Mandriva Linux Security Advisory : php (MDVSA-2014:130)

high Nessus Plugin ID 76438

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated php packages fix security vulnerabilities :

The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types (CVE-2014-3515).

It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query (CVE-2014-4049).

A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478).

Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487).

PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to this issue. It has been updated to versions 5.5.14, which fix this issue and several other bugs.

The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory (CVE-2014-4721).

Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.5 version.

Solution

Update the affected packages.

See Also

http://advisories.mageia.org/MGASA-2014-0284.html

http://www.php.net/ChangeLog-5.php#5.5.14

Plugin Details

Severity: High

ID: 76438

File Name: mandriva_MDVSA-2014-130.nasl

Version: 1.11

Type: local

Published: 7/10/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:php-cli, p-cpe:/a:mandriva:linux:php-tidy, p-cpe:/a:mandriva:linux:php-iconv, p-cpe:/a:mandriva:linux:php-ini, p-cpe:/a:mandriva:linux:php-bz2, p-cpe:/a:mandriva:linux:php-json, p-cpe:/a:mandriva:linux:php-mysqli, p-cpe:/a:mandriva:linux:php-pdo_mysql, p-cpe:/a:mandriva:linux:php-snmp, p-cpe:/a:mandriva:linux:php-session, p-cpe:/a:mandriva:linux:php-xmlrpc, p-cpe:/a:mandriva:linux:php-enchant, p-cpe:/a:mandriva:linux:php-gettext, p-cpe:/a:mandriva:linux:php-openssl, p-cpe:/a:mandriva:linux:php-soap, p-cpe:/a:mandriva:linux:php-curl, p-cpe:/a:mandriva:linux:php-devel, p-cpe:/a:mandriva:linux:php-mcrypt, p-cpe:/a:mandriva:linux:php-xml, p-cpe:/a:mandriva:linux:php-recode, p-cpe:/a:mandriva:linux:php-pdo_dblib, p-cpe:/a:mandriva:linux:apache-mod_php, cpe:/o:mandriva:business_server:1, p-cpe:/a:mandriva:linux:php-filter, p-cpe:/a:mandriva:linux:php-imap, p-cpe:/a:mandriva:linux:php-pdo_odbc, p-cpe:/a:mandriva:linux:php-bcmath, p-cpe:/a:mandriva:linux:php-apc, p-cpe:/a:mandriva:linux:php-mysqlnd, p-cpe:/a:mandriva:linux:php-wddx, p-cpe:/a:mandriva:linux:php-sybase_ct, p-cpe:/a:mandriva:linux:php-xsl, p-cpe:/a:mandriva:linux:php-intl, p-cpe:/a:mandriva:linux:php-gmp, p-cpe:/a:mandriva:linux:php-pcntl, p-cpe:/a:mandriva:linux:php-sysvshm, p-cpe:/a:mandriva:linux:php-mssql, p-cpe:/a:mandriva:linux:php-sysvmsg, p-cpe:/a:mandriva:linux:php-tokenizer, p-cpe:/a:mandriva:linux:php-sockets, p-cpe:/a:mandriva:linux:php-odbc, p-cpe:/a:mandriva:linux:php-xmlwriter, p-cpe:/a:mandriva:linux:php-zip, p-cpe:/a:mandriva:linux:php-gd, p-cpe:/a:mandriva:linux:php-timezonedb, p-cpe:/a:mandriva:linux:php-pdo_pgsql, p-cpe:/a:mandriva:linux:php-exif, p-cpe:/a:mandriva:linux:php-mysql, p-cpe:/a:mandriva:linux:php-cgi, p-cpe:/a:mandriva:linux:php-fpm, p-cpe:/a:mandriva:linux:php-readline, p-cpe:/a:mandriva:linux:php-dba, p-cpe:/a:mandriva:linux:php-pgsql, p-cpe:/a:mandriva:linux:php-xmlreader, p-cpe:/a:mandriva:linux:php-zlib, p-cpe:/a:mandriva:linux:php-ldap, p-cpe:/a:mandriva:linux:php-dom, p-cpe:/a:mandriva:linux:php-opcache, p-cpe:/a:mandriva:linux:php-hash, p-cpe:/a:mandriva:linux:php-phar, p-cpe:/a:mandriva:linux:php-apc-admin, p-cpe:/a:mandriva:linux:php-calendar, p-cpe:/a:mandriva:linux:lib64php5_common5, p-cpe:/a:mandriva:linux:php-pdo_sqlite, p-cpe:/a:mandriva:linux:php-posix, p-cpe:/a:mandriva:linux:php-mbstring, p-cpe:/a:mandriva:linux:php-ftp, p-cpe:/a:mandriva:linux:php-sqlite3, p-cpe:/a:mandriva:linux:php-doc, p-cpe:/a:mandriva:linux:php-pdo, p-cpe:/a:mandriva:linux:php-shmop, p-cpe:/a:mandriva:linux:php-sysvsem, p-cpe:/a:mandriva:linux:php-ctype, p-cpe:/a:mandriva:linux:php-fileinfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2014

Reference Information

CVE: CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4049, CVE-2014-4721

BID: 68007, 68120, 68237, 68238, 68239, 68241, 68243, 68423

MDVSA: 2014:130