php (SL6)

By Scientific Linux Team on July 9, 2015

Synopsis: Moderate: php security update
Advisory ID: SLSA-2015:1218-1
Issue Date: 2015-07-09
CVE Numbers: CVE-2015-0232
CVE-2014-9709
CVE-2015-0273
CVE-2014-9705
CVE-2015-2301
CVE-2015-4147
CVE-2015-2787
CVE-2015-4148
CVE-2015-3411
CVE-2015-2783
CVE-2015-3329
CVE-2015-4024
CVE-2015-4599
CVE-2015-4600
CVE-2015-4601
CVE-2015-4022
CVE-2015-4026
CVE-2015-4021
CVE-2015-3307
CVE-2015-3412
CVE-2015-4598
CVE-2015-4603
CVE-2015-4602
CVE-2014-9425

A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of
CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP’s Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using
the exif_read_data() function to crash or, possibly, execute arbitrary
code with the privileges of the user running that PHP application.
(CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP’s FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,
CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,
CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this
flaw to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,
CVE-2015-4598)

Multiple flaws were found in the way the way PHP’s Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP’s enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application
using the imagecreatefromgif() function to crash. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function
in the PHP ZTS module. This flaw could possibly cause a PHP application to
crash. (CVE-2014-9425)

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

SL6
x86_64
php-5.3.3-46.el6_6.x86_64.rpm
php-bcmath-5.3.3-46.el6_6.x86_64.rpm
php-cli-5.3.3-46.el6_6.x86_64.rpm
php-common-5.3.3-46.el6_6.x86_64.rpm
php-dba-5.3.3-46.el6_6.x86_64.rpm
php-debuginfo-5.3.3-46.el6_6.x86_64.rpm
php-devel-5.3.3-46.el6_6.x86_64.rpm
php-embedded-5.3.3-46.el6_6.x86_64.rpm
php-enchant-5.3.3-46.el6_6.x86_64.rpm
php-fpm-5.3.3-46.el6_6.x86_64.rpm
php-gd-5.3.3-46.el6_6.x86_64.rpm
php-imap-5.3.3-46.el6_6.x86_64.rpm
php-intl-5.3.3-46.el6_6.x86_64.rpm
php-ldap-5.3.3-46.el6_6.x86_64.rpm
php-mbstring-5.3.3-46.el6_6.x86_64.rpm
php-mysql-5.3.3-46.el6_6.x86_64.rpm
php-odbc-5.3.3-46.el6_6.x86_64.rpm
php-pdo-5.3.3-46.el6_6.x86_64.rpm
php-pgsql-5.3.3-46.el6_6.x86_64.rpm
php-process-5.3.3-46.el6_6.x86_64.rpm
php-pspell-5.3.3-46.el6_6.x86_64.rpm
php-recode-5.3.3-46.el6_6.x86_64.rpm
php-snmp-5.3.3-46.el6_6.x86_64.rpm
php-soap-5.3.3-46.el6_6.x86_64.rpm
php-tidy-5.3.3-46.el6_6.x86_64.rpm
php-xml-5.3.3-46.el6_6.x86_64.rpm
php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm
php-zts-5.3.3-46.el6_6.x86_64.rpm
i386
php-5.3.3-46.el6_6.i686.rpm
php-bcmath-5.3.3-46.el6_6.i686.rpm
php-cli-5.3.3-46.el6_6.i686.rpm
php-common-5.3.3-46.el6_6.i686.rpm
php-dba-5.3.3-46.el6_6.i686.rpm
php-debuginfo-5.3.3-46.el6_6.i686.rpm
php-devel-5.3.3-46.el6_6.i686.rpm
php-embedded-5.3.3-46.el6_6.i686.rpm
php-enchant-5.3.3-46.el6_6.i686.rpm
php-fpm-5.3.3-46.el6_6.i686.rpm
php-gd-5.3.3-46.el6_6.i686.rpm
php-imap-5.3.3-46.el6_6.i686.rpm
php-intl-5.3.3-46.el6_6.i686.rpm
php-ldap-5.3.3-46.el6_6.i686.rpm
php-mbstring-5.3.3-46.el6_6.i686.rpm
php-mysql-5.3.3-46.el6_6.i686.rpm
php-odbc-5.3.3-46.el6_6.i686.rpm
php-pdo-5.3.3-46.el6_6.i686.rpm
php-pgsql-5.3.3-46.el6_6.i686.rpm
php-process-5.3.3-46.el6_6.i686.rpm
php-pspell-5.3.3-46.el6_6.i686.rpm
php-recode-5.3.3-46.el6_6.i686.rpm
php-snmp-5.3.3-46.el6_6.i686.rpm
php-soap-5.3.3-46.el6_6.i686.rpm
php-tidy-5.3.3-46.el6_6.i686.rpm
php-xml-5.3.3-46.el6_6.i686.rpm
php-xmlrpc-5.3.3-46.el6_6.i686.rpm
php-zts-5.3.3-46.el6_6.i686.rpm

– Scientific Linux Development Team