Updated php54 collection packages that fix multiple security issues andseveral bugs are now available as part of Red Hat Software Collections 2.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.[Updated 5 June 2015]This advisory has been updated to list previously unlisted security issuescorrected in this update, including CVE-2015-3330 that has been rated ashaving Important security impact. Consequently, the overall impact of thisadvisory has been changed to Important. No changes have been made to thepackages.

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Server. The php54 packages provide a recent stable release of PHP withthe PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and anumber of additional utilities.The php54 packages have been upgraded to upstream version 5.4.40, whichprovides a number of bug fixes over the version shipped in Red Hat SoftwareCollections 1. (BZ#1168193)The following security issues were fixed in the php54-php component:A flaw was found in the way the PHP module for the Apache httpd web serverhandled pipelined requests. A remote attacker could use this flaw totrigger the execution of a PHP script in a deinitialized interpreter,causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)An uninitialized pointer use flaw was found in PHP’s Exif extension. Aspecially crafted JPEG or TIFF file could cause a PHP application using theexif_read_data() function to crash or, possibly, execute arbitrary codewith the privileges of the user running that PHP application.(CVE-2015-0232)Multiple flaws were discovered in the way PHP performed objectunserialization. Specially crafted input processed by the unserialize()function could cause a PHP application to crash or, possibly, executearbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,CVE-2015-2787, CVE-2015-4147, CVE-2015-4148)Multiple flaws were found in the way the way PHP’s Phar extension parsedPhar archives. A specially crafted archive could cause PHP to crash or,possibly, execute arbitrary code when opened. (CVE-2015-2783,CVE-2015-3307, CVE-2015-3329)A heap buffer overflow flaw was found in the enchant_broker_request_dict()function of PHP’s enchant extension. An attacker able to make a PHPapplication enchant dictionaries could possibly cause it to crash.(CVE-2014-9705)A heap buffer overflow flaw was found in PHP’s regular expressionextension. An attacker able to make PHP process a specially crafted regularexpression pattern could cause it to crash and possibly execute arbitrarycode. (CVE-2015-2305)A buffer over-read flaw was found in the GD library used by the PHP gdextension. A specially crafted GIF file could cause a PHP application usingthe imagecreatefromgif() function to crash. (CVE-2014-9709)A use-after-free flaw was found in PHP’s phar (PHP Archive) extension.An attacker able to trigger certain error condition in phar archiveprocessing could possibly use this flaw to disclose certain portions ofserver memory. (CVE-2015-2301)An ouf-of-bounds read flaw was found in the way the File Information(fileinfo) extension processed certain Pascal strings. A remote attackercould cause a PHP application to crash if it used fileinfo to identify thetype of the attacker-supplied file. (CVE-2014-9652)It was found that PHP move_uploaded_file() function did not properly handlefile names with a NULL character. A remote attacker could possibly use thisflaw to make a PHP script access unexpected files and bypass intended filesystem access restrictions. (CVE-2015-2348)A flaw was found in the way PHP handled malformed source files when runningin CGI mode. A specially crafted PHP file could cause PHP CGI to crash.(CVE-2014-9427)The following security issue was fixed in the php54-php-pecl-zendopcachecomponent:A use-after-free flaw was found in PHP’s OPcache extension. This flaw couldpossibly lead to a disclosure of a portion of the server memory.(CVE-2015-1351)All php54 users are advised to upgrade to these updated packages, whichcorrect these issues. After installing the updated packages, the httpdservice must be restarted for the update to take effect.
Red Hat Software Collections 1 for RHEL 6

SRPMS:
php54-2.0-1.el6.src.rpm
    MD5: 4d6e9f94a00689161c8d4919835354d9SHA-256: e06d508ad5b2d29c2fabaa40d23e29408e1d9e92a4b2ca9d3220945b4391b500
php54-php-5.4.40-1.el6.src.rpm
    MD5: a7d8a7f750ccf50af549921edf792417SHA-256: cf023473e5838b2ca718acadf10815be2c23f0f722b7c01eb0aa4c62a70943f5
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm
    MD5: b12d7a96df18b5751aad5dfbb61c00aeSHA-256: f665a5a3a61dce4bd2ffb5b88b79100910786f203b18ac54074be12831eebe52
 
x86_64:
php54-2.0-1.el6.x86_64.rpm
    MD5: e9406c98ad5c7ffa2489c23143649d1aSHA-256: bb47b3fc31429e97fcd15b30d6424e3cb03ea6d5c9d69a1933277ad5ca3a0c1f
php54-php-5.4.40-1.el6.x86_64.rpm
    MD5: 290af1369ec2b3f35383ac93f9c505d7SHA-256: 2c1a63205daf4b1b33b53f3a5272269995bc5e1b1a9385779fd81f7f4f0cbf3d
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
    MD5: bdd3b935746cd8eada0292f14db80997SHA-256: de9454dcf21720a707dbbb91154eda570f5770bbc90c2094718f3b82cac9a167
php54-php-cli-5.4.40-1.el6.x86_64.rpm
    MD5: 04cd496233beba664aee9d794121fae9SHA-256: 8ed097e0be1fd08a0545b597456fbed803489e4f98999973c8a8d424ec121ee1
php54-php-common-5.4.40-1.el6.x86_64.rpm
    MD5: c477249d36918aefdd450bbf498c1a0bSHA-256: c37d68b1d3d7950a6b13d516591a96cb2d8ca081f85a58d2ef6a0391b847db97
php54-php-dba-5.4.40-1.el6.x86_64.rpm
    MD5: c6685c6e33be449f1c897787c8f9da51SHA-256: f5f1343d60c4b6a6b7f2979f39514855ca5d72465273c7044b497be665e4db19
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
    MD5: 31e6a64f7e1dbfc4cbb8648dbbead0e3SHA-256: 470213d0e604bde95b8576c61b426c2419f60105bbc5f1e47c78f6ed59388e72
php54-php-devel-5.4.40-1.el6.x86_64.rpm
    MD5: 9139ef3cc0fba4d7cd1aabbff25ff9deSHA-256: 472037d50edda5a6fceb5059045cbe72d3c0e45dbaa78ea4bf9e21137be98986
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
    MD5: 779df927f1d42ad82e780b9d13cfd64eSHA-256: 5c7727980c0aadf0fa799c23d815aa7c726859cf53aa3a27cd13374e137f8226
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
    MD5: 87995997665a03271b14931b29adc0f6SHA-256: eadcf52ee35c9d5eba3d1f0d905bd729eedd504c7462a7f2aa0cb2dff01186e7
php54-php-gd-5.4.40-1.el6.x86_64.rpm
    MD5: 0977e28fc66e9dbfff72d33704b1b959SHA-256: 30661292bb71f8a6e3aa2156460516da5bf81416c7ce20a20337fddebfc54a4d
php54-php-imap-5.4.40-1.el6.x86_64.rpm
    MD5: a8856b0baeacdda76b80054bc5708dc0SHA-256: d65b507c83d2de747dcea1c0e23033f166b5d7fdcab227d091ca46aa4898ae58
php54-php-intl-5.4.40-1.el6.x86_64.rpm
    MD5: e84521cc9704b804e8276bd98d978c84SHA-256: 8bd8034a957fceece0d9c5111879d65a84a26f27bb3986e136685667e391a71a
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
    MD5: 238957433c9544ea19dfc6a0922a2b9dSHA-256: 546c54ed1d5383c756d8b25d2456881b6790731f6c64780c204bcb6e21a5fce9
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
    MD5: 39679a04df4d1d55d76955f0fb36fa73SHA-256: 95582eceb750c70e0e82cb098c8f4b87d8dbf27a66db524ba63e99ad012dd3c0
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
    MD5: 4fc4425328d253903fa126e7c0a716a8SHA-256: 6f2a6a8901ca15bad8192b4c02f4dbd5367ca09c95370eb2313645d50d9b5e49
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
    MD5: f473eaf3d8881a596275805420e4cc19SHA-256: 3937cd2cef0362d5b095e46b06e5b705e34806da37a07095794edbd9ff30be09
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
    MD5: 328c878e7451f609f6f49630fe93b0f2SHA-256: f87307c3c90095365f22e8dcb7e36638fb8ac04df1caaaff0bdc104ec2414d30
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
    MD5: 4392edc2aaf4b7cc55029348e7035265SHA-256: 2fd8fa2a44a7b11e182ba5ea92f236b7cf12b549f59a0d86d86b90027bbdf808
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
    MD5: df4659a4bfb13bbddee42e06a43d9bbdSHA-256: 3bf026407be2576f381bcfc861b8495869d840ca65c643f309c161cb67bba19e
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
    MD5: 93e3b55fc5edf2e0ab338ae4cdbbcfa4SHA-256: f023cb252e0240f15ff4f1f995ac4eaf80f014d9f0c810852f7eb766e111a97a
php54-php-process-5.4.40-1.el6.x86_64.rpm
    MD5: 6661a8f3e727dab3c319d41515aff21eSHA-256: 03dded85ee040447bdf16548670e2528f1561cc6ec5448fd2114e67c80495865
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
    MD5: 266e1b7aa2dd4c6cc85426fd823a6f59SHA-256: 28f600c81215a1bd6a56567b2d73356da6dba570ef49cad0d60a1cbdec2a0a8c
php54-php-recode-5.4.40-1.el6.x86_64.rpm
    MD5: e42ecc74b1d9557eab5636743e9eff3eSHA-256: ab6e2c44dfe5f9d07d829f5d706d6f8048595d58f1544daf93bb6b26691916e0
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
    MD5: 48b2164ec4c97f9c3c0fd660ca5245b9SHA-256: 3d282b947601277e5a6def835ae47278953ad285f008a708e6f846ec09cb63c5
php54-php-soap-5.4.40-1.el6.x86_64.rpm
    MD5: e9f8fda8c15d28e3c7212a74c2d4febfSHA-256: 997405a1bacee5e78735da981bd4ea0c6bc511f9024b4baeb710d6c72b713818
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
    MD5: 798d6c658489cb7f55b0967a5920360aSHA-256: 045eeed443d1bf4f9b82bfb888bf4e6d6771f57605c0fd72c7647f4a727e8ab5
php54-php-xml-5.4.40-1.el6.x86_64.rpm
    MD5: cf9e36caaa3fb8232633bec90e8bd8d8SHA-256: 39ba4cd1630617a12593bf74fdefd32219f9fd20d8a52cc1022cf43b38bf0213
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
    MD5: 12db887baa637870b1356f38754e77a4SHA-256: a7b6e296ba78a47c043ce8fb418c3c27e2abe021fad2ca87b96cabd8849f63a9
php54-runtime-2.0-1.el6.x86_64.rpm
    MD5: 4bfb0df873a604d3f3e9b6828d0c2f16SHA-256: 81d1f8387945f3e8162a4712938e1b226777e64c2d3a5d0930a8d15fe52a5ee8
php54-scldevel-2.0-1.el6.x86_64.rpm
    MD5: 6fe7146d3a46c91749eb3a05ab2e3dedSHA-256: 703befcac6e9c9e0ba93dacf045bb7cfc330cc8f24d0bb641f2477f551009ec9
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
php54-2.0-1.el7.src.rpm
    MD5: f69d11a1789ff30b9c2323983d7ac11eSHA-256: 1d575ec36410282745dded383280cc0b5ac42886476a94b80cad68637a5dafff
php54-php-5.4.40-1.el7.src.rpm
    MD5: efd1db47c5e0e15f22219906e459409fSHA-256: f59a40b1547a0bd838966e850d41c9746952207bc7bcefdb84498b71e634cc90
php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm
    MD5: 0866f479d6be4bc3251381ed6836cb63SHA-256: 3deb5577b45f44493ec291ba8f6e8d57f999166356dee9f9ac928d09f9b85212
 
x86_64:
php54-2.0-1.el7.x86_64.rpm
    MD5: 0d1e64f9bc8af0cb077b29492f27a022SHA-256: cf9914699d5c7800656a2485a0160cb0caea88ec372b5fa8bd3a2f18e8c26908
php54-php-5.4.40-1.el7.x86_64.rpm
    MD5: fe7fc07f25d4d83f3d060c18cd897d2bSHA-256: fdb73d448440742d32591c3912ac3f069c202d6cf8ce82ccf60892a94771fff0
php54-php-bcmath-5.4.40-1.el7.x86_64.rpm
    MD5: bc3ac899b6c3290225a37d527cfa1ad0SHA-256: c8b0ad52c1d0b02e7ae3e35e856657dda5635967f8b1485e6e4f769ad598b19f
php54-php-cli-5.4.40-1.el7.x86_64.rpm
    MD5: 1b58b7b884f40259c39b9dcb55689a22SHA-256: 16c7d9884698355ea56916c5e3ff5effcf4583a45989add4d73f92dbd2fc4bc9
php54-php-common-5.4.40-1.el7.x86_64.rpm
    MD5: f51549fe13766d75cb5f9ce8afa5fcd7SHA-256: 7fd544e545977e6bb3b11768b3502a12247b92ceea58be5cb5f7a76cce1cf316
php54-php-dba-5.4.40-1.el7.x86_64.rpm
    MD5: e4c7968070f9aa89de26f7916dab2e5bSHA-256: 1de5beaa1927e1268c5f67ff71b4007417197d901d4a2b12094d669704c090dc
php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm
    MD5: 036ff41b2c64129d32f719354fc6a5e3SHA-256: 7c6d626dd7ca2474270d1c7d9f0109d16efe4a019473931e01344cec6728806c
php54-php-devel-5.4.40-1.el7.x86_64.rpm
    MD5: c4653b05d8e307528a3d28c911370a15SHA-256: 1d66be56d6f31d4d3513b429eeacdf923f9b94e6b5a984b3844ed6a5ec6d4ac7
php54-php-enchant-5.4.40-1.el7.x86_64.rpm
    MD5: b94aac5fe94e838409b1465448dbaa77SHA-256: 554d0a3b493e27989390151fffbc112f9b9c6ecffca7f36a88f860570cc6445f
php54-php-fpm-5.4.40-1.el7.x86_64.rpm
    MD5: 85a9d060040a561dbf856d06f5091ee1SHA-256: 982545a186dee6140097600699034638586af00565a9df2c1de7c2647ce6f592
php54-php-gd-5.4.40-1.el7.x86_64.rpm
    MD5: a74f6630cbdb695e1bdc9fdba59373bfSHA-256: 1dcfde4a578ff7c3d398916a227a01e313caf71b132e0d26a9d16dddb246b3a5
php54-php-intl-5.4.40-1.el7.x86_64.rpm
    MD5: 40051b4447880b28be41cd7d0d05e10eSHA-256: 0b793c0a33ff850d3c72b183d070b91a614f5cae9ddc5d6877959415b7b6a2bb
php54-php-ldap-5.4.40-1.el7.x86_64.rpm
    MD5: e07bb73ff95143823d7e574450713207SHA-256: c002d103fbb7ad64aefe78d28f8fed47b80655ebb3e411c378fb1759282fa6e7
php54-php-mbstring-5.4.40-1.el7.x86_64.rpm
    MD5: c8559d4698bfff82859e18f9ba2cb300SHA-256: fc2602e4fe1b1cc6758d2b933331df44aafa373c3af072da01d1e6e94c003de3
php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm
    MD5: 69ad0b36836e8c7efca3be952570f288SHA-256: 52aef159dbd4c114a175c75fa7ec11147ba561ce3e0b66661ac5db94f075f049
php54-php-odbc-5.4.40-1.el7.x86_64.rpm
    MD5: 41874f31d47e66b0c1495f037ee33ef7SHA-256: dcc8fd7e9c9d9ebf9b7b69311a630b0f06603c25ccaaaf77a2fdaf9928830a1a
php54-php-pdo-5.4.40-1.el7.x86_64.rpm
    MD5: bf26521ed2756e9351120f421bd6dbd4SHA-256: 587479ad4f17747917b251d34e66e82d1156c0f59e6b52ba9f7617ce0b3b6711
php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm
    MD5: 824cdccadda319d9dc0249c01994f99fSHA-256: 2deb7608a827a9cc88964db154c8829d3704e9dd6a2b6dd3045daafd163ac770
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm
    MD5: a15c0f879938e458b59cce6c8bdc6546SHA-256: 975ef5fb43c4aee651393526c0b5f55ef33378721ffd4addd4c821255ef7f903
php54-php-pgsql-5.4.40-1.el7.x86_64.rpm
    MD5: 8509d10d012d7cdc3e3ecc314734d9f1SHA-256: bf6329f41154081cf0f40dd7c4e531a2d4664ff3b61435deb53d3f34decbcc2a
php54-php-process-5.4.40-1.el7.x86_64.rpm
    MD5: c13f86ef69a79677a635fdb7ee0e8f26SHA-256: 19b49225d83fa683c231878bd0864a2615c98ed7946d1c8b6925c5f07e34852c
php54-php-pspell-5.4.40-1.el7.x86_64.rpm
    MD5: e0a6ef0488008d429efbe774c4f6ad02SHA-256: 37ec93b1d25fed48a4ffff9fab7c5bbf4233096017bcb3e3fd9b2d6780b1d93a
php54-php-recode-5.4.40-1.el7.x86_64.rpm
    MD5: 766f06cd95f092ac330d3beca24d5892SHA-256: 2f9e2b538dbe7e953ee2f95cdbf579c73335971648b7cf5ba7ba8dbefbd57917
php54-php-snmp-5.4.40-1.el7.x86_64.rpm
    MD5: dd6e9260d4740c7938224554724b942bSHA-256: 9e34839ca6c9a0f56b7c3d1d7a68e7bbc680b10cf8f6facb66881f82f6c06c78
php54-php-soap-5.4.40-1.el7.x86_64.rpm
    MD5: 07b45f29309aa827e8d4ae93ad802bedSHA-256: ac77ec5f567b5db24210dc608c79b384532829ce6be4dd082e281f2cb07f7ec3
php54-php-xml-5.4.40-1.el7.x86_64.rpm
    MD5: ff0e5a03dbbc13cac0cabf67e1c609d4SHA-256: af1410609811afa7341686a1ae114b198f4f972194267d0b26ddbdeb1204deec
php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm
    MD5: c2f9418f909ab682f86f8ba9ebf5f946SHA-256: 6a8b53da878df665aee9ff631ff6f9d22289eb680d2206f57cf0c225454a545f
php54-runtime-2.0-1.el7.x86_64.rpm
    MD5: 1fcc1de19c42d4ac6b39bdf5fc662bc3SHA-256: c2a18b62d5fe1c8e0df2ae64a508c36c1133a19c6c9c88de765cd0b985eccd8b
php54-scldevel-2.0-1.el7.x86_64.rpm
    MD5: 867f9828a7167afb86082ae3baa24d72SHA-256: 647d10c9dca14979c1633c92aeb6fb7927f7129bf1e1b2ac036073f99b99966a
 
(The unlinked packages above are only available from the Red Hat Network)
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply