Red Hat Customer Portal

Skip to main content

Security Advisory Important: php55-php security update

Advisory: RHSA-2014:1766-1
Type: Security Advisory
Severity: Important
Issued on: 2014-10-30
Last updated on: 2014-10-30
Affected Products: Red Hat Software Collections 1 for RHEL 6
Red Hat Software Collections 1 for RHEL 7
CVEs (cve.mitre.org): CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-2497
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3515
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
CVE-2014-3710
CVE-2014-4049
CVE-2014-4670
CVE-2014-4698
CVE-2014-4721
CVE-2014-5120

Details

Updated php55-php packages that fix multiple security issues are now
available for Red Hat Software Collections 1.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A buffer overflow flaw was found in the Exif extension. A specially crafted
JPEG or TIFF file could cause a PHP application using the exif_thumbnail()
function to crash or, possibly, execute arbitrary code. (CVE-2014-3670)

Multiple buffer overflow flaws were found in the way PHP parsed DNS
responses. A malicious DNS server or a man-in-the-middle attacker could
use these flaws to crash or, possibly, execute arbitrary code with the
privileges of a PHP application that uses the dns_get_record() function.
(CVE-2014-4049, CVE-2014-3597)

Multiple denial of service flaws were found in the File Information
(fileinfo) extension. A remote attacker could use these flaws to cause a
PHP application using fileinfo to consume an excessive amount of CPU and
possibly crash. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3538)

Multiple boundary check flaws were found in the File Information (fileinfo)
extension. A remote attacker could use these flaws to cause a PHP
application using fileinfo to crash. (CVE-2014-0207, CVE-2014-3478,
CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587, CVE-2014-3710)

A type confusion issue was found in PHP's phpinfo() function. A malicious
script author could possibly use this flaw to disclose certain portions of
server memory. (CVE-2014-4721)

A type confusion issue was found in the SPL ArrayObject and
SPLObjectStorage classes' unserialize() method. A remote attacker able to
submit specially crafted input to a PHP application, which would then
unserialize this input using one of the aforementioned methods, could use
this flaw to execute arbitrary code with the privileges of the user running
that PHP application. (CVE-2014-3515)

Two use-after-free flaws were found in the way PHP handled certain Standard
PHP Library (SPL) Iterators and ArrayIterators. A malicious script author
could possibly use either of these flaws to disclose certain portions of
server memory. (CVE-2014-4670, CVE-2014-4698)

An integer overflow flaw was found in the way custom objects were
unserialized. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash. (CVE-2014-3669)

It was found that PHP's gd extension did not properly handle file names
with a null character. A remote attacker could possibly use this flaw to
make a PHP application access unexpected files and bypass intended file
system access restrictions. (CVE-2014-5120)

A NULL pointer dereference flaw was found in the gdImageCreateFromXpm()
function of PHP's gd extension. A remote attacker could use this flaw to
crash a PHP application using gd via a specially crafted X PixMap (XPM)
file. (CVE-2014-2497)

An out of bounds read flaw was found in the way the xmlrpc extension parsed
dates in the ISO 8601 format. A specially crafted XML-RPC request or
response could possibly cause a PHP application to crash. (CVE-2014-3668)

The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478,
CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were
discovered by Francisco Alonso of Red Hat Product Security; the
CVE-2014-3538 issue was discovered by Jan Kaluža of the Red Hat Web Stack
Team; the CVE-2014-3597 issue was discovered by David Kutálek of Red Hat
BaseOS QE.

All php55-php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd24-httpd service must be restarted for the
update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Updated packages

Red Hat Software Collections 1 for RHEL 6

SRPMS:
php55-php-5.5.6-13.el6.src.rpm
File outdated by:  RHSA-2015:1186
    MD5: 2c3a930e524531a00e06f03a06a68060
SHA-256: 2e6381418b3fec90a93a70b468ed11bbb6963625c0fd8073456e41bf65e69c3b
 
x86_64:
php55-php-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: ccb53e5c81da62a8502c4820eb275658
SHA-256: de3c5207e039ddb6d40202427f2de5dd2901518f74b29a27d37df99fd9911af9
php55-php-bcmath-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: fe51ad1c7a6014c5bffe67cd23d19e6c
SHA-256: 9600ade135ae9539f2e6ba3770c566071b25624fd5a04e48b47ea3c8ce15e2b3
php55-php-cli-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 6f3a04d2e66b7c0c546f0de3cdf6d560
SHA-256: 0ecdf841aa5f658279a9e6936ec6585b9fa4f76c43677ab57b222c06b6724c71
php55-php-common-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: e97306f92e3322738e97c136aba51b72
SHA-256: 0de5d0a0905c2d3f5b826a6c17ac8ea95b2dce10522d690ebdfe04b09c9fa3a4
php55-php-dba-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 8f314d4a5dec56574ab4c721dba022a7
SHA-256: 227d3aff80be32352f6fadf50a08166c1b7e487bd7be29ead5dff76c4ccdb50b
php55-php-debuginfo-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 602ad04694b9126e6a81b776a0c2a2c5
SHA-256: d9c45fb68a9d118211cdaf5e89f8716b1a2af1c18927fdfc9a1bf36134494176
php55-php-devel-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: c14f70badc20dbc50c45bd7fe63ed4bf
SHA-256: 943dfd10fb5dda9f5f291cd3a306967eb03549c3cce202ae534c623d5fb176e0
php55-php-enchant-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 8ce0d09195a42723db41ec56527bddd5
SHA-256: fc4c6cffcee389d49c5486115748812008ea6c2a8e0a127746ba1549ad599bcf
php55-php-fpm-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: bf1c693ce23e7d4bcb5e6ac2da928bd7
SHA-256: 058c10ecad2d33a66af00dd5f5942f4d0352be3f53f2eadc398fff407846cc05
php55-php-gd-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 8b7100f9f7bf19d9c487745260052e13
SHA-256: c4b0e2c4f1ecc7aae2a0f087141db7089294c0b6549f6f94b8fe524cde5871bf
php55-php-gmp-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 7b3c7e5b2536673d12aef901cf7a6ebf
SHA-256: f21825194291e461473123fdfac451044ca3b96e20b8043ec61f4ef03ef59270
php55-php-imap-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 6c53a44616a6f65bd1488fbe16ac9df5
SHA-256: d431164653301e1938fceb27bee88d281bd25c97e220a672135c06e355a99e61
php55-php-intl-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 8f47864af11adb7dce67e4b5663b255f
SHA-256: 32f38670d710167fda0551d8f2cbe561d69834de3d60a2eed61a95a121da5fbe
php55-php-ldap-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 1aed63233e598209700a909835fdabf5
SHA-256: ab2b5cb6479d7c22d985fc2c275e848e3aab33b9de3fa2094f77a7834d128ad6
php55-php-mbstring-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: b237027a495cde5c8e22fe977e23d03a
SHA-256: e3241ee3b8a5e75f2a62addb58b3cdef03a9ccd7bb71fa59d0c062dec4b9e2aa
php55-php-mysqlnd-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: fc2bf445ae31b19b82aed12575b2dac6
SHA-256: 7a38b4383470d2feb88a69f9fc5dc008736391e20fc92d57634b83d811810658
php55-php-odbc-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: c21b08d7e9caad20a4e58076ebe54585
SHA-256: cc8ccb017f6920e2650c393fa850835cb7e5c6e3210b72594d4992bc935b3296
php55-php-opcache-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 029f81bd8975fbbf66fa42433e615db4
SHA-256: 3c6e295bf05b6fb6d032096330ab6f215da463c50b340e143250a42d92ed81f8
php55-php-pdo-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 89d68cde2a1bc831cc629000b164c2c0
SHA-256: f327ede1d87bff61c63a7ab781ccc17f86e82c3b6e882042dfc2a3bd83794258
php55-php-pgsql-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 6e82fac03b6eafa504061fac45a5ed27
SHA-256: 46a97a12f5f641b347b7de00f5113303ede3f061b251f689b1ce13ab4df9b6bb
php55-php-process-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: e8f04ddd620952359efa6cbe7217e996
SHA-256: 432cac29a7b71ad22737e7fb8b86133897aa142234c13199826c997ec4696b31
php55-php-pspell-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 0efff4357a03b02a253498b6d4372c87
SHA-256: faaefa4e923086d42880b6bf8c104d3ce72a92359841d39ed3a45babce32f0bd
php55-php-recode-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: dea0b9cfb6eb05c1bd80c44eafa401d7
SHA-256: dc0985859b7f99445a4e1ff66e288cf927ce0fc05d0facdd05f94092d7594a56
php55-php-snmp-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 8854439b3f565569230b01ae00d23883
SHA-256: 0d8225d3a4c2933f8a948fbf669eb1f908d9dc27ea09fc6630b7fa2145330abe
php55-php-soap-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 90bbf63b0bb77bd03d576afc29789420
SHA-256: 36057b7a7f5bb6204f3ea30b1a8eb432e88e5ea0eda0f6bfd58d6521e79f4eeb
php55-php-tidy-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 01db9654375a3e69c75b67bf01539cb5
SHA-256: 40a2419c9c14b064d92081353b0ed2f5cf44dd175d83e5518c2fc322c238d26d
php55-php-xml-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: a32b255bfb056aff65d797bd6260591d
SHA-256: 1787b7038d4edaac3b6de1aff4164453710cc0fb6679cccdd9ea61d60640622c
php55-php-xmlrpc-5.5.6-13.el6.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: d86741a1b7fb9bf79bc7d56827596575
SHA-256: 18aef3df9a3e7fe3a8e55da19368c20b9527f26c685bb571fd2b4eaddba0800c
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
php55-php-5.5.6-13.el7.src.rpm
File outdated by:  RHSA-2015:1186
    MD5: 5f6437da303010e96134ce2a6e048dab
SHA-256: 810f3d8c032193d561e4b03e832c1fa78c74d520a2c78726952dcc74bf4e78c0
 
x86_64:
php55-php-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 9d3f1030c1198dd237ee5a9f59c32169
SHA-256: 9ecf699654a8a2eb098f9fb2e666a811c95decf46d0e220cfc2599959dcc5d78
php55-php-bcmath-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 1432e0964aa5d2cad2a0d837f9ee1ceb
SHA-256: 6e52aaf91571ba7a218ad4a4926fa2fa15f8884eedae488bf6692298ad7c298b
php55-php-cli-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 2fc9af4828f821a6a7014f5eece9485f
SHA-256: b852b9fb0ee8bbdce80237504f2e414088777eafab691b843dbc2c23a8a53e67
php55-php-common-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 1190960acf73d8a165a8f9e3ffbcf718
SHA-256: 1d0d62881eb909b886b2f77204e3079aad9642b6d74b767ea4a8bb2040090acd
php55-php-dba-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: ed39fa5eb5a1fb208064106c99a5b4ce
SHA-256: 076b4f8fe549c4e166ea75358a967472a0950f89ebadeb6600d54db6f4ff2b7b
php55-php-debuginfo-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 2323ecb8f766d2d0bfcddb582c1b9f7a
SHA-256: 10056ee0c89ee969cceeea257a407d07777cfc3b6bc7bfddf2cf02c05b68a8de
php55-php-devel-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 05d223b872cb4d1809dd4641b5b79d70
SHA-256: cab3cd703e0b7ca6394dde64217301d1ce9be191fa675776a3482a8070993d75
php55-php-enchant-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 4254373620f3d4a9e14c9dbedb421af8
SHA-256: b1470d3470e7f5465e6f81f3493a319f3a5861d77835bfce0fe2b968c053d6f9
php55-php-fpm-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 78599e5bf6f2362556bc67e8f242a740
SHA-256: 51e1d378e55e03ff6833d76a553b96e57d5872a4d5d119b9d84f1beed5234dd7
php55-php-gd-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 91bea31fc30fe5efbbc98732ea7983b4
SHA-256: a946cbba743cda0f912b41265470ca665caa718b129c1872a1810b6915bf9e0a
php55-php-gmp-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 2a80c096cc0066b5f871012d1a0f2781
SHA-256: b5d2043f516347e708c54a7ba0ee5eadf46510cbea34082305f0c53f1682886b
php55-php-intl-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: ce3046d85bb22b51ccfe4b4744a2663c
SHA-256: baf7d4e24aa6a75636ca00296eb5d22fb96cfca63f23c02149368b1e54283c95
php55-php-ldap-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 203d17a3c48af6feb876a140f4afcfc7
SHA-256: b32ac2c0524593bed3a6220595067cc97c95f4f4203c5e1f6b6f6093ecc60b98
php55-php-mbstring-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 7db965874679f8775da88e21c229543f
SHA-256: 0788dc4ac98df0899d26f35518cae8702a11aaf53e0c4f49072e545410209f58
php55-php-mysqlnd-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 033538ef42b9849a5a260ceed014aa16
SHA-256: 091f4a97fa8dd244ac2bb58357b5b4b730967826e0fd8790b941c8d0be9b3fef
php55-php-odbc-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 2047717c58d8005193abdee2ad0bda1b
SHA-256: 09588223d7e171f2d398b05736bfa07f98f93fe27bf522ad00a0d81c28da5293
php55-php-opcache-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 62b9b5cbae7c0f6368de0c149929bbd0
SHA-256: fac8383d5a904bf3b8f0254e9e4aaa82b1e139f374fc3fadba14ae94b8fa9b20
php55-php-pdo-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 0de65d28ef8dbbc26c794d9ebe343ec4
SHA-256: e6aadda595b3bf6c24b1be3249a8641e057c2213970193beb388c900453e7a68
php55-php-pgsql-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 80f92276fa3b6062c2ea4a7c5174c984
SHA-256: 1cfe7ea47f533a6aa2bc04b0bb033710c9b439a11552cf165171ec425708b0ef
php55-php-process-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 74c13b04da07df01ba0100d649786987
SHA-256: e0c4010746d8040871f8b3ddeb9bc4084d59f80106c14602c2cdccb7b0997cb8
php55-php-pspell-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: e546d3999886badb62ee493fac613b0b
SHA-256: 702994cfe9c852f26c2246080d79cd91a8489b5bf0f31eb60ffdabcfad7911c4
php55-php-recode-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 22537035e92709483098073a26baf687
SHA-256: 1928d03228a0373205c97851f3a99fae0cf8d786f68f760810e1e4acc4e02a61
php55-php-snmp-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 78abc94b6bad904d94d641d7d72b1d78
SHA-256: 1d1c5df5c645437ab643de3f5a0cc0e699f3925389ea9b502666e2b8170cf0f9
php55-php-soap-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 52f928dd16d015cb1eead994d0274f70
SHA-256: a3c4311126a4af78566ce1c9c975b80041f802d438d6f9f6812da6709f8fd9de
php55-php-xml-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: 6d3ab9b56af26a50f8b573d8579c00f9
SHA-256: 510fdb840f39b84ab8b7362988541a1a47a63bcef1faa28f266223cb66ff3ab3
php55-php-xmlrpc-5.5.6-13.el7.x86_64.rpm
File outdated by:  RHSA-2015:1186
    MD5: cfec3ee676b84ed01b6fe24e402a4999
SHA-256: ff7b7a7b932a970433fc3189dcd3ca0aa9a9b577f559515554d6a27c07cc7ee0
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm()
1091842 - CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check
1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop
1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS
1098222 - CVE-2014-3538 file: unrestricted regular expression matching
1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check
1104863 - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size
1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check
1107544 - CVE-2014-3487 file: cdf_read_property_info insufficient boundary check
1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing
1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw
1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak
1120259 - CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting
1120266 - CVE-2014-4670 php: SPL Iterators use-after-free
1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
1132589 - CVE-2014-3597 php: multiple buffer over-reads in php_parserr
1132793 - CVE-2014-5120 php: gd extension NUL byte injection in file names
1154500 - CVE-2014-3669 php: integer overflow in unserialize()
1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail()
1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/