Mandriva Linux Security Advisory : php (MDVSA-2015:032)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities have been discovered and corrected in php :

sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x
through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a
.php file, does not properly consider the mapping's length during
processing of an invalid file that begins with a # character and lacks
a newline character, which causes an out-of-bounds read and might (1)
allow remote attackers to obtain sensitive information from php-cgi
process memory by leveraging the ability to upload a .php file or (2)
trigger unexpected code execution if a valid PHP script is present in
memory locations adjacent to the mapping (CVE-2014-9427).

Use-after-free vulnerability in the process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before
5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute
arbitrary code via a crafted unserialize call that leverages improper
handling of duplicate numerical keys within the serialized properties
of an object. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-8142 (CVE-2015-0231).

The exif_process_unicode function in ext/exif/exif.c in PHP before
5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote
attackers to execute arbitrary code or cause a denial of service
(uninitialized pointer free and application crash) via crafted EXIF
data in a JPEG image (CVE-2015-0232).

The updated php packages have been upgraded to the 5.5.21 version
which is not vulnerable to these issues.

Additionally, the timezonedb package has been upgraded to the latest
2015.1 version, the php-suhosin package has been upgraded to the
latest 0.9.37.1 and the PECL packages which requires so has been
rebuilt for php-5.5.21.

See also :

http://php.net/ChangeLog-5.php#5.5.21

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 81198 ()

Bugtraq ID: 71833

CVE ID: CVE-2014-9427
CVE-2015-0231
CVE-2015-0232

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now