php-5.3.3-27.AXS4.2

エラータID: AXSA:2014-571:03

Release date: 
Wednesday, October 1, 2014 - 16:19
Subject: 
php-5.3.3-27.AXS4.2
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
Moderate
Description: 

Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module which adds support for the PHP
language to Apache HTTP Server.

Security issues fixed with this release:

CVE-2014-2497
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

CVE-2014-3587
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.

CVE-2014-3597
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.

CVE-2014-4670
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.

CVE-2014-4698
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.

Solution: 

update packages.

CVEs: 
CVE-2014-2497
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
CVE-2014-3587
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
CVE-2014-3597
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
CVE-2014-4670
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
CVE-2014-4698
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.
Additional Info: 

N/A

Download: 

SRPMS
  1. php-5.3.3-27.AXS4.2.src.rpm
    MD5: 6c017b51c8843120b45b57689a9602fb
    SHA-256: a14a6123d288d2655983940be96aea7eebdb094b35875ac624139d31fa60a506
    Size: 10.38 MB

Asianux Server 4 for x86
  1. php-5.3.3-27.AXS4.2.i686.rpm
    MD5: 9d1b413a8bd12eeb3db87ed311f47919
    SHA-256: 01a6f4478e1a753c4734f8479f6cde096942e61d6a5e8b21e175262faf6f9b59
    Size: 1.12 MB
  2. php-bcmath-5.3.3-27.AXS4.2.i686.rpm
    MD5: e6cae3e39e3d3ab2965aaa30f9db289e
    SHA-256: 5d1f8e4a0ab0b46b2d9654fe2ee935fcc0a9f151817dca8aee091c4236279b52
    Size: 35.46 kB
  3. php-cli-5.3.3-27.AXS4.2.i686.rpm
    MD5: 9d4352f6a31f9a1afe79866525f33f20
    SHA-256: fb56d3f6a87389f109b3cbc50d28caaab8b25c60ecd2d2907594ea3bdea6998f
    Size: 2.22 MB
  4. php-common-5.3.3-27.AXS4.2.i686.rpm
    MD5: 55ef5afa056f6040aa68a855dbbb7cd5
    SHA-256: 5b28072771cdc07efbb8a78f3e61cabe8b7567404a99084fe75b9f35a9d3ccb2
    Size: 526.66 kB
  5. php-gd-5.3.3-27.AXS4.2.i686.rpm
    MD5: bf5ecea38818c1e004920bc5073b4b6e
    SHA-256: eec4303438c08511a917b8291ad2e311e5ec3a1e554874a8f621dee66a47679d
    Size: 105.72 kB
  6. php-ldap-5.3.3-27.AXS4.2.i686.rpm
    MD5: 11d38bc8015f46ce1f4818f845334002
    SHA-256: 2324ec8266256bef3039fcb6c6c3e81664a3677fa251431a9dc067d009289d13
    Size: 38.50 kB
  7. php-mbstring-5.3.3-27.AXS4.2.i686.rpm
    MD5: dcd965470215c4d54c349fd0e48d8d67
    SHA-256: 66a4d1636d1518cde0553c4af08f527d471d364ac707efe21fb591048d3dd615
    Size: 455.87 kB
  8. php-mysql-5.3.3-27.AXS4.2.i686.rpm
    MD5: 2ca063c734da7b00e52f87f4efe0a3c5
    SHA-256: 9b8e3dd8d217428183cea6fd462f8e24af8e2ebd2c032f9167f2f55f328b0264
    Size: 79.71 kB
  9. php-odbc-5.3.3-27.AXS4.2.i686.rpm
    MD5: a9ad73e5a4b053277a11c40e5fd998b8
    SHA-256: ca375ce755d64b33cd18ede2fd11df0b3e589e06533ebd312343f373b0026ba4
    Size: 51.11 kB
  10. php-pdo-5.3.3-27.AXS4.2.i686.rpm
    MD5: a81896af9f64ec2c57ee584397d914ad
    SHA-256: 36e6110e9bd63b1e0309199d7ae010f4f5197ae108417a8af73e3447f3d1a1c7
    Size: 75.06 kB
  11. php-pgsql-5.3.3-27.AXS4.2.i686.rpm
    MD5: 8841b70c4302be5e1f3b93e70f3c20c7
    SHA-256: d490d2e2bb79bb33238487c1aab635691a86dbf591ccbe4a2d8f1372b26b836a
    Size: 70.12 kB
  12. php-soap-5.3.3-27.AXS4.2.i686.rpm
    MD5: 74093adcadef9c002558c8e99c1c197a
    SHA-256: a38ad95dcd9ad66c876043752f053f31928bb8da722ca45ff7d4fa8a8f4bf79f
    Size: 142.20 kB
  13. php-xml-5.3.3-27.AXS4.2.i686.rpm
    MD5: 28af1673efdd049302d41067f1ab67fc
    SHA-256: badd869aeccaefd97e20300650722112b983759c05419b235de6a1bbdc72b03c
    Size: 102.23 kB
  14. php-xmlrpc-5.3.3-27.AXS4.2.i686.rpm
    MD5: d1208ee1045b87e9ee94e69ee2cc135a
    SHA-256: 56b043eaef0ba04e765a0174554964f9249f36ccbb0cf479640fea1e07e4041a
    Size: 54.23 kB

Asianux Server 4 for x86_64
  1. php-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 499c4820c1462c31796e574c23fb0175
    SHA-256: 22da868272be60fe38690d8ffaee1203c2e9d40a9f399dc2523dd13afd5994f5
    Size: 1.13 MB
  2. php-bcmath-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 4ce0ec1ae6b3d97ba0e0406527bda9c7
    SHA-256: d6e79d5be356864df457f9235d3ccff55c4965d2990ca9c94c3d9401fcf706f8
    Size: 35.22 kB
  3. php-cli-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: e8231a10d99c9165c90db768bf724bac
    SHA-256: 8b2679c4ca584c02369825d454ac29f2297926efd830568835c11898d89ea551
    Size: 2.18 MB
  4. php-common-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 50feaf9488da450d7728066e7f689ad2
    SHA-256: ce3573555bf63e5b44b0f4cbac769565a279a4a6362b60489ece5392dda7c1a4
    Size: 525.22 kB
  5. php-gd-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 3cc04e350d033750d1374ea15cc30f5c
    SHA-256: 012df5ca269f41c302b69f80f38233914ea11c4ce1e3f28985f80b07bbdf5e63
    Size: 107.02 kB
  6. php-ldap-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 2f7e54976db4dd8b1eeb8ada033e4d12
    SHA-256: dc2380ba808f0a2c4e0229911493fa613e67aa34e73323ddfb4b62654baeb3e7
    Size: 38.86 kB
  7. php-mbstring-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 0d15dc2388cb68f0e5bca7863b643dd9
    SHA-256: 5780f796c375e473202ace954d7d8bf3c625380f73a07562cfd071c49f3d6116
    Size: 455.80 kB
  8. php-mysql-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 699102dde798349163f1975328a50178
    SHA-256: e9c0d19158b58ef5ced79782cbb17bd1bbf637f1a75c868de0e7de0ded150c38
    Size: 81.78 kB
  9. php-odbc-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 22bdf2a77aa711fdf64d741f7bb00ce2
    SHA-256: 1d5a22e8e1b8b512070e62e1918969e4b4b32567eb17b1ffd467a7d210098f53
    Size: 51.39 kB
  10. php-pdo-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 39b07b1927c316f100a31694049aba12
    SHA-256: d737f429c411749753f58dc97581489b76e15e69a3a74aed14864906fd221658
    Size: 75.77 kB
  11. php-pgsql-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: f2fac4910c7c47a3eb9958aced575fae
    SHA-256: 478855a5510b5b7d894f4731a7d626f080041f3ef429d61fcb694c458b967b2c
    Size: 70.75 kB
  12. php-soap-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 784e1bf35b3b93f8c005cf4836cf5883
    SHA-256: a4e50f0538c08c39215695ad8e3d77e8f2eb4f697742aab71ef6624b5efc8f88
    Size: 140.64 kB
  13. php-xml-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 24b781cd4472177ef9cd623e623be827
    SHA-256: efc19d72c505e1ef7aaad096fdc67e6b7737917cb130c2dfd910550914154021
    Size: 103.79 kB
  14. php-xmlrpc-5.3.3-27.AXS4.2.x86_64.rpm
    MD5: 526e0f0c8d3a3d4010bfc032adf08c34
    SHA-256: d1375b5e29501f51a6c827e0f6ee8c704d5bf90b14ba5429fba41e492d9d9425
    Size: 53.12 kB