본문 바로가기
취약점 정보1

PHP 다중

Ryansecurity 2014. 3. 24. 20:27
728x90

명칭 : PHP 다중
발령일시 : 3월23일
해당시스템 : 5.5
위험도 : ★★★★★
최초 보고자 : MDVSA-2014:059 
Mandriva Linux Security Advisory                         MDVSA-2014:059 
http://www.mandriva.com/en/support/security/ 
_______________________________________________________________________ 

Package : php 
Date    : March 14, 2014 
Affected: Business Server 1.0 
_______________________________________________________________________ 

Problem Description: 

Multiple vulnerabilities has been discovered and corrected in php: 

Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)). 

Fixed bug #66820 (out-of-bounds memory access in fileinfo 
(CVE-2014-2270)). 

Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer 
(CVE-2013-7327)). 

The updated php packages have been upgraded to the 5.5.10 version 
which is not vulnerable to these issues. 

The php-xdebug packages has been upgraded to the latest 2.2.4 version 
that resolves numerous upstream bugs. 

Additionally, the PECL packages which requires so has been rebuilt 
for php-5.5.10. 
_______________________________________________________________________ 

References: 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7327 
http://www.php.net/ChangeLog-5.php#5.5.10 
https://bugs.php.net/bug.php?id=66731 
https://bugs.php.net/bug.php?id=66820 
https://bugs.php.net/bug.php?id=66815 
http://pecl.php.net/package-changelog.php?package=xdebug&release=2.2.4 
_______________________________________________________________________ 

Updated Packages: 

Mandriva Business Server 1/X86_64: 
24737449ee336d5e9824e2f2ae543292  mbs1/x86_64/apache-mod_php-5.5.10-1.1.mbs1.x86_64.rpm 
0b922c54fa9223fecc8d35a5c7c8599e  mbs1/x86_64/lib64php5_common5-5.5.10-1.1.mbs1.x86_64.rpm 
7ee561479c57d59fd98a5501e9586500  mbs1/x86_64/php-apc-3.1.15-1.4.mbs1.x86_64.rpm 
eb7de5759296f86517f5edfd9d4436ca  mbs1/x86_64/php-apc-admin-3.1.15-1.4.mbs1.x86_64.rpm 
a1d9c94696da01a54ef8fdc514e87eeb  mbs1/x86_64/php-bcmath-5.5.10-1.1.mbs1.x86_64.rpm 
1b2cd506955bff2be731071a094c722f  mbs1/x86_64/php-bz2-5.5.10-1.1.mbs1.x86_64.rpm 
8960e53771c38895428275376133ad80  mbs1/x86_64/php-calendar-5.5.10-1.1.mbs1.x86_64.rpm 
76ae075f4cb8bbd735289a6c1d06fd7a  mbs1/x86_64/php-cgi-5.5.10-1.1.mbs1.x86_64.rpm 
12b695df15e1f8cb7b0a4dfe6c9aa088  mbs1/x86_64/php-cli-5.5.10-1.1.mbs1.x86_64.rpm 
f8f5f6b8ed7afaffe4893ee713198f96  mbs1/x86_64/php-ctype-5.5.10-1.1.mbs1.x86_64.rpm 
1950d33f015eefc8014070526758ee8e  mbs1/x86_64/php-curl-5.5.10-1.1.mbs1.x86_64.rpm 
9497d5da046377151644e93733cb074e  mbs1/x86_64/php-dba-5.5.10-1.1.mbs1.x86_64.rpm 
ac662e5ef7059d81cccb62c7bbe97901  mbs1/x86_64/php-devel-5.5.10-1.1.mbs1.x86_64.rpm 
87a743ba4947af120c24da6115c7e6db  mbs1/x86_64/php-doc-5.5.10-1.1.mbs1.noarch.rpm 
b941027ff5051dc2811b4263f6bf20b1  mbs1/x86_64/php-dom-5.5.10-1.1.mbs1.x86_64.rpm 
77c456007f9d6e330bfa514dc7e2c71c  mbs1/x86_64/php-enchant-5.5.10-1.1.mbs1.x86_64.rpm 
e14bbbfe6cbd0027eb92f2de676bda2b  mbs1/x86_64/php-exif-5.5.10-1.1.mbs1.x86_64.rpm 
016db3c40dafc614f69ed163870d0ba9  mbs1/x86_64/php-fileinfo-5.5.10-1.1.mbs1.x86_64.rpm 
800722c1127bf7f835fed88d5805612a  mbs1/x86_64/php-filter-5.5.10-1.1.mbs1.x86_64.rpm 
c25709c616879f64ca095493a250e49a  mbs1/x86_64/php-fpm-5.5.10-1.1.mbs1.x86_64.rpm 
dd3b14133c3e5e299976709acaba36f1  mbs1/x86_64/php-ftp-5.5.10-1.1.mbs1.x86_64.rpm 
33285cc7d2f89640c84a89c2d78d4c1c  mbs1/x86_64/php-gd-5.5.10-1.1.mbs1.x86_64.rpm 
98815ed19f6a439995c257c86d3fd8e7  mbs1/x86_64/php-gettext-5.5.10-1.1.mbs1.x86_64.rpm 
2c34c8d28d2bcf105deced29a743ce10  mbs1/x86_64/php-gmp-5.5.10-1.1.mbs1.x86_64.rpm 
66f17761f797c9ba5b9f64359df0e444  mbs1/x86_64/php-hash-5.5.10-1.1.mbs1.x86_64.rpm 
a9679cf58298c91fe11e9065888f3ecf  mbs1/x86_64/php-iconv-5.5.10-1.1.mbs1.x86_64.rpm 
44c8fd8cbd7a749ce405eafcb5cfaba0  mbs1/x86_64/php-imap-5.5.10-1.1.mbs1.x86_64.rpm 
de60f25c3e3da02a1ed96ea3c6b7d146  mbs1/x86_64/php-ini-5.5.10-1.1.mbs1.x86_64.rpm 
674171b2daf508b7709ec0fa39f3dadb  mbs1/x86_64/php-intl-5.5.10-1.1.mbs1.x86_64.rpm 
b4b75e252c03be45e1ea42d93cbb559d  mbs1/x86_64/php-json-5.5.10-1.1.mbs1.x86_64.rpm 
10071e1f44d3ec6500559211168c3b4a  mbs1/x86_64/php-ldap-5.5.10-1.1.mbs1.x86_64.rpm 
4b7e7d0a0b6adcca257a2fd124e62c58  mbs1/x86_64/php-mbstring-5.5.10-1.1.mbs1.x86_64.rpm 
19345fe51062884bd7c9ff80f49dcbdb  mbs1/x86_64/php-mcrypt-5.5.10-1.1.mbs1.x86_64.rpm 
e2a844b656f9ab03b731ad2f272b5d2b  mbs1/x86_64/php-mssql-5.5.10-1.1.mbs1.x86_64.rpm 
4fcf706c941176818fdfc995fba8209c  mbs1/x86_64/php-mysql-5.5.10-1.1.mbs1.x86_64.rpm 
46c3635f1e79e351b2d63d7be993557b  mbs1/x86_64/php-mysqli-5.5.10-1.1.mbs1.x86_64.rpm 
6b652b39093992140614a97e4633ee52  mbs1/x86_64/php-mysqlnd-5.5.10-1.1.mbs1.x86_64.rpm 
d8712b4ec5533dd53c3e1a6854a41612  mbs1/x86_64/php-odbc-5.5.10-1.1.mbs1.x86_64.rpm 
58da4457f76d98468fbc2216a82a6210  mbs1/x86_64/php-opcache-5.5.10-1.1.mbs1.x86_64.rpm 
67847c07b4d21ef262864d25a633d70a  mbs1/x86_64/php-openssl-5.5.10-1.1.mbs1.x86_64.rpm 
daf97d8271493a2ecbd18ad20a857bcf  mbs1/x86_64/php-pcntl-5.5.10-1.1.mbs1.x86_64.rpm 
4a6aed5d64de832c986caa41d4a99919  mbs1/x86_64/php-pdo-5.5.10-1.1.mbs1.x86_64.rpm 
38358c84106e4f5c86704c92f09a4852  mbs1/x86_64/php-pdo_dblib-5.5.10-1.1.mbs1.x86_64.rpm 
f5f013d46693b257672a53333c1d2aef  mbs1/x86_64/php-pdo_mysql-5.5.10-1.1.mbs1.x86_64.rpm 
a052eca4ad1c2fa1aa2cc5a492864959  mbs1/x86_64/php-pdo_odbc-5.5.10-1.1.mbs1.x86_64.rpm 
e5e592546df1d334c3bd8e26be14784e  mbs1/x86_64/php-pdo_pgsql-5.5.10-1.1.mbs1.x86_64.rpm 
bfe91133e7dd8ecd326d033f09156fd5  mbs1/x86_64/php-pdo_sqlite-5.5.10-1.1.mbs1.x86_64.rpm 
cec3e2d7281150e42c138375c7047392  mbs1/x86_64/php-pgsql-5.5.10-1.1.mbs1.x86_64.rpm 
45a7eefb527a69d733e121d6814e4294  mbs1/x86_64/php-phar-5.5.10-1.1.mbs1.x86_64.rpm 
093b385f0d0b46e3f6fd33f914548a0a  mbs1/x86_64/php-posix-5.5.10-1.1.mbs1.x86_64.rpm 
5864c26cd75dbe4f3c78b369081f0438  mbs1/x86_64/php-readline-5.5.10-1.1.mbs1.x86_64.rpm 
d0f41537a40bd91a5f1f3a8ca5fde200  mbs1/x86_64/php-recode-5.5.10-1.1.mbs1.x86_64.rpm 
ad5ab348291e6b2e5a4eb3bb33ce8a2f  mbs1/x86_64/php-session-5.5.10-1.1.mbs1.x86_64.rpm 
cf9882756cfc5ca36ceffe23a148bb47  mbs1/x86_64/php-shmop-5.5.10-1.1.mbs1.x86_64.rpm 
74b1621ca81142e93046925bed22a5e8  mbs1/x86_64/php-snmp-5.5.10-1.1.mbs1.x86_64.rpm 
80e3ba9497626214b3bcc2712f60ac5f  mbs1/x86_64/php-soap-5.5.10-1.1.mbs1.x86_64.rpm 
9de06a2dee1e54d7f42a33a17ca8205b  mbs1/x86_64/php-sockets-5.5.10-1.1.mbs1.x86_64.rpm 
c030bff618bbcb037e812ddb94649eb5  mbs1/x86_64/php-sqlite3-5.5.10-1.1.mbs1.x86_64.rpm 
b65a0c3e62630b815656e80da43a2480  mbs1/x86_64/php-sybase_ct-5.5.10-1.1.mbs1.x86_64.rpm 
be0694c255784a0a4f35f0e8d15f201b  mbs1/x86_64/php-sysvmsg-5.5.10-1.1.mbs1.x86_64.rpm 
80ad06376f143a770cfb5cba1d848af2  mbs1/x86_64/php-sysvsem-5.5.10-1.1.mbs1.x86_64.rpm 
20ee2f4ab2344649920c7ea75d251229  mbs1/x86_64/php-sysvshm-5.5.10-1.1.mbs1.x86_64.rpm 
756a95f3f9caf872ca3e656ae2c8f6e1  mbs1/x86_64/php-tidy-5.5.10-1.1.mbs1.x86_64.rpm 
ea69b8f0630a5016589c5340e9f8cb08  mbs1/x86_64/php-tokenizer-5.5.10-1.1.mbs1.x86_64.rpm 
9120358796e07a057bcb49b3f7a3287a  mbs1/x86_64/php-wddx-5.5.10-1.1.mbs1.x86_64.rpm 
140204bf0eb22cbaa71392c87217730b  mbs1/x86_64/php-xdebug-2.2.4-1.mbs1.x86_64.rpm 
d8f2b85bd082332a608612deeee0a527  mbs1/x86_64/php-xml-5.5.10-1.1.mbs1.x86_64.rpm 
1373b28914b0e1fc52d98e8599ab5286  mbs1/x86_64/php-xmlreader-5.5.10-1.1.mbs1.x86_64.rpm 
24767241f254b25cf40f22c5b42009d4  mbs1/x86_64/php-xmlrpc-5.5.10-1.1.mbs1.x86_64.rpm 
ebe5805c7fc2ba228019f461f666d53f  mbs1/x86_64/php-xmlwriter-5.5.10-1.1.mbs1.x86_64.rpm 
d8e5137af8780fb2aa1588d926ea5214  mbs1/x86_64/php-xsl-5.5.10-1.1.mbs1.x86_64.rpm 
8e7ec6219aa8ec67b7e34752266fd0c3  mbs1/x86_64/php-zip-5.5.10-1.1.mbs1.x86_64.rpm 
02eaebe931a02fa3b7aeee6f90078b59  mbs1/x86_64/php-zlib-5.5.10-1.1.mbs1.x86_64.rpm 
d32d95daec74ca968d0143f9bb4c39aa  mbs1/SRPMS/php-5.5.10-1.1.mbs1.src.rpm 
cef70e625abea16578f7234743896bae  mbs1/SRPMS/php-apc-3.1.15-1.4.mbs1.src.rpm 
015ce9f2892ee94a3a73a8a15bdc58fd  mbs1/SRPMS/php-xdebug-2.2.4-1.mbs1.src.rpm 
_______________________________________________________________________ 

To upgrade automatically use MandrivaUpdate or urpmi.  The verification 
of md5 checksums and GPG signatures is performed automatically for you. 

All packages are signed by Mandriva for security.  You can obtain the 
GPG public key of the Mandriva Security Team by executing: 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 

You can view other update advisories for Mandriva Linux at: 

http://www.mandriva.com/en/support/security/advisories/ 

If you want to report vulnerabilities, please contact 

security_(at)_mandriva.com 
_______________________________________________________________________ 

Type Bits/KeyID     Date       User ID 
pub  1024D/22458A98 2000-07-10 Mandriva Security Team 

-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.4.12 (GNU/Linux) 

iD8DBQFTIsvKmqjQ0CJFipgRApfjAKDHpy/8XvFn1A9/+/8RG+R6WCKbiwCfdgcv 
HD1vXz3eegn3ApmAVUKBfiE= 
=+nza 
-----END PGP SIGNATURE----- 

=====

========================================================================== 
Ubuntu Security Notice USN-2126-1 
March 03, 2014 

php5 vulnerabilities 
========================================================================== 

A security issue affects these releases of Ubuntu and its derivatives: 

- Ubuntu 13.10 
- Ubuntu 12.10 
- Ubuntu 12.04 LTS 
- Ubuntu 10.04 LTS 

Summary: 

Several security issues were fixed in PHP. 

Software Description: 
- php5: HTML-embedded scripting language interpreter 

Details: 

Bernd Melchers discovered that PHP's embedded libmagic library incorrectly 
handled indirect offset values. An attacker could use this issue to cause 
PHP to consume resources or crash, resulting in a denial of service. 
(CVE-2014-1943) 

It was discovered that PHP incorrectly handled certain values when using 
the imagecrop function. An attacker could possibly use this issue to cause 
PHP to crash, resulting in a denial of service, obtain sensitive 
information, or possibly execute arbitrary code. This issue only affected 
Ubuntu 13.10. (CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-2020) 

Update instructions: 

The problem can be corrected by updating your system to the following 
package versions: 

Ubuntu 13.10: 
libapache2-mod-php5             5.5.3+dfsg-1ubuntu2.2 
php5-cgi                        5.5.3+dfsg-1ubuntu2.2 
php5-cli                        5.5.3+dfsg-1ubuntu2.2 
php5-gd                         5.5.3+dfsg-1ubuntu2.2 

Ubuntu 12.10: 
libapache2-mod-php5             5.4.6-1ubuntu1.7 
php5-cgi                        5.4.6-1ubuntu1.7 
php5-cli                        5.4.6-1ubuntu1.7 
php5-gd                         5.4.6-1ubuntu1.7 

Ubuntu 12.04 LTS: 
libapache2-mod-php5             5.3.10-1ubuntu3.10 
php5-cgi                        5.3.10-1ubuntu3.10 
php5-cli                        5.3.10-1ubuntu3.10 
php5-gd                         5.3.10-1ubuntu3.10 

Ubuntu 10.04 LTS: 
libapache2-mod-php5             5.3.2-1ubuntu4.23 
php5-cgi                        5.3.2-1ubuntu4.23 
php5-cli                        5.3.2-1ubuntu4.23 
php5-gd                         5.3.2-1ubuntu4.23 

In general, a standard system update will make all the necessary changes. 

References: 
http://www.ubuntu.com/usn/usn-2126-1 
CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-1943, 
CVE-2014-2020 

Package Information: 
https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.2 
https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.7 
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.10 
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.23 




-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

728x90
저작자표시 비영리 변경금지

'취약점 정보1' 카테고리의 다른 글

microsoft word 2010 0 day attack  (0) 2014.03.25
2014-03월 2주차 주간 취약점 정보  (0) 2014.03.24
Fixing X.509 Certificates  (0) 2014.03.22
Ubuntu Security Notice USN-2151-1  (0) 2014.03.22
Cisco IOS Software Sup2T 서비스 거부 공격 보안업데이트 권고  (0) 2014.03.21

'취약점 정보1' Related Articles

티스토리툴바