LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2014:075: php Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been discovered and corrected in php: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:075
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : April 10, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in php:
 
 The BEGIN regular expression in the awk script detector in
 magic/Magdir/commands in file before 5.15 uses multiple wildcards
 with unlimited repetitions, which allows context-dependent attackers
 to cause a denial of service (CPU consumption) via a crafted ASCII
 file that triggers a large amount of backtracking, as demonstrated
 via a file with many newline characters (CVE-2013-7345).
 
 The updated php packages have been upgraded to the 5.5.11 version
 which is not vulnerable to this issue.
 
 Also, the timezonedb PHP PECL module has been updated to the latest
 2014.2 version.
 
 Additionally, the PECL packages which requires so has been rebuilt
 for php-5.5.11.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
 http://www.php.net/ChangeLog-5.php#5.5.11
 https://bugs.php.net/bug.php?id=66946
 http://pecl.php.net/package-info.php?package=timezonedb&version=2014.2
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 16ed2fc09e90bc53fb06ed816c0fa140  mbs1/x86_64/apache-mod_php-5.5.11-1.mbs1.x86_64.rpm
 36102c1cf2dd9869991e297ad0de02d7  mbs1/x86_64/lib64php5_common5-5.5.11-1.mbs1.x86_64.rpm
 939f614b9ff6253542f9951aa503df73  mbs1/x86_64/php-apc-3.1.15-1.5.mbs1.x86_64.rpm
 4f12b8911a81d72c0d00af50dd8d764a  mbs1/x86_64/php-apc-admin-3.1.15-1.5.mbs1.x86_64.rpm
 d643d3ba3067aa3ce7502b409b887283  mbs1/x86_64/php-bcmath-5.5.11-1.mbs1.x86_64.rpm
 b65cfcc605007fb8fa524e958f4f7646  mbs1/x86_64/php-bz2-5.5.11-1.mbs1.x86_64.rpm
 f6c8aa5157487d7cafc752bcde0ac390  mbs1/x86_64/php-calendar-5.5.11-1.mbs1.x86_64.rpm
 86895019ad8f973e2d760557e5cd4986  mbs1/x86_64/php-cgi-5.5.11-1.mbs1.x86_64.rpm
 92bf2522d78186cdfa57409c4b8aacdd  mbs1/x86_64/php-cli-5.5.11-1.mbs1.x86_64.rpm
 bb8389d66cec38bf60a5d9e8a83a5c89  mbs1/x86_64/php-ctype-5.5.11-1.mbs1.x86_64.rpm
 91612ba52d438038fb2efc780e8fc918  mbs1/x86_64/php-curl-5.5.11-1.mbs1.x86_64.rpm
 7d7add6de1cbfc494a958250a8f97e52  mbs1/x86_64/php-dba-5.5.11-1.mbs1.x86_64.rpm
 641b990d90ce503aa4421ad30adc54b5  mbs1/x86_64/php-devel-5.5.11-1.mbs1.x86_64.rpm
 b2ecf1be2db26609a6cd55235a7b8ccd  mbs1/x86_64/php-doc-5.5.11-1.mbs1.noarch.rpm
 a975c4eef72a1845ba97a949714e6762  mbs1/x86_64/php-dom-5.5.11-1.mbs1.x86_64.rpm
 10f18783c79266ee5568094a28a2ba5a  mbs1/x86_64/php-enchant-5.5.11-1.mbs1.x86_64.rpm
 0332e38cb7cec951b6981fcb999fd70e  mbs1/x86_64/php-exif-5.5.11-1.mbs1.x86_64.rpm
 1b283db4e724dab5df823d167fb83d9a  mbs1/x86_64/php-fileinfo-5.5.11-1.mbs1.x86_64.rpm
 14035bdf19fb27800279594087f1d02b  mbs1/x86_64/php-filter-5.5.11-1.mbs1.x86_64.rpm
 13e40d627ca8a411fd5bf9660ce13a33  mbs1/x86_64/php-fpm-5.5.11-1.mbs1.x86_64.rpm
 98178363d0318ce1c4e2ad9cde1e7761  mbs1/x86_64/php-ftp-5.5.11-1.mbs1.x86_64.rpm
 85c5fc107153728574c3e1e7e7726ce8  mbs1/x86_64/php-gd-5.5.11-1.mbs1.x86_64.rpm
 2fc95f9e20d873fbcc2fcee97b0c143c  mbs1/x86_64/php-gettext-5.5.11-1.mbs1.x86_64.rpm
 8b92121cb100980154b6a48590b0b2c2  mbs1/x86_64/php-gmp-5.5.11-1.mbs1.x86_64.rpm
 c340d4520fe9deca52b294dcb029d639  mbs1/x86_64/php-hash-5.5.11-1.mbs1.x86_64.rpm
 b2a90062d1fefcf84bea47442b918afc  mbs1/x86_64/php-iconv-5.5.11-1.mbs1.x86_64.rpm
 1d31d383ada26918566594bcf5c52ddd  mbs1/x86_64/php-imap-5.5.11-1.mbs1.x86_64.rpm
 6f26ab38a5462345486d35e27feb5461  mbs1/x86_64/php-ini-5.5.11-1.mbs1.x86_64.rpm
 fa6416fd0615364928175e9bd14ea79f  mbs1/x86_64/php-intl-5.5.11-1.mbs1.x86_64.rpm
 fbbd41fb923f5cdcfd83138d84e29307  mbs1/x86_64/php-json-5.5.11-1.mbs1.x86_64.rpm
 3200e7a1703d9951d77a8324ecac9789  mbs1/x86_64/php-ldap-5.5.11-1.mbs1.x86_64.rpm
 7e771159e8c0037c56e847cb6364af5e  mbs1/x86_64/php-mbstring-5.5.11-1.mbs1.x86_64.rpm
 ecfd924b6385be14f469e0bc73b63504  mbs1/x86_64/php-mcrypt-5.5.11-1.mbs1.x86_64.rpm
 c254ebda44d66c09ddeafc466b2b9d2d  mbs1/x86_64/php-mssql-5.5.11-1.mbs1.x86_64.rpm
 b62000cea2d5c1a9407661e0d6a89082  mbs1/x86_64/php-mysql-5.5.11-1.mbs1.x86_64.rpm
 dc6fc6ac7403500826b32e39deb734de  mbs1/x86_64/php-mysqli-5.5.11-1.mbs1.x86_64.rpm
 222a101e0a866ecb377a8e98240c626e  mbs1/x86_64/php-mysqlnd-5.5.11-1.mbs1.x86_64.rpm
 a6855f7058d020e0826a944a5eb4701b  mbs1/x86_64/php-odbc-5.5.11-1.mbs1.x86_64.rpm
 16ecefb5d132629203b3cae6e1ad0365  mbs1/x86_64/php-opcache-5.5.11-1.mbs1.x86_64.rpm
 2e7843d9f5de5476d78631daf48f7b91  mbs1/x86_64/php-openssl-5.5.11-1.mbs1.x86_64.rpm
 5e3bfc19b707bbcc0ec8a4b73b4bf5e0  mbs1/x86_64/php-pcntl-5.5.11-1.mbs1.x86_64.rpm
 63c7e9dd81e251c0e33cd8125ceccc01  mbs1/x86_64/php-pdo-5.5.11-1.mbs1.x86_64.rpm
 34eb4f845e55596dc306628b3305365a  mbs1/x86_64/php-pdo_dblib-5.5.11-1.mbs1.x86_64.rpm
 45a5868c8fdc4c8686dc3a37b287f680  mbs1/x86_64/php-pdo_mysql-5.5.11-1.mbs1.x86_64.rpm
 3aa84d78c33d3f0ade5cc336f4ddc54f  mbs1/x86_64/php-pdo_odbc-5.5.11-1.mbs1.x86_64.rpm
 8105e546c9a5dcfbbc77a6539d958656  mbs1/x86_64/php-pdo_pgsql-5.5.11-1.mbs1.x86_64.rpm
 0bf676b14fb71998bbd4ae736d44e427  mbs1/x86_64/php-pdo_sqlite-5.5.11-1.mbs1.x86_64.rpm
 ec5fffcd317ef6dad72d5a8eb228a781  mbs1/x86_64/php-pgsql-5.5.11-1.mbs1.x86_64.rpm
 8418411e94dba011bc9ae65abc451c9f  mbs1/x86_64/php-phar-5.5.11-1.mbs1.x86_64.rpm
 ea9fe59ef772a6f5ae0c4cdc3d925df3  mbs1/x86_64/php-posix-5.5.11-1.mbs1.x86_64.rpm
 4e87b9158cc327ec8584c5f1f18ea5bd  mbs1/x86_64/php-readline-5.5.11-1.mbs1.x86_64.rpm
 bf67065b17dc90aec02101e1f6a1fe12  mbs1/x86_64/php-recode-5.5.11-1.mbs1.x86_64.rpm
 b3d295b2cee95e6db981bf69cebdcf8d  mbs1/x86_64/php-session-5.5.11-1.mbs1.x86_64.rpm
 e4ed6b201e8555c69ec79bb6fef7b737  mbs1/x86_64/php-shmop-5.5.11-1.mbs1.x86_64.rpm
 2dc01d80b4bcc79268b817dec4f1ac7f  mbs1/x86_64/php-snmp-5.5.11-1.mbs1.x86_64.rpm
 0c5d69ac26d2ecd66c344c0b07931adf  mbs1/x86_64/php-soap-5.5.11-1.mbs1.x86_64.rpm
 9736bb0582d98950b8354e930cdc0057  mbs1/x86_64/php-sockets-5.5.11-1.mbs1.x86_64.rpm
 1e654a8e206ac84e90c687070e260720  mbs1/x86_64/php-sqlite3-5.5.11-1.mbs1.x86_64.rpm
 2e5d8704d2f502983fa688f5d92dd2a4  mbs1/x86_64/php-sybase_ct-5.5.11-1.mbs1.x86_64.rpm
 1801cb584c4d2f141fd054fb255a4307  mbs1/x86_64/php-sysvmsg-5.5.11-1.mbs1.x86_64.rpm
 01364f0dd27263317822171be37f1a7c  mbs1/x86_64/php-sysvsem-5.5.11-1.mbs1.x86_64.rpm
 f27e00bf706fa407680c762cd8cf7788  mbs1/x86_64/php-sysvshm-5.5.11-1.mbs1.x86_64.rpm
 4f3f79fa12958c1044a2514e04a23908  mbs1/x86_64/php-tidy-5.5.11-1.mbs1.x86_64.rpm
 d0b34a1aefd946b4b4b6a7d59ecefc8f  mbs1/x86_64/php-timezonedb-2014.2-1.mbs1.x86_64.rpm
 db588b5b423d27875a50b6a92197d33d  mbs1/x86_64/php-tokenizer-5.5.11-1.mbs1.x86_64.rpm
 1a82dc5f4ddec40bbfd2b594d23e80d7  mbs1/x86_64/php-wddx-5.5.11-1.mbs1.x86_64.rpm
 31eb0192e5b8c52f22e8a01622c87152  mbs1/x86_64/php-xml-5.5.11-1.mbs1.x86_64.rpm
 aebf69513f62f408b3bf7f4e54b28824  mbs1/x86_64/php-xmlreader-5.5.11-1.mbs1.x86_64.rpm
 baf3a06386cde133624e5d4352f853c2  mbs1/x86_64/php-xmlrpc-5.5.11-1.mbs1.x86_64.rpm
 d11f54ca7a2903792c154f093d389309  mbs1/x86_64/php-xmlwriter-5.5.11-1.mbs1.x86_64.rpm
 d066a70f2e583dd942cc8233f54a22b4  mbs1/x86_64/php-xsl-5.5.11-1.mbs1.x86_64.rpm
 4f83d31b5c4c12224e71f18a6018c16e  mbs1/x86_64/php-zip-5.5.11-1.mbs1.x86_64.rpm
 96c42a96495277ae0a3b48a6f26c8f29  mbs1/x86_64/php-zlib-5.5.11-1.mbs1.x86_64.rpm 
 588931015052c626e59afe073a65e541  mbs1/SRPMS/php-5.5.11-1.mbs1.src.rpm
 7f6426086bb10698b030fec57331e234  mbs1/SRPMS/php-apc-3.1.15-1.5.mbs1.src.rpm
 966921bc3a9642e2056e79cd3db761c3  mbs1/SRPMS/php-timezonedb-2014.2-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Honeypot Snares Two Bots Exploiting Bash Vulnerability
CloudFlare Rolls Out Free SSL
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.