From Mageia wiki
Jump to: navigation, search

MGASA-2012-0186

Date: July 30th, 2012
Affected releases: 1, 2


Description:
Updated php packages fix security vulnerabilities:

Unspecified vulnerability in the _php_stream_scandir function in the
stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5
has unknown impact and remote attack vectors, related to an overflow
(CVE-2012-2688).

The SQLite functionality in PHP before 5.3.15 allows remote attackers
to bypass the open_basedir protection mechanism via unspecified vectors
(CVE-2012-3365).

The updated packages have been upgraded to the 5.3.15 version which
is not vulnerable to these issues.

Additionally, the php-timezonedb package has been upgraded to the
latest version as well.

Finally, apache-mod_php in Mageia 2 now requires apache, so that it
will provide a fully functioning web server.


Updated Packages:
Mageia 1:
php-ini-5.3.15-1.mga1
php-cli-5.3.15-1.mga1
php-cgi-5.3.15-1.mga1
php-fpm-5.3.15-1.mga1
apache-mod_php-5.3.15-1.mga1
lib(64)php5_common5-5.3.15-1.mga1
php-devel-5.3.15-1.mga1
php-openssl-5.3.15-1.mga1
php-zlib-5.3.15-1.mga1
php-doc-5.3.15-1.mga1
php-bcmath-5.3.15-1.mga1
php-bz2-5.3.15-1.mga1
php-calendar-5.3.15-1.mga1
php-ctype-5.3.15-1.mga1
php-curl-5.3.15-1.mga1
php-dba-5.3.15-1.mga1
php-dom-5.3.15-1.mga1
php-enchant-5.3.15-1.mga1
php-exif-5.3.15-1.mga1
php-fileinfo-5.3.15-1.mga1
php-filter-5.3.15-1.mga1
php-ftp-5.3.15-1.mga1
php-gd-5.3.15-1.mga1
php-gettext-5.3.15-1.mga1
php-gmp-5.3.15-1.mga1
php-hash-5.3.15-1.mga1
php-iconv-5.3.15-1.mga1
php-imap-5.3.15-1.mga1
php-intl-5.3.15-1.mga1
php-json-5.3.15-1.mga1
php-ldap-5.3.15-1.mga1
php-mbstring-5.3.15-1.mga1
php-mcrypt-5.3.15-1.mga1
php-mssql-5.3.15-1.mga1
php-mysql-5.3.15-1.mga1
php-mysqli-5.3.15-1.mga1
php-mysqlnd-5.3.15-1.mga1
php-odbc-5.3.15-1.mga1
php-pcntl-5.3.15-1.mga1
php-pdo-5.3.15-1.mga1
php-pdo_dblib-5.3.15-1.mga1
php-pdo_mysql-5.3.15-1.mga1
php-pdo_odbc-5.3.15-1.mga1
php-pdo_pgsql-5.3.15-1.mga1
php-pdo_sqlite-5.3.15-1.mga1
php-pgsql-5.3.15-1.mga1
php-phar-5.3.15-1.mga1
php-posix-5.3.15-1.mga1
php-pspell-5.3.15-1.mga1
php-readline-5.3.15-1.mga1
php-recode-5.3.15-1.mga1
php-session-5.3.15-1.mga1
php-shmop-5.3.15-1.mga1
php-snmp-5.3.15-1.mga1
php-soap-5.3.15-1.mga1
php-sockets-5.3.15-1.mga1
php-sqlite3-5.3.15-1.mga1
php-sqlite-5.3.15-1.mga1
php-sybase_ct-5.3.15-1.mga1
php-sysvmsg-5.3.15-1.mga1
php-sysvsem-5.3.15-1.mga1
php-sysvshm-5.3.15-1.mga1
php-tidy-5.3.15-1.mga1
php-tokenizer-5.3.15-1.mga1
php-xml-5.3.15-1.mga1
php-xmlreader-5.3.15-1.mga1
php-xmlrpc-5.3.15-1.mga1
php-xmlwriter-5.3.15-1.mga1
php-xsl-5.3.15-1.mga1
php-wddx-5.3.15-1.mga1
php-zip-5.3.15-1.mga1
php-gd-bundled-5.3.15-1.mga1
php-eaccelerator-0.9.6.1-6.7.mga1
php-eaccelerator-admin-0.9.6.1-6.7.mga1
php-timezonedb-2012.4-1.mga1

Mageia 2:
php-ini-5.3.15-1.mga2
php-cli-5.3.15-1.mga2
php-cgi-5.3.15-1.mga2
php-fpm-5.3.15-1.mga2
php-devel-5.3.15-1.mga2
php-openssl-5.3.15-1.mga2
php-zlib-5.3.15-1.mga2
php-bcmath-5.3.15-1.mga2
php-bz2-5.3.15-1.mga2
php-calendar-5.3.15-1.mga2
php-ctype-5.3.15-1.mga2
php-curl-5.3.15-1.mga2
php-dba-5.3.15-1.mga2
php-dom-5.3.15-1.mga2
php-enchant-5.3.15-1.mga2
php-exif-5.3.15-1.mga2
php-fileinfo-5.3.15-1.mga2
php-filter-5.3.15-1.mga2
php-ftp-5.3.15-1.mga2
php-gd-5.3.15-1.mga2
php-gettext-5.3.15-1.mga2
php-gmp-5.3.15-1.mga2
php-hash-5.3.15-1.mga2
php-iconv-5.3.15-1.mga2
php-imap-5.3.15-1.mga2
php-intl-5.3.15-1.mga2
php-json-5.3.15-1.mga2
php-ldap-5.3.15-1.mga2
php-mbstring-5.3.15-1.mga2
php-mcrypt-5.3.15-1.mga2
php-mssql-5.3.15-1.mga2
php-mysql-5.3.15-1.mga2
php-mysqli-5.3.15-1.mga2
php-mysqlnd-5.3.15-1.mga2
php-odbc-5.3.15-1.mga2
php-pcntl-5.3.15-1.mga2
php-pdo-5.3.15-1.mga2
php-pdo_dblib-5.3.15-1.mga2
php-pdo_mysql-5.3.15-1.mga2
php-pdo_odbc-5.3.15-1.mga2
php-pdo_pgsql-5.3.15-1.mga2
php-pdo_sqlite-5.3.15-1.mga2
php-pgsql-5.3.15-1.mga2
php-phar-5.3.15-1.mga2
php-posix-5.3.15-1.mga2
php-readline-5.3.15-1.mga2
php-recode-5.3.15-1.mga2
php-session-5.3.15-1.mga2
php-shmop-5.3.15-1.mga2
php-snmp-5.3.15-1.mga2
php-soap-5.3.15-1.mga2
php-sockets-5.3.15-1.mga2
php-sqlite3-5.3.15-1.mga2
php-sqlite-5.3.15-1.mga2
php-sybase_ct-5.3.15-1.mga2
php-sysvmsg-5.3.15-1.mga2
php-sysvsem-5.3.15-1.mga2
php-sysvshm-5.3.15-1.mga2
php-tidy-5.3.15-1.mga2
php-tokenizer-5.3.15-1.mga2
php-xml-5.3.15-1.mga2
php-xmlreader-5.3.15-1.mga2
php-xmlrpc-5.3.15-1.mga2
php-xmlwriter-5.3.15-1.mga2
php-xsl-5.3.15-1.mga2
php-wddx-5.3.15-1.mga2
php-zip-5.3.15-1.mga2
php-gd-bundled-5.3.15-1.mga2
php-eaccelerator-0.9.6.1-10.2.mga2
php-eaccelerator-admin-0.9.6.1-10.2.mga2
php-timezonedb-2012.4-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3365
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:108
https://bugs.mageia.org/show_bug.cgi?id=6857

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2012-0186&oldid=9891"