Updated rh-php56-php packages that fix multiple security issues are nowavailable for Red Hat Software Collections 2.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Server.A flaw was found in the way the PHP module for the Apache httpd web serverhandled pipelined requests. A remote attacker could use this flaw totrigger the execution of a PHP script in a deinitialized interpreter,causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)A flaw was found in the way PHP parsed multipart HTTP POST requests. Aspecially crafted request could cause PHP to use an excessive amount of CPUtime. (CVE-2015-4024)An integer overflow flaw leading to a heap-based buffer overflow was foundin the way PHP’s FTP extension parsed file listing FTP server responses. Amalicious FTP server could use this flaw to cause a PHP application tocrash or, possibly, execute arbitrary code. (CVE-2015-4022)Multiple flaws were discovered in the way PHP performed objectunserialization. Specially crafted input processed by the unserialize()function could cause a PHP application to crash or, possibly, executearbitrary code. (CVE-2015-4602, CVE-2015-4603)It was found that certain PHP functions did not properly handle file namescontaining a NULL character. A remote attacker could possibly use this flawto make a PHP script access unexpected files and bypass intended filesystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,CVE-2015-3412, CVE-2015-4598)Multiple flaws were found in the way the way PHP’s Phar extension parsedPhar archives. A specially crafted archive could cause PHP to crash or,possibly, execute arbitrary code when opened. (CVE-2015-2783,CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)Multiple flaws were found in PHP’s File Information (fileinfo) extension.A remote attacker could cause a PHP application to crash if it usedfileinfo to identify type of attacker supplied files. (CVE-2015-4604,CVE-2015-4605)All rh-php56-php users are advised to upgrade to these updated packages,which contain backported patches to correct these issues. After installingthe updated packages, the httpd24-httpd service must be restarted for theupdate to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Software Collections 1 for RHEL 6

SRPMS:
rh-php56-php-5.6.5-7.el6.src.rpm
    MD5: 0b56f4c0dd79a02cf23ce785b5d23c88SHA-256: 1f39ebd51300ab3c9063bb2d61bddc338b8ba0bb719dff30587adc1e702203d8
 
x86_64:
rh-php56-php-5.6.5-7.el6.x86_64.rpm
    MD5: 75ece7ee19f3e3ff24d0d7ea924ec08dSHA-256: bcc00998f7df2976aa0cc988b5e999a1cf45e4defc5689e38f0053f6c6241a05
rh-php56-php-bcmath-5.6.5-7.el6.x86_64.rpm
    MD5: b43449ba2e2fca414451b45601160f81SHA-256: 884461597d12230b472cd0e185968461388773cc662cc6e88b3e403662f622c5
rh-php56-php-cli-5.6.5-7.el6.x86_64.rpm
    MD5: c9c7743cc3124165e2f46df6fb293685SHA-256: fe2b5a38b68d0b5496e4cc940ef77b84decc68875ca72690adfb258aca7772bb
rh-php56-php-common-5.6.5-7.el6.x86_64.rpm
    MD5: eadaf354deeeca46d9f00f159c8504d2SHA-256: ed17a41f4a6acd50c70d30d035fb3d616d21f554a47660e0e9e4582ed04ce3ad
rh-php56-php-dba-5.6.5-7.el6.x86_64.rpm
    MD5: 1e97e3dd1486882d7416df236c5fd93dSHA-256: c926d4d180f7fc84e94dd8846fb86dc649caae4c9d1dc305afccd75a43463662
rh-php56-php-dbg-5.6.5-7.el6.x86_64.rpm
    MD5: 04361b7b241b119844e45240fb57bda8SHA-256: 411b9b2f5a8c90358c372db36c16e16165b86ef0d38253e8d6fc796e6b7a17e8
rh-php56-php-debuginfo-5.6.5-7.el6.x86_64.rpm
    MD5: 5bbfda5b7f2724b1bc1b9ec1e2d460d9SHA-256: a26c1e53cad05882ce00f4d8dc72f81f9b165fa3e03de9df1a958fdde5bf8ce2
rh-php56-php-devel-5.6.5-7.el6.x86_64.rpm
    MD5: 61d89939d5520a4708c65f3f2dcd1d9aSHA-256: d2f08a40f70c4858d548c1da9efb1753ac24fe2e75a11c9ed39f4f1f578fc913
rh-php56-php-embedded-5.6.5-7.el6.x86_64.rpm
    MD5: b7d49e659a5edfba34c76ab59eb86494SHA-256: 653ce32ee2227f2cd49b1e5cb6e6480cd084bb0b7f0a3f4206d169957a895545
rh-php56-php-enchant-5.6.5-7.el6.x86_64.rpm
    MD5: 96ba988dae536720b6d26c1f5dc729e7SHA-256: 060d79bdf753ddca362e40e4215bcc2bbaade1c2dd5a107dfa397ba9bde9420c
rh-php56-php-fpm-5.6.5-7.el6.x86_64.rpm
    MD5: 08081158486de663b48ff76f8a0b9b51SHA-256: 1a622e8bad0023f9f4483cad7630d74de483f29e8c446b25017bfdc3bda82931
rh-php56-php-gd-5.6.5-7.el6.x86_64.rpm
    MD5: 0bb622f449fc217a01686a5393b0f719SHA-256: 5cbffcbe3e1f657c3cc5881964e9810de31a6f07b9c55216236cfd1f98ffa6cd
rh-php56-php-gmp-5.6.5-7.el6.x86_64.rpm
    MD5: 5b58ec5f5380d1599875af0f45ef8ab8SHA-256: d047f5e8f8624c856b983ec427d17d6f7138ca9ec8b7419338900303d1b7e73d
rh-php56-php-imap-5.6.5-7.el6.x86_64.rpm
    MD5: 01ad5312156d689f1952413e3f4a2d0bSHA-256: 65e5f8558b0b646c2960adefe0931525e6d02d4fb38c8b1e809605f0574369c3
rh-php56-php-intl-5.6.5-7.el6.x86_64.rpm
    MD5: 735ef02c31d7f1fa65f8a0da6ce64433SHA-256: e737e4053ba9aaaac5842cdd69eebc2d95be1756077aa38f641c265692d48dab
rh-php56-php-ldap-5.6.5-7.el6.x86_64.rpm
    MD5: 67a2de9f2114682da508052a612d4b92SHA-256: 529118e0d4603c53da9e45d92a7c70e71ceed65568b19c81cd03ad77635c7731
rh-php56-php-mbstring-5.6.5-7.el6.x86_64.rpm
    MD5: 6a3db15d2c74d35c1509ebedf23d19efSHA-256: ed5200ef097ecf5cd27ce663cbf1fc999a0cc71a0f0dcba3f230c12d330e466a
rh-php56-php-mysqlnd-5.6.5-7.el6.x86_64.rpm
    MD5: 58196caabb9f2550d60e94f5ec4c80e3SHA-256: 90ca177f58418323395f6372d8af1cc71899df5560a50122a9c3faa4463c5c8a
rh-php56-php-odbc-5.6.5-7.el6.x86_64.rpm
    MD5: 3d885078306e575b325ca54959ca01edSHA-256: 8cb53f27ec859739997293508074ede0315806083d84e073b82b9848a146f597
rh-php56-php-opcache-5.6.5-7.el6.x86_64.rpm
    MD5: d01991092064e8019c7b6586e2ac4e2eSHA-256: e13d4b18ef6601d3f66fc85ff66eea8d36a809cdbd003053c5633a66a7fe710b
rh-php56-php-pdo-5.6.5-7.el6.x86_64.rpm
    MD5: 3fca21ba21ecfb85d236b04c9f8bf0b9SHA-256: d295db472e4baad09780180d27b5dba0fa82ce758e41c568be45a6d55ff89819
rh-php56-php-pgsql-5.6.5-7.el6.x86_64.rpm
    MD5: 444e8a52775fa321ceca1f9aeb8f9b1fSHA-256: b809308eb005dc126043b864d5fb5f57e039c2f072ee0c30fb42315c05337823
rh-php56-php-process-5.6.5-7.el6.x86_64.rpm
    MD5: 32d58c2b9fafa31570e2ddff93531512SHA-256: 128639606ed5f1678b23f3470fc6ee2bd5f355a8804b4d15cb4097528965a63f
rh-php56-php-pspell-5.6.5-7.el6.x86_64.rpm
    MD5: 3f9aedb23bc8775f27b4fd5e7d3de762SHA-256: 37ebf11d2c53d59909a1da388a665b3c0a7a64bd0e2b326766304e97a4a7c1d8
rh-php56-php-recode-5.6.5-7.el6.x86_64.rpm
    MD5: 08748bccfdf1711c9db48e2e73128c0eSHA-256: 35b7bd68c1eda55ce4881d363a90f267d7f3c0a81b6b8dfd8c08a2490a32dacf
rh-php56-php-snmp-5.6.5-7.el6.x86_64.rpm
    MD5: 0c20a56cac76d405fa089110e315560bSHA-256: 10b05c24ca18acfdb8700573c20bddfc7d6234bd4a51df5030cd5a46ce9e34f0
rh-php56-php-soap-5.6.5-7.el6.x86_64.rpm
    MD5: 34d0acea703397d3193fc437020bebc1SHA-256: 21a4eadbd4b43585f923ab5cd1bf77961ab7647e0a393c95067207edc452af74
rh-php56-php-tidy-5.6.5-7.el6.x86_64.rpm
    MD5: 1d751f2330548de03ba886a0db658551SHA-256: 06960acea6b79db9e9636dd3262d97dbb1c852693d25af144b20481fa5a4bbb2
rh-php56-php-xml-5.6.5-7.el6.x86_64.rpm
    MD5: 713abebce651ba4ea4b91e0c4a50f0f0SHA-256: 5bbf099b819960f27c30434bf761c18377c13bcde5a2385aa18e1e4c53e59d53
rh-php56-php-xmlrpc-5.6.5-7.el6.x86_64.rpm
    MD5: 7172f8f8bc4a065048f4a90f31b3af0aSHA-256: 958241cdc1549c47243b89b8850232ae81529d9386fae4e1799b028fc2a287e0
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
rh-php56-php-5.6.5-7.el7.src.rpm
    MD5: 35a4841de8de13b80d0e6f7c5a84101dSHA-256: 9148fa56e56ab28f4a007cb45d6c92a9320a87f635fa8980e713c16fb81cf821
 
x86_64:
rh-php56-php-5.6.5-7.el7.x86_64.rpm
    MD5: 41f1beca44e6efb46542b1a2adf187f6SHA-256: 2d7f65b64dd988ed4fe67caf9608de7aad5f2c95fb07c87c6e6df196074dd542
rh-php56-php-bcmath-5.6.5-7.el7.x86_64.rpm
    MD5: 367d2e9a06c7a6417d1dc46d2115ed73SHA-256: 1b0bf135f8bb75da743b4e5a1bae9db4739a328aaeab0129e8279be096f37e29
rh-php56-php-cli-5.6.5-7.el7.x86_64.rpm
    MD5: 521ea864b0db21ec94afd2a835f74dc3SHA-256: a6e9486269729249df8db9a424a4b64ca3398ed04a07be8348203e216244f0a1
rh-php56-php-common-5.6.5-7.el7.x86_64.rpm
    MD5: 5096545d0452c3045bf51367aabe2983SHA-256: fc28c0d1215a7011868c985c309cde2fc2599c8c39a7bf7faa47481e1457ac4f
rh-php56-php-dba-5.6.5-7.el7.x86_64.rpm
    MD5: 13807142ccd268a93c934e3c4a514c40SHA-256: 754683907ea973edccf5f66b5a7cd6b910df8f8c2ae0cb38e1ea5112eed21619
rh-php56-php-dbg-5.6.5-7.el7.x86_64.rpm
    MD5: 138a7b542fa8bd8501e95dee2a97bbeeSHA-256: 47663fae0d7abd1e959a441b093239ccec91c87ae40d6d3160e7fcf596f632e5
rh-php56-php-debuginfo-5.6.5-7.el7.x86_64.rpm
    MD5: a736b91126073dc41044400d5f364facSHA-256: f939c3bf948ce48eb179c084dac4746a9daf16fa0e57d46ad6daeb4bc61b9508
rh-php56-php-devel-5.6.5-7.el7.x86_64.rpm
    MD5: 1e1a4b2ad301062f76b25bd52de4634fSHA-256: 3285b9980eebf820f4f802c2547871ff9b9b81be891746c28788ebdc3b54802b
rh-php56-php-embedded-5.6.5-7.el7.x86_64.rpm
    MD5: 2c87e9aa4f64acec15c39f34693f2b3eSHA-256: c23b3870220943818181fea1cb0b4ce54d46771046f8db0d4a86f614f2de634c
rh-php56-php-enchant-5.6.5-7.el7.x86_64.rpm
    MD5: 27e8d65bf37344f472e6330d6e1f9fd8SHA-256: 552ba0f1b591e1deac93cdcd03234d9a6afb7f53aab5008731867c92b4f33edc
rh-php56-php-fpm-5.6.5-7.el7.x86_64.rpm
    MD5: 3a9c977592f9c00450ee277893445264SHA-256: c2406366801c55d419ce3bbfbccd0ce02617b1f418f616cbfb1d961048a06157
rh-php56-php-gd-5.6.5-7.el7.x86_64.rpm
    MD5: 20423185a583d1e9173ddc6814092b60SHA-256: e3297636606345a996e3a8cee9511b5ab7de7660d7b5610adaa2dba9fbbadcd7
rh-php56-php-gmp-5.6.5-7.el7.x86_64.rpm
    MD5: af00881f229c9299c7ecf0e3c56e3ca3SHA-256: ca054e90b90ca0c6d8987f631d330e91f5a23012b24014e659280fff8090cdae
rh-php56-php-intl-5.6.5-7.el7.x86_64.rpm
    MD5: 6345035b5c5265355ae71312cb140bbbSHA-256: df391a5d63c4c23da78d329777a3203a7a191ea969eea54b8561ce24b989cb6b
rh-php56-php-ldap-5.6.5-7.el7.x86_64.rpm
    MD5: 0292d626d4c6cc3968ca1085fdc2b716SHA-256: 05b7fbb3cbc1eda1c2d69475594bddb045b3290dc30f1ad3bdb9ee7d81b26f44
rh-php56-php-mbstring-5.6.5-7.el7.x86_64.rpm
    MD5: b2b8357f041f3be8251b7ee6b777407fSHA-256: 053f308de6bc191ffa05d8d88320ee9c887d287b890ea60ce808384fdf0f4be0
rh-php56-php-mysqlnd-5.6.5-7.el7.x86_64.rpm
    MD5: f2adcb352aad3a58ca35c0ace1ddc49dSHA-256: b2ff5b55934b0310c72e2b5720a407ba429a22d3df8951f38afc1487dc72dc2e
rh-php56-php-odbc-5.6.5-7.el7.x86_64.rpm
    MD5: d2806e2d95034e56b701954dc575c892SHA-256: 4b0752af05ed796bec1f7d361ce9605be790212077bd1382290ba2ce09a47b8f
rh-php56-php-opcache-5.6.5-7.el7.x86_64.rpm
    MD5: f5e470b01326e3c28b86f2c286327dc5SHA-256: 675d58294c30ead29ccd0a6b7b3909b34908bb9198c3a72a7ec0514f4311a7a7
rh-php56-php-pdo-5.6.5-7.el7.x86_64.rpm
    MD5: 4bf7d1458550ed38a3c5acb524cf164fSHA-256: 06338080ba5692cd5857adf8e9acfe1f29a207bde3e049350d6c0c7b40b100f2
rh-php56-php-pgsql-5.6.5-7.el7.x86_64.rpm
    MD5: 289f202e1a8ea27aa885968ce5ad2704SHA-256: cec4009e75daf1c52f6ee351e804321d68cef8561712d74fa1e55a124e709c9b
rh-php56-php-process-5.6.5-7.el7.x86_64.rpm
    MD5: 8cda2fc1bba0c31595463fd68859ea96SHA-256: 4d321eac3217b244b2c64c503ac0d62f7a7b6252eb7ffd6e4b1641e334601652
rh-php56-php-pspell-5.6.5-7.el7.x86_64.rpm
    MD5: ba7bddcc153f182bb663fe392519f66bSHA-256: 0cd7db4ae4728490335e1087f4cd97acca78c55a071151f3379e183b4d2854f4
rh-php56-php-recode-5.6.5-7.el7.x86_64.rpm
    MD5: 5008a31537fdb298ce4a5736e47ced03SHA-256: 27c9e00f4f9d9c321458da8913f7007c4d7faca1d9269537d2005da43dc4c99c
rh-php56-php-snmp-5.6.5-7.el7.x86_64.rpm
    MD5: 3770bf921c6cd1860ed287953109fdebSHA-256: 823007e2aed49af6362f427493f97671de6e39b2ba842cd0db90e4c45cd892f3
rh-php56-php-soap-5.6.5-7.el7.x86_64.rpm
    MD5: 01479abc2ebaa04295f01f6fec72edc8SHA-256: a279bbaeb7850003e9940d9c6a7585ef776a5c7b78285d7c7e03e7f9a9b606e9
rh-php56-php-xml-5.6.5-7.el7.x86_64.rpm
    MD5: d8db5917f5b67bd3277eeb0177eed31cSHA-256: 7f0b63aa8a11049c9e7f7cba63e7b1e4fc0733ed9a3b3a26adaa778c05e09b73
rh-php56-php-xmlrpc-5.6.5-7.el7.x86_64.rpm
    MD5: cbdb99fa4a0985fa1d0ff6f37f519da9SHA-256: 5b1e12c3e42c38236d90613d64edf49b7b834cea9b18ace6ff84541d1a87ee17
 
(The unlinked packages above are only available from the Red Hat Network)
1213394 – CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.41213407 – CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions1213442 – CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo1213446 – CVE-2015-2783 php: buffer over-read in Phar metadata parsing1213449 – CVE-2015-3329 php: buffer overflow in phar_set_inode()1222485 – CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS1223408 – CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+1223412 – CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing1223422 – CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character1223425 – CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name1223441 – CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()1232823 – CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions1232897 – CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions1232918 – CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize1232923 – CVE-2015-4602 php: Incomplete Class unserialization type confusion

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply