[El-errata] ELSA-2015-1218 Moderate: Oracle Linux 6 php security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Jul 9 15:44:14 PDT 2015


Oracle Linux Security Advisory ELSA-2015-1218

http://linux.oracle.com/errata/ELSA-2015-1218.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
php-5.3.3-46.el6_6.i686.rpm
php-bcmath-5.3.3-46.el6_6.i686.rpm
php-cli-5.3.3-46.el6_6.i686.rpm
php-common-5.3.3-46.el6_6.i686.rpm
php-dba-5.3.3-46.el6_6.i686.rpm
php-devel-5.3.3-46.el6_6.i686.rpm
php-embedded-5.3.3-46.el6_6.i686.rpm
php-enchant-5.3.3-46.el6_6.i686.rpm
php-fpm-5.3.3-46.el6_6.i686.rpm
php-gd-5.3.3-46.el6_6.i686.rpm
php-imap-5.3.3-46.el6_6.i686.rpm
php-intl-5.3.3-46.el6_6.i686.rpm
php-ldap-5.3.3-46.el6_6.i686.rpm
php-mbstring-5.3.3-46.el6_6.i686.rpm
php-mysql-5.3.3-46.el6_6.i686.rpm
php-odbc-5.3.3-46.el6_6.i686.rpm
php-pdo-5.3.3-46.el6_6.i686.rpm
php-pgsql-5.3.3-46.el6_6.i686.rpm
php-process-5.3.3-46.el6_6.i686.rpm
php-pspell-5.3.3-46.el6_6.i686.rpm
php-recode-5.3.3-46.el6_6.i686.rpm
php-snmp-5.3.3-46.el6_6.i686.rpm
php-soap-5.3.3-46.el6_6.i686.rpm
php-tidy-5.3.3-46.el6_6.i686.rpm
php-xml-5.3.3-46.el6_6.i686.rpm
php-xmlrpc-5.3.3-46.el6_6.i686.rpm
php-zts-5.3.3-46.el6_6.i686.rpm

x86_64:
php-5.3.3-46.el6_6.x86_64.rpm
php-bcmath-5.3.3-46.el6_6.x86_64.rpm
php-cli-5.3.3-46.el6_6.x86_64.rpm
php-common-5.3.3-46.el6_6.x86_64.rpm
php-dba-5.3.3-46.el6_6.x86_64.rpm
php-devel-5.3.3-46.el6_6.x86_64.rpm
php-embedded-5.3.3-46.el6_6.x86_64.rpm
php-enchant-5.3.3-46.el6_6.x86_64.rpm
php-fpm-5.3.3-46.el6_6.x86_64.rpm
php-gd-5.3.3-46.el6_6.x86_64.rpm
php-imap-5.3.3-46.el6_6.x86_64.rpm
php-intl-5.3.3-46.el6_6.x86_64.rpm
php-ldap-5.3.3-46.el6_6.x86_64.rpm
php-mbstring-5.3.3-46.el6_6.x86_64.rpm
php-mysql-5.3.3-46.el6_6.x86_64.rpm
php-odbc-5.3.3-46.el6_6.x86_64.rpm
php-pdo-5.3.3-46.el6_6.x86_64.rpm
php-pgsql-5.3.3-46.el6_6.x86_64.rpm
php-process-5.3.3-46.el6_6.x86_64.rpm
php-pspell-5.3.3-46.el6_6.x86_64.rpm
php-recode-5.3.3-46.el6_6.x86_64.rpm
php-snmp-5.3.3-46.el6_6.x86_64.rpm
php-soap-5.3.3-46.el6_6.x86_64.rpm
php-tidy-5.3.3-46.el6_6.x86_64.rpm
php-xml-5.3.3-46.el6_6.x86_64.rpm
php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm
php-zts-5.3.3-46.el6_6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/php-5.3.3-46.el6_6.src.rpm



Description of changes:

[5.3.3-46]
- fix gzfile accept paths with NUL character #1213407
- fix patch for CVE-2015-4024

[5.3.3-45]
- fix more functions accept paths with NUL character #1213407

[5.3.3-44]
- soap: missing fix for #1222538 and #1204868

[5.3.3-43]
- core: fix multipart/form-data request can use excessive
   amount of CPU usage CVE-2015-4024
- fix various functions accept paths with NUL character
   CVE-2015-4026, #1213407
- ftp: fix integer overflow leading to heap overflow when
   reading FTP file listing CVE-2015-4022
- phar: fix buffer over-read in metadata parsing CVE-2015-2783
- phar: invalid pointer free() in phar_tar_process_metadata()
   CVE-2015-3307
- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
- phar: fix memory corruption in phar_parse_tarfile caused by
   empty entry file name CVE-2015-4021
- soap: more fix type confusion through unserialize #1222538

[5.3.3-42]
- soap: more fix type confusion through unserialize #1204868

[5.3.3-41]
- core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425
- core: fix use-after-free in unserialize CVE-2015-2787
- exif: fix free on unitialized pointer CVE-2015-0232
- gd: fix buffer read overflow in gd_gif.c CVE-2014-9709
- date: fix use after free vulnerability in unserialize CVE-2015-0273
- enchant: fix heap buffer overflow in enchant_broker_request_dict
   CVE-2014-9705
- phar: use after free in phar_object.c CVE-2015-2301
- soap: fix type confusion through unserialize






More information about the El-errata mailing list