Bug 22384 - PHP 5.6.33
Summary: PHP 5.6.33
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5-64-OK
Keywords: advisory, validated_update
Depends on: 22321
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-13 06:16 CET by David Walser
Modified: 2018-02-01 21:30 CET (History)
1 user (show)

See Also:
Source RPM: php-5.6.32-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-01-13 06:16:21 CET
+++ This bug was initially created as a clone of Bug #22321 +++

Upstream has released PHP 5.6.33 on Jan 4th:
http://php.net/archive/2018.php#id2018-01-04-4

It fixes a few security issues:
http://php.net/ChangeLog-5.php#5.6.33

Advisory:
========================

Updated php packages fix security vulnerabilities:

Potential infinite loop in gdImageCreateFromGifCtx (php#75571)
Reflected XSS in .phar 404 page (php#74782)

References:
http://php.net/ChangeLog-5.php#5.6.33
========================

Updated packages in core/updates_testing:
========================
libgd3-2.2.5-1.1.mga5
libgd-devel-2.2.5-1.1.mga5
libgd-static-devel-2.2.5-1.1.mga5
gd-utils-2.2.5-1.1.mga5
php-ini-5.6.33-1.mga5
apache-mod_php-5.6.33-1.mga5
php-cli-5.6.33-1.mga5
php-cgi-5.6.33-1.mga5
lib64php5_common5-5.6.33-1.mga5
php-devel-5.6.33-1.mga5
php-openssl-5.6.33-1.mga5
php-zlib-5.6.33-1.mga5
php-doc-5.6.33-1.mga5
php-bcmath-5.6.33-1.mga5
php-bz2-5.6.33-1.mga5
php-calendar-5.6.33-1.mga5
php-ctype-5.6.33-1.mga5
php-curl-5.6.33-1.mga5
php-dba-5.6.33-1.mga5
php-dom-5.6.33-1.mga5
php-enchant-5.6.33-1.mga5
php-exif-5.6.33-1.mga5
php-fileinfo-5.6.33-1.mga5
php-filter-5.6.33-1.mga5
php-ftp-5.6.33-1.mga5
php-gd-5.6.33-1.mga5
php-gettext-5.6.33-1.mga5
php-gmp-5.6.33-1.mga5
php-hash-5.6.33-1.mga5
php-iconv-5.6.33-1.mga5
php-imap-5.6.33-1.mga5
php-interbase-5.6.33-1.mga5
php-intl-5.6.33-1.mga5
php-json-5.6.33-1.mga5
php-ldap-5.6.33-1.mga5
php-mbstring-5.6.33-1.mga5
php-mcrypt-5.6.33-1.mga5
php-mssql-5.6.33-1.mga5
php-mysql-5.6.33-1.mga5
php-mysqli-5.6.33-1.mga5
php-mysqlnd-5.6.33-1.mga5
php-odbc-5.6.33-1.mga5
php-opcache-5.6.33-1.mga5
php-pcntl-5.6.33-1.mga5
php-pdo-5.6.33-1.mga5
php-pdo_dblib-5.6.33-1.mga5
php-pdo_firebird-5.6.33-1.mga5
php-pdo_mysql-5.6.33-1.mga5
php-pdo_odbc-5.6.33-1.mga5
php-pdo_pgsql-5.6.33-1.mga5
php-pdo_sqlite-5.6.33-1.mga5
php-pgsql-5.6.33-1.mga5
php-phar-5.6.33-1.mga5
php-posix-5.6.33-1.mga5
php-readline-5.6.33-1.mga5
php-recode-5.6.33-1.mga5
php-session-5.6.33-1.mga5
php-shmop-5.6.33-1.mga5
php-snmp-5.6.33-1.mga5
php-soap-5.6.33-1.mga5
php-sockets-5.6.33-1.mga5
php-sqlite3-5.6.33-1.mga5
php-sybase_ct-5.6.33-1.mga5
php-sysvmsg-5.6.33-1.mga5
php-sysvsem-5.6.33-1.mga5
php-sysvshm-5.6.33-1.mga5
php-tidy-5.6.33-1.mga5
php-tokenizer-5.6.33-1.mga5
php-xml-5.6.33-1.mga5
php-xmlreader-5.6.33-1.mga5
php-xmlrpc-5.6.33-1.mga5
php-xmlwriter-5.6.33-1.mga5
php-xsl-5.6.33-1.mga5
php-wddx-5.6.33-1.mga5
php-zip-5.6.33-1.mga5
php-fpm-5.6.33-1.mga5
phpdbg-5.6.33-1.mga5
php-debuginfo-5.6.33-1.mga5

from SRPMS:
libgd-2.2.5-1.1.mga5.src.rpm
php-5.6.33-1.mga5.src.rpm
Comment 1 David Walser 2018-01-13 20:14:12 CET
Ran my usual test cases that use php-gd, php-dba, php-cgi, and sends an e-mail.  All works fine on Mageia 5 x86_64.

Whiteboard: (none) => MGA5-64-OK

Comment 2 Lewis Smith 2018-01-14 17:18:53 CET
Another super-rapid & thorough OK, thanks David. Advisory + validate.

CC: (none) => sysadmin-bugs
Keywords: (none) => advisory, validated_update

Comment 3 Mageia Robot 2018-01-14 17:55:14 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0085.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 4 David Walser 2018-02-01 21:30:56 CET
php#75571 has been assigned CVE-2018-5711:
https://lists.opensuse.org/opensuse-updates/2018-01/msg00114.html

Note You need to log in before you can comment on or make changes to this bug.