[El-errata] ELSA-2015-1135 Important: Oracle Linux 7 php security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jun 23 12:34:54 PDT 2015 

Oracle Linux Security Advisory ELSA-2015-1135

http://linux.oracle.com/errata/ELSA-2015-1135.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/php-5.4.16-36.el7_1.src.rpm



Description of changes:

[5.4.16-36]
- fix more functions accept paths with NUL character #1213407

[5.4.16-35]
- core: fix multipart/form-data request can use excessive
   amount of CPU usage CVE-2015-4024
- fix various functions accept paths with NUL character
   CVE-2015-4025, CVE-2015-4026, #1213407
- fileinfo: fix denial of service when processing a crafted
   file #1213442
- ftp: fix integer overflow leading to heap overflow when
   reading FTP file listing CVE-2015-4022
- phar: fix buffer over-read in metadata parsing CVE-2015-2783
- phar: invalid pointer free() in phar_tar_process_metadata()
   CVE-2015-3307
- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
- phar: fix memory corruption in phar_parse_tarfile caused by
   empty entry file name CVE-2015-4021
- soap: fix type confusion through unserialize #1222538
- apache2handler: fix pipelined request executed in deinitialized
   interpreter under httpd 2.4 CVE-2015-3330

[5.4.16-34]
- fix memory corruption in fileinfo module on big endian
   machines #1082624
- fix segfault in pdo_odbc on x86_64 #1159892
- fix segfault in gmp allocator #1154760

[5.4.16-33]
- core: use after free vulnerability in unserialize()
   CVE-2014-8142 and CVE-2015-0231
- core: fix use-after-free in unserialize CVE-2015-2787
- core: fix NUL byte injection in file name argument of
   move_uploaded_file() CVE-2015-2348
- date: use after free vulnerability in unserialize CVE-2015-0273
- enchant: fix heap buffer overflow in enchant_broker_request_dict
   CVE-2014-9705
- exif: free called on unitialized pointer CVE-2015-0232
- fileinfo: fix out of bounds read in mconvert CVE-2014-9652
- gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709
- phar: use after free in phar_object.c CVE-2015-2301
- soap: fix type confusion through unserialize

[5.4.16-31]
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710

[5.4.16-29]
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670

[5.4.16-27]
- gd: fix NULL pointer dereference in gdImageCreateFromXpm().
   CVE-2014-2497
- gd: fix NUL byte injection in file names. CVE-2014-5120
- fileinfo: fix extensive backtracking in regular expression
   (incomplete fix for CVE-2013-7345). CVE-2014-3538
- fileinfo: fix mconvert incorrect handling of truncated
   pascal string size. CVE-2014-3478
- fileinfo: fix cdf_read_property_info
   (incomplete fix for CVE-2012-1571). CVE-2014-3587
- spl: fix use-after-free in ArrayIterator due to object
   change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670
- network: fix segfault in dns_get_record
   (incomplete fix for CVE-2014-4049). CVE-2014-3597

[5.4.16-25]
- fix segfault after startup on aarch64 (#1107567)
- compile php with -O3 on ppc64le (#1123499)

More information about the El-errata mailing list