Описание
ELSA-2015-1053: php55 security and bug fix update (MODERATE)
php55 [2.0-1]
- fix incorrect selinux contexts #1194336
php55-php [5.5.21-2.0.1]
- add dtrace-utils as build dependency
[5.5.21-2]
- core: fix use-after-free vulnerability in the process_nested_data function (unserialize) CVE-2015-2787
- core: fix NUL byte injection in file name argument of move_uploaded_file() CVE-2015-2348
- date: fix use after free vulnerability in unserialize() with DateTimeZone CVE-2015-0273
- enchant: fix heap buffer overflow in enchant_broker_request_dict() CVE-2014-9705
- ereg: fix heap overflow in regcomp() CVE-2015-2305
- opcache: fix use after free CVE-2015-1351
- phar: fix use after free in phar_object.c CVE-2015-2301
- pgsql: fix NULL pointer dereference CVE-2015-1352
- soap: fix type confusion through unserialize #1204868
[5.5.21-1]
- rebase to PHP 5.5.21
[5.5.20-1]
- rebase to PHP 5.5.20 #1057089
- fix package name in description
- php-fpm own session and wsdlcache dir
- php-common doesn't provide php-gmp
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
php55
2.0-1.el6
php55-php
5.5.21-2.0.1.el6
php55-php-bcmath
5.5.21-2.0.1.el6
php55-php-cli
5.5.21-2.0.1.el6
php55-php-common
5.5.21-2.0.1.el6
php55-php-dba
5.5.21-2.0.1.el6
php55-php-devel
5.5.21-2.0.1.el6
php55-php-enchant
5.5.21-2.0.1.el6
php55-php-fpm
5.5.21-2.0.1.el6
php55-php-gd
5.5.21-2.0.1.el6
php55-php-gmp
5.5.21-2.0.1.el6
php55-php-imap
5.5.21-2.0.1.el6
php55-php-intl
5.5.21-2.0.1.el6
php55-php-ldap
5.5.21-2.0.1.el6
php55-php-mbstring
5.5.21-2.0.1.el6
php55-php-mysqlnd
5.5.21-2.0.1.el6
php55-php-odbc
5.5.21-2.0.1.el6
php55-php-opcache
5.5.21-2.0.1.el6
php55-php-pdo
5.5.21-2.0.1.el6
php55-php-pgsql
5.5.21-2.0.1.el6
php55-php-process
5.5.21-2.0.1.el6
php55-php-pspell
5.5.21-2.0.1.el6
php55-php-recode
5.5.21-2.0.1.el6
php55-php-snmp
5.5.21-2.0.1.el6
php55-php-soap
5.5.21-2.0.1.el6
php55-php-tidy
5.5.21-2.0.1.el6
php55-php-xml
5.5.21-2.0.1.el6
php55-php-xmlrpc
5.5.21-2.0.1.el6
php55-runtime
2.0-1.el6
php55-scldevel
2.0-1.el6
Oracle Linux 7
Oracle Linux x86_64
php55
2.0-1.el7
php55-php
5.5.21-2.el7
php55-php-bcmath
5.5.21-2.el7
php55-php-cli
5.5.21-2.el7
php55-php-common
5.5.21-2.el7
php55-php-dba
5.5.21-2.el7
php55-php-devel
5.5.21-2.el7
php55-php-enchant
5.5.21-2.el7
php55-php-fpm
5.5.21-2.el7
php55-php-gd
5.5.21-2.el7
php55-php-gmp
5.5.21-2.el7
php55-php-intl
5.5.21-2.el7
php55-php-ldap
5.5.21-2.el7
php55-php-mbstring
5.5.21-2.el7
php55-php-mysqlnd
5.5.21-2.el7
php55-php-odbc
5.5.21-2.el7
php55-php-opcache
5.5.21-2.el7
php55-php-pdo
5.5.21-2.el7
php55-php-pgsql
5.5.21-2.el7
php55-php-process
5.5.21-2.el7
php55-php-pspell
5.5.21-2.el7
php55-php-recode
5.5.21-2.el7
php55-php-snmp
5.5.21-2.el7
php55-php-soap
5.5.21-2.el7
php55-php-xml
5.5.21-2.el7
php55-php-xmlrpc
5.5.21-2.el7
php55-runtime
2.0-1.el7
php55-scldevel
2.0-1.el7
Ссылки на источники
Связанные уязвимости
ELSA-2015-1066: php54 security and bug fix update (IMPORTANT)
ELSA-2015-1135: php security and bug fix update (IMPORTANT)
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.