5 php-mcrypt-5.6.26-1.mga5 php-mssql-5.6.26-1.mga5 php-mysql-5.6.26-1.mga5 php-mysqli-5.6.26-1.mga5 php-mysqlnd-5.6.26-1.mga5 php-odbc-5.6.26-1.mga5 php-opcache-5.6.26-1.mga5 php-pcntl-5.6.26-1.mga5 php-pdo-5.6.26-1.mga5 php-pdo_dblib-5.6.26-1.mga5 php-pdo_firebird-5.6.26-1.mga5 php-pdo_mysql-5.6.26-1.mga5 php-pdo_odbc-5.6.26-1.mga5 php-pdo_pgsql-5.6.26-1.mga5 php-pdo_sqlite-5.6.26-1.mga5 php-pgsql-5.6.26-1.mga5 php-phar-5.6.26-1.mga5 php-posix-5.6.26-1.mga5 php-readline-5.6.26-1.mga5 php-recode-5.6.26-1.mga5 php-session-5.6.26-1.mga5 php-shmop-5.6.26-1.mga5 php-snmp-5.6.26-1.mga5 php-soap-5.6.26-1.mga5 php-sockets-5.6.26-1.mga5 php-sqlite3-5.6.26-1.mga5 php-sybase_ct-5.6.26-1.mga5 php-sysvmsg-5.6.26-1.mga5 php-sysvsem-5.6.26-1.mga5 php-sysvshm-5.6.26-1.mga5 php-tidy-5.6.26-1.mga5 php-tokenizer-5.6.26-1.mga5 php-xml-5.6.26-1.mga5 php-xmlreader-5.6.26-1.mga5 php-xmlrpc-5.6.26-1.mga5 php-xmlwriter-5.6.26-1.mga5 php-xsl-5.6.26-1.mga5 php-wddx-5.6.26-1.mga5 php-zip-5.6.26-1.mga5 php-fpm-5.6.26-1.mga5 phpdbg-5.6.26-1.mga5 from php-5.6.26-1.mga5.src.rpm
Version: Cauldron => 5Assignee: bugsquad => qa-bugs
Testing Mageia 5 x64 real H/W. Updated 45 PHP modules from the list above to 5.6.26-1. Tried minimally the following PHP-based applications: Bugzilla, Cacti, Drupal, MediaWiki, Moodle, PHPmyadmin, PHPpgadmin. All looked normal (except Cacti CPU usage graph was absent; I have seen this before, it is permanent on my system. If somebody else with Cacti could confirm that the CPU graph is correctly shown, so much the better). Notwithstanding, I give this the OK.
CC: (none) => lewyssmithWhiteboard: (none) => MGA5-64-OK
URL: (none) => http://lwn.net/Vulnerabilities/701138/
The following 116 packages are going to be installed: - apache-2.4.10-16.4.mga5.i586 - apache-mod_php-5.6.26-1.mga5.i586 - autoconf-2.69-6.mga5.noarch - automake-1.14.1-3.mga5.noarch - bison-3.0.4-1.mga5.i586 - byacc-20141128-1.mga5.i586 - chrpath-0.16-3.mga5.i586 - dos2unix-6.0.6-3.mga5.i586 - flex-2.5.39-3.mga5.i586 - glibc-devel-2.20-23.mga5.i586 - kernel-userspace-headers-4.4.21-2.mga5.i586 - libaudit-devel-2.4.4-1.mga5.i586 - libc-client0-2007f-6.mga5.i586 - libfbclient2-2.5.3.26778-4.mga5.i586 - libfreetds0-0.91-8.mga5.i586 - libgcrypt-devel-1.5.4-5.3.mga5.i586 - libgpg-error-devel-1.13-3.mga5.i586 - liblzma-devel-5.2.0-1.mga5.i586 - libmbfl1-1.2.0-12.mga5.i586 - libmcrypt-2.5.8-18.mga5.i586 - libmcrypt4-2.5.8-18.mga5.i586 - libonig2-5.9.5-3.mga5.i586 - libopenssl-devel-1.0.2i-1.mga5.i586 - libopenssl-engines1.0.0-1.0.2i-1.mga5.i586 - libopenssl1.0.0-1.0.2i-1.mga5.i586 - libpam-devel-1.1.8-10.1.mga5.i586 - libpcre-devel-8.38-1.mga5.i586 - libpcre32_0-8.38-1.mga5.i586 - libphp5_common5-5.6.26-1.mga5.i586 - libpq5-9.4.9-1.mga5.i586 - libstdc++5-3.3.6-11.mga5.i586 - libstdc++5-devel-3.3.6-11.mga5.i586 - libtool-2.4.2-13.mga5.i586 - libtool-base-2.4.2-13.mga5.i586 - libxml2-devel-2.9.4-1.1.mga5.i586 - libxmlrpc-epi0-0.54.2-5.1.mga5.i586 - libxslt-devel-1.1.29-1.mga5.i586 - libzlib-devel-1.2.8-7.mga5.i586 - m4-1.4.17-4.mga5.i586 - net-snmp-mibs-5.7.2-23.mga5.i586 - openssl-1.0.2i-1.mga5.i586 - php-bcmath-5.6.26-1.mga5.i586 - php-bz2-5.6.26-1.mga5.i586 - php-calendar-5.6.26-1.mga5.i586 - php-cgi-5.6.26-1.mga5.i586 - php-cli-5.6.26-1.mga5.i586 - php-ctype-5.6.26-1.mga5.i586 - php-curl-5.6.26-1.mga5.i586 - php-dba-5.6.26-1.mga5.i586 - php-devel-5.6.26-1.mga5.i586 - php-doc-5.6.26-1.mga5.noarch - php-dom-5.6.26-1.mga5.i586 - php-enchant-5.6.26-1.mga5.i586 - php-exif-5.6.26-1.mga5.i586 - php-fileinfo-5.6.26-1.mga5.i586 - php-filter-5.6.26-1.mga5.i586 - php-fpm-5.6.26-1.mga5.i586 - php-ftp-5.6.26-1.mga5.i586 - php-gettext-5.6.26-1.mga5.i586 - php-gmp-5.6.26-1.mga5.i586 - php-hash-5.6.26-1.mga5.i586 - php-iconv-5.6.26-1.mga5.i586 - php-imap-5.6.26-1.mga5.i586 - php-ini-5.6.26-1.mga5.i586 - php-interbase-5.6.26-1.mga5.i586 - php-intl-5.6.26-1.mga5.i586 - php-json-5.6.26-1.mga5.i586 - php-ldap-5.6.26-1.mga5.i586 - php-mbstring-5.6.26-1.mga5.i586 - php-mcrypt-5.6.26-1.mga5.i586 - php-mssql-5.6.26-1.mga5.i586 - php-mysql-5.6.26-1.mga5.i586 - php-mysqli-5.6.26-1.mga5.i586 - php-mysqlnd-5.6.26-1.mga5.i586 - php-odbc-5.6.26-1.mga5.i586 - php-opcache-5.6.26-1.mga5.i586 - php-openssl-5.6.26-1.mga5.i586 - php-pcntl-5.6.26-1.mga5.i586 - php-pdo-5.6.26-1.mga5.i586 - php-pdo_dblib-5.6.26-1.mga5.i586 - php-pdo_firebird-5.6.26-1.mga5.i586 - php-pdo_mysql-5.6.26-1.mga5.i586 - php-pdo_odbc-5.6.26-1.mga5.i586 - php-pdo_pgsql-5.6.26-1.mga5.i586 - php-pdo_sqlite-5.6.26-1.mga5.i586 - php-pgsql-5.6.26-1.mga5.i586 - php-phar-5.6.26-1.mga5.i586 - php-posix-5.6.26-1.mga5.i586 - php-readline-5.6.26-1.mga5.i586 - php-recode-5.6.26-1.mga5.i586 - php-session-5.6.26-1.mga5.i586 - php-shmop-5.6.26-1.mga5.i586 - php-snmp-5.6.26-1.mga5.i586 - php-soap-5.6.26-1.mga5.i586 - php-sockets-5.6.26-1.mga5.i586 - php-sqlite3-5.6.26-1.mga5.i586 - php-suhosin-0.9.37.1-1.mga5.i586 - php-sybase_ct-5.6.26-1.mga5.i586 - php-sysvmsg-5.6.26-1.mga5.i586 - php-sysvsem-5.6.26-1.mga5.i586 - php-sysvshm-5.6.26-1.mga5.i586 - php-tcpdf-6.0.098-1.mga5.noarch - php-tidy-5.6.26-1.mga5.i586 - php-timezonedb-2016.6-1.mga5.i586 - php-tokenizer-5.6.26-1.mga5.i586 - php-wddx-5.6.26-1.mga5.i586 - php-xml-5.6.26-1.mga5.i586 - php-xmlreader-5.6.26-1.mga5.i586 - php-xmlrpc-5.6.26-1.mga5.i586 - php-xmlwriter-5.6.26-1.mga5.i586 - php-xsl-5.6.26-1.mga5.i586 - php-zip-5.6.26-1.mga5.i586 - php-zlib-5.6.26-1.mga5.i586 - phpdbg-5.6.26-1.mga5.i586 - re2c-0.13.6-3.mga5.i586 - webserver-base-2.0-8.mga5.i586 190MB of additional disk space will be used. 47MB of packages will be retrieved. Is it ok to continue? $php info.php Current PHP version: 5.6.26 $ php read.php | wc -l 9242
CC: (none) => brtians1
Created attachment 8446 [details] reads the gutenberg free book The Admirals Daughter
Whiteboard: MGA5-64-OK => MGA5-64-OK mga5-32-ok
Validating this update; advisory to follow.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
i did the .adv file using #1. Please verify and fix if needed, i will push the update in some hours .
CC: (none) => mageia
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0319.html
Status: NEW => RESOLVEDResolution: (none) => FIXED