+++ This bug was initially created as a clone of Bug #22321 +++ Upstream has released PHP 5.6.33 on Jan 4th: http://php.net/archive/2018.php#id2018-01-04-4 It fixes a few security issues: http://php.net/ChangeLog-5.php#5.6.33 Advisory: ======================== Updated php packages fix security vulnerabilities: Potential infinite loop in gdImageCreateFromGifCtx (php#75571) Reflected XSS in .phar 404 page (php#74782) References: http://php.net/ChangeLog-5.php#5.6.33 ======================== Updated packages in core/updates_testing: ======================== libgd3-2.2.5-1.1.mga5 libgd-devel-2.2.5-1.1.mga5 libgd-static-devel-2.2.5-1.1.mga5 gd-utils-2.2.5-1.1.mga5 php-ini-5.6.33-1.mga5 apache-mod_php-5.6.33-1.mga5 php-cli-5.6.33-1.mga5 php-cgi-5.6.33-1.mga5 lib64php5_common5-5.6.33-1.mga5 php-devel-5.6.33-1.mga5 php-openssl-5.6.33-1.mga5 php-zlib-5.6.33-1.mga5 php-doc-5.6.33-1.mga5 php-bcmath-5.6.33-1.mga5 php-bz2-5.6.33-1.mga5 php-calendar-5.6.33-1.mga5 php-ctype-5.6.33-1.mga5 php-curl-5.6.33-1.mga5 php-dba-5.6.33-1.mga5 php-dom-5.6.33-1.mga5 php-enchant-5.6.33-1.mga5 php-exif-5.6.33-1.mga5 php-fileinfo-5.6.33-1.mga5 php-filter-5.6.33-1.mga5 php-ftp-5.6.33-1.mga5 php-gd-5.6.33-1.mga5 php-gettext-5.6.33-1.mga5 php-gmp-5.6.33-1.mga5 php-hash-5.6.33-1.mga5 php-iconv-5.6.33-1.mga5 php-imap-5.6.33-1.mga5 php-interbase-5.6.33-1.mga5 php-intl-5.6.33-1.mga5 php-json-5.6.33-1.mga5 php-ldap-5.6.33-1.mga5 php-mbstring-5.6.33-1.mga5 php-mcrypt-5.6.33-1.mga5 php-mssql-5.6.33-1.mga5 php-mysql-5.6.33-1.mga5 php-mysqli-5.6.33-1.mga5 php-mysqlnd-5.6.33-1.mga5 php-odbc-5.6.33-1.mga5 php-opcache-5.6.33-1.mga5 php-pcntl-5.6.33-1.mga5 php-pdo-5.6.33-1.mga5 php-pdo_dblib-5.6.33-1.mga5 php-pdo_firebird-5.6.33-1.mga5 php-pdo_mysql-5.6.33-1.mga5 php-pdo_odbc-5.6.33-1.mga5 php-pdo_pgsql-5.6.33-1.mga5 php-pdo_sqlite-5.6.33-1.mga5 php-pgsql-5.6.33-1.mga5 php-phar-5.6.33-1.mga5 php-posix-5.6.33-1.mga5 php-readline-5.6.33-1.mga5 php-recode-5.6.33-1.mga5 php-session-5.6.33-1.mga5 php-shmop-5.6.33-1.mga5 php-snmp-5.6.33-1.mga5 php-soap-5.6.33-1.mga5 php-sockets-5.6.33-1.mga5 php-sqlite3-5.6.33-1.mga5 php-sybase_ct-5.6.33-1.mga5 php-sysvmsg-5.6.33-1.mga5 php-sysvsem-5.6.33-1.mga5 php-sysvshm-5.6.33-1.mga5 php-tidy-5.6.33-1.mga5 php-tokenizer-5.6.33-1.mga5 php-xml-5.6.33-1.mga5 php-xmlreader-5.6.33-1.mga5 php-xmlrpc-5.6.33-1.mga5 php-xmlwriter-5.6.33-1.mga5 php-xsl-5.6.33-1.mga5 php-wddx-5.6.33-1.mga5 php-zip-5.6.33-1.mga5 php-fpm-5.6.33-1.mga5 phpdbg-5.6.33-1.mga5 php-debuginfo-5.6.33-1.mga5 from SRPMS: libgd-2.2.5-1.1.mga5.src.rpm php-5.6.33-1.mga5.src.rpm
Ran my usual test cases that use php-gd, php-dba, php-cgi, and sends an e-mail. All works fine on Mageia 5 x86_64.
Whiteboard: (none) => MGA5-64-OK
Another super-rapid & thorough OK, thanks David. Advisory + validate.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0085.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
php#75571 has been assigned CVE-2018-5711: https://lists.opensuse.org/opensuse-updates/2018-01/msg00114.html