Updated php55-php packages that fix multiple security issues are nowavailable for Red Hat Software Collections 2.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Server.A flaw was found in the way the PHP module for the Apache httpd web serverhandled pipelined requests. A remote attacker could use this flaw totrigger the execution of a PHP script in a deinitialized interpreter,causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)A flaw was found in the way PHP parsed multipart HTTP POST requests. Aspecially crafted request could cause PHP to use an excessive amount of CPUtime. (CVE-2015-4024)An integer overflow flaw leading to a heap-based buffer overflow was foundin the way PHP’s FTP extension parsed file listing FTP server responses. Amalicious FTP server could use this flaw to cause a PHP application tocrash or, possibly, execute arbitrary code. (CVE-2015-4022)Multiple flaws were discovered in the way PHP performed objectunserialization. Specially crafted input processed by the unserialize()function could cause a PHP application to crash or, possibly, executearbitrary code. (CVE-2015-4602, CVE-2015-4603)It was found that certain PHP functions did not properly handle file namescontaining a NULL character. A remote attacker could possibly use this flawto make a PHP script access unexpected files and bypass intended filesystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,CVE-2015-3412, CVE-2015-4598)Multiple flaws were found in the way the way PHP’s Phar extension parsedPhar archives. A specially crafted archive could cause PHP to crash or,possibly, execute arbitrary code when opened. (CVE-2015-2783,CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)Multiple flaws were found in PHP’s File Information (fileinfo) extension.A remote attacker could cause a PHP application to crash if it usedfileinfo to identify type of attacker supplied files. (CVE-2015-4604,CVE-2015-4605)All php55-php users are advised to upgrade to these updated packages,which contain backported patches to correct these issues. After installingthe updated packages, the httpd24-httpd service must be restarted for theupdate to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Software Collections 1 for RHEL 6

SRPMS:
php55-php-5.5.21-4.el6.src.rpm
    MD5: 16c41c74dc4f3f47df3f9a81a93521afSHA-256: 10fcf618acea2246c8570977380a685b37d6cec40e8126fb983cddb81d6bf957
 
x86_64:
php55-php-5.5.21-4.el6.x86_64.rpm
    MD5: 00bffbfc47840dd50e9ab41e07b8926aSHA-256: 06912a2b6328dae39733d18a4e2bcd0c7dc4c7d112391dd4d30af3f548120e8e
php55-php-bcmath-5.5.21-4.el6.x86_64.rpm
    MD5: c0f77b30910d1dfd331426f98d3dd000SHA-256: ed70aeaf2bf8179856740d7dd4aa8684287fff28f61776afd5033b7c22cacc41
php55-php-cli-5.5.21-4.el6.x86_64.rpm
    MD5: 77eeec2191a4c91cb13f24243f511400SHA-256: 52443b0f2ad249b1a44981471d2aa8de789f018103d38f3b4be80b841b56d6dc
php55-php-common-5.5.21-4.el6.x86_64.rpm
    MD5: 7b81278fe2a1d73e3fcf73301ccf6c5fSHA-256: 4c75c00f1e67eaf2148205f401bd328d0042f02008418eb93b1a59f07a771e88
php55-php-dba-5.5.21-4.el6.x86_64.rpm
    MD5: fbefa8f8cbdee81b2b64f8896c19b48dSHA-256: 2d3397b049e5585c4786a3166ca3a7fe108eff67685f86ff0f3c8dc3112d2bc9
php55-php-debuginfo-5.5.21-4.el6.x86_64.rpm
    MD5: 0e29d750de5ccfe154368b4c65b39a51SHA-256: ab7360d4101082b195d362ad153abee106c0c91f1dcb39b524bbe15027988532
php55-php-devel-5.5.21-4.el6.x86_64.rpm
    MD5: e02582d4af66dee9323fea9ece32b027SHA-256: b41a95288644d8347c4493766d6bc4e284eadce88b307e4411158d41fcd354b2
php55-php-enchant-5.5.21-4.el6.x86_64.rpm
    MD5: b5445a9aeb15d9ce2ca7d8f5c1d52482SHA-256: 44a9571f905d992fd6957eeb05b68e75c7cc24ad4d518c1a1e29cbaa03e9ca4e
php55-php-fpm-5.5.21-4.el6.x86_64.rpm
    MD5: 950bae89a2d8b13212ec516da7ae2971SHA-256: a19a6eeac6b1e4d76a876397e383cc05eee6ad56e0352301029ed51472e859b2
php55-php-gd-5.5.21-4.el6.x86_64.rpm
    MD5: 463761384623948e617870af353fb75fSHA-256: 1fc1c86e1de5b57e14904d8b2c0253013b40f16b29deee9bf77bc16b0a274759
php55-php-gmp-5.5.21-4.el6.x86_64.rpm
    MD5: 71c44e4ddd572907c05b4acf0d4ec0a4SHA-256: a1486d2ce64cceb681867565d10d5df640a78e1a9bacb511b928d690538534cf
php55-php-imap-5.5.21-4.el6.x86_64.rpm
    MD5: 5189ada76e5f79a71dd456f9b3e314afSHA-256: a99e5f52411d85233b54e00108c80c7a146520848c89fc1621c60109e1eeb4f2
php55-php-intl-5.5.21-4.el6.x86_64.rpm
    MD5: 6252af7ce6f77ca62aa8d107676eb2b1SHA-256: f5b2bcb760641b8b369eaa92aa69d93f20a2434f8be3a294983ee2764e3726d3
php55-php-ldap-5.5.21-4.el6.x86_64.rpm
    MD5: 4e938f6fafda538cee2c0e9753d757eaSHA-256: 9805c89a95d0e8734b590d379fbc053f00eae13dda8c9102f57104b31510d6be
php55-php-mbstring-5.5.21-4.el6.x86_64.rpm
    MD5: 0faef13c2d93c724b5021bff9daae571SHA-256: a9c3329872e60bba8463982a151d0248c363f9f8da643b140abecfbb9d4d676c
php55-php-mysqlnd-5.5.21-4.el6.x86_64.rpm
    MD5: 486dd149c1185600fcb367719d311f99SHA-256: 9f34a5233da0608d7ac53db88af2f2ff771865c417bc40f82e1c177adb9bb8a6
php55-php-odbc-5.5.21-4.el6.x86_64.rpm
    MD5: 539a93d81f41a978fdbe87f7117e7211SHA-256: eb3b3d045e3d7027a83ecaaf2c09a72a0665f15927bc5bae32eec35d6d9ed3a4
php55-php-opcache-5.5.21-4.el6.x86_64.rpm
    MD5: 80b3c904e4751c8d9005ddb2bd30cee3SHA-256: 84fce46b276dcac3977d8494e68403791523e7e6a1308324a31121c67162bb7a
php55-php-pdo-5.5.21-4.el6.x86_64.rpm
    MD5: 75e906b55f11f955744291f4ff392babSHA-256: 83f0bc2cfe810efe0c08e11de3516d7aa11decdf6b1025e8a8ea8e936db3ba0e
php55-php-pgsql-5.5.21-4.el6.x86_64.rpm
    MD5: 26be805f39e5b4c78424217ed3a07aa2SHA-256: d3d9f22713c32150726baaadd8cb2d548768349ae1cf3514512d6206d1d064cf
php55-php-process-5.5.21-4.el6.x86_64.rpm
    MD5: c07e6fc998627dfc40de44a577e83be4SHA-256: 381da05a3dc07585509f6604c15f0d0b2fb8129049cefdd6a85a6d13da2c61c3
php55-php-pspell-5.5.21-4.el6.x86_64.rpm
    MD5: 414246b80470c2d320ba89b73f8f94dcSHA-256: 0cc810a13dce3e0d7249a6a58ddc8e388662adc0789fe96a423d3fbb4cfefd3a
php55-php-recode-5.5.21-4.el6.x86_64.rpm
    MD5: 074c655033ca9f43c7a11f3daf9582feSHA-256: 84f5d8ae7b6c66ca6504d2086b381408c5ab2d1626bae50943758d78dbd7a200
php55-php-snmp-5.5.21-4.el6.x86_64.rpm
    MD5: 5c9b2f35976f6eda20b2d9a0b3e8fb67SHA-256: 89c6a6a689fc1962e2bb9a64b17fdd6a5c8a733caf4d058249d5262bb881227a
php55-php-soap-5.5.21-4.el6.x86_64.rpm
    MD5: 25cfba242d7e77ebe001367d060c6864SHA-256: 438826f3831d8e6b924f0e48cdab671dc7e149f92d392a83fe59f615ca6dc5bc
php55-php-tidy-5.5.21-4.el6.x86_64.rpm
    MD5: da756934b730622479ea4c6aa65f4988SHA-256: 158b2a05aad639ecac55c3b613bfe1c23ff5ade1630c58c54280ca9fcea3620c
php55-php-xml-5.5.21-4.el6.x86_64.rpm
    MD5: 333fe757979c4923bc4368e13d729f79SHA-256: 9e9256fb3aa93e50445f9cac95a866404e9ea4258c9761517b784e995603936b
php55-php-xmlrpc-5.5.21-4.el6.x86_64.rpm
    MD5: 63116de1990ec9666bc2f2ac117619a0SHA-256: 3f7c79ecfe074bc4d0ff0387f4ad9ca76509f75c7fc666738aa3dfb7782508fe
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
php55-php-5.5.21-4.el7.src.rpm
    MD5: db083ea1265c24e568d5052ae42c48beSHA-256: ce1c7d0157de3c7d7a74545eb1c26f57df01fbc5dc18146074955fb8a6d1fe64
 
x86_64:
php55-php-5.5.21-4.el7.x86_64.rpm
    MD5: f1f150c54fad0acd0d9f5e2336870187SHA-256: 1fdac9fe2a3cca0c2c9cf784dbf61058e104fbbbed34a17478d26ba3e978c5bf
php55-php-bcmath-5.5.21-4.el7.x86_64.rpm
    MD5: 4b96b4003c600c9e314df6806c538360SHA-256: e670a6846a390b4a8aec75f0ed1cf98ea11fdae9898fae6c26b10d8fa1dde5e1
php55-php-cli-5.5.21-4.el7.x86_64.rpm
    MD5: 65f96b372c9beaa8a75b05e8673e0ff5SHA-256: 2ddd411c62be22f1d5ae4dc8285da362f1c4be9cc988122d8d16449706d0bfc6
php55-php-common-5.5.21-4.el7.x86_64.rpm
    MD5: bf931356d04f417ccc59205ecb31d4a5SHA-256: a605961ed56789f6d7d663b0e3b57b02f4f1d71af7b13b1d1405d52b5b7d1460
php55-php-dba-5.5.21-4.el7.x86_64.rpm
    MD5: 429b0d5fa579eac6ac79c13a9a9447ccSHA-256: 514369ee11bbf8240208f0853e88aee6421436be5c1d47ea6fb4c0602fd3bdf1
php55-php-debuginfo-5.5.21-4.el7.x86_64.rpm
    MD5: 02a0f3f25b753369671fce30b26e0327SHA-256: 2e88b781831fb5f2d40e6f3ebc53baca80b09c85e6c2cd12345dfc496c66667d
php55-php-devel-5.5.21-4.el7.x86_64.rpm
    MD5: 2bf117754e047580ecfd5ce122218774SHA-256: 485407f688a8d9e0bb3e25dfe7a0dab7c025ea2e2fa960ab8c1b8d4fecb5589f
php55-php-enchant-5.5.21-4.el7.x86_64.rpm
    MD5: 038b794f8bdcfb0c2dbb234fb1d72949SHA-256: 934e7ebacf734d87a0dc6ec8ef0a71254f74802f336c023f316655890481e44b
php55-php-fpm-5.5.21-4.el7.x86_64.rpm
    MD5: 4e9825c20a585ce489b5c0b59150dceaSHA-256: 13278fbfe47b1b0d7284e61171fc0dee1f156fd35d44f3c9f16293a2cc11b0b1
php55-php-gd-5.5.21-4.el7.x86_64.rpm
    MD5: 7134ec68b3e04aa151a59cd5e6568174SHA-256: 2c56b33c42789eb33ea3d9016be42602c93ed6a07bce0f0971855aeb043cab41
php55-php-gmp-5.5.21-4.el7.x86_64.rpm
    MD5: 686742df1b653be04c88c0eb83a7808fSHA-256: d0d92d1e8a68bd989d55d5211d3e1ba1bf2e09239f04e0434234a314e6ff2eab
php55-php-intl-5.5.21-4.el7.x86_64.rpm
    MD5: 5fba45e01c1b54fd4fb2c0027fceffe4SHA-256: e05670d059bd9824bd0e7f14d6b694164f6db51427b87f3814bc09dd2e3d6f85
php55-php-ldap-5.5.21-4.el7.x86_64.rpm
    MD5: e13b446ddfffa5e333fd167bb5b79aa4SHA-256: f81a89ee038ab88260f4abc0145b469ecadd2c40a5eeef0bab7e94d9446dd172
php55-php-mbstring-5.5.21-4.el7.x86_64.rpm
    MD5: 56997f36d5f6520ee5dcdcfbfe084a8dSHA-256: 204273414d5ab3ae9a59f095fe75d7aab9bbf8873728cf96ecfc07c8fc583998
php55-php-mysqlnd-5.5.21-4.el7.x86_64.rpm
    MD5: bd4e7a3da2427d6fef3921a730821646SHA-256: 542019caf40bfe52aa42e9f84453868dff7dd12eb4656ba3594112f0bb666bdd
php55-php-odbc-5.5.21-4.el7.x86_64.rpm
    MD5: c45e26ab9a2f9c8838ed51d87fa2fccbSHA-256: faf8a3cb7925b888f68c4bdd1c05a9844d57505cb6f3052fb80682d5dbfeca32
php55-php-opcache-5.5.21-4.el7.x86_64.rpm
    MD5: b8ed6caac587c86a3808a906bdc4cafcSHA-256: 9c6cd88c89f20f6ee1f750ee696e069e97172abb19275f64072a7759ca544df9
php55-php-pdo-5.5.21-4.el7.x86_64.rpm
    MD5: 326c0e835d2d06ee4b385b8f623fef1bSHA-256: 2cdc8af1df6801bcceef6cf1b7aa36fbbcb956a92e98b218a475e5abf1153d5f
php55-php-pgsql-5.5.21-4.el7.x86_64.rpm
    MD5: 048c159027e5506fbf6ab7429462ba5fSHA-256: 466ba8e526135763a2e11ca41b039eccfa8ef5febde0b0715c37bc021071533d
php55-php-process-5.5.21-4.el7.x86_64.rpm
    MD5: 4223d989b9a5df658842189409265b6aSHA-256: 9c0d7353dfbbaab379d5a9dd38a82915480c80a5447a2bcb6c84ff141da5af79
php55-php-pspell-5.5.21-4.el7.x86_64.rpm
    MD5: 71fbfa69640772356eba502c45f1cd0cSHA-256: 77aed4ecbe183dea705fe6dee0599af62d41e6d4c154e07a018bd152379374af
php55-php-recode-5.5.21-4.el7.x86_64.rpm
    MD5: 1c804653991837cf09f4d7eff59612e1SHA-256: 9729a26c63b890ba5a45e0f603d1584d2656c50f639ef2372eb3609ae0ecaf54
php55-php-snmp-5.5.21-4.el7.x86_64.rpm
    MD5: 52fc8668756602bec6caea93976d0ef3SHA-256: 0ed9c188e336ae2430ca5197fcd3747712d08cc5163ddd228242aec3213e29f9
php55-php-soap-5.5.21-4.el7.x86_64.rpm
    MD5: 789d26937575fe8ad0651c98b2f9449dSHA-256: 831cf260780841b5a3ff4e4656521cfbc5c7477eac45f595913130b619317fda
php55-php-xml-5.5.21-4.el7.x86_64.rpm
    MD5: 97a5768ff08bca18b048cde5d586474aSHA-256: 321d39682d85618d7a33b631f70a4bc8eb9bd86772cf9a19e10650a6b0ad3cca
php55-php-xmlrpc-5.5.21-4.el7.x86_64.rpm
    MD5: 55d67a22d47b2d35b989c50886aa82f8SHA-256: f35b32499e97af948e3daf7553d5031629e3206e90fc6c2bf71fcc8d34da8e95
 
(The unlinked packages above are only available from the Red Hat Network)
1213394 – CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.41213407 – CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions1213442 – CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo1213446 – CVE-2015-2783 php: buffer over-read in Phar metadata parsing1213449 – CVE-2015-3329 php: buffer overflow in phar_set_inode()1222485 – CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS1223408 – CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+1223412 – CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing1223422 – CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character1223425 – CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name1223441 – CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()1232823 – CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions1232897 – CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions1232918 – CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize1232923 – CVE-2015-4602 php: Incomplete Class unserialization type confusion

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply