-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A new update is available for Univention Corporate Server 3.1 as part of the extended security maintenance. It addresses the following problem: Program component: php5 Reference: CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3480 CVE-2014-3515 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-4029 CVE-2014-4721 CVE-2014-8117 CVE-2014-9705 CVE-2015-0232 CVE-2015-2301 CVE-2015-2331 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330 Fixed version: 5.3.3.1-7.211.201505211213 * CVE-2014-9705 Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. * CVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. * CVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. * CVE-2015-2331 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. * CVE-2015-2783 Buffer Over-read in unserialize when parsing Phar * CVE-2015-2787 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. * CVE-2015-3329 Buffer Overflow when parsing tar/zip/phar in phar_set_inode) * CVE-2015-3330 PHP potential remote code execution with apache 2.4 apache2handler * CVE-2015-temp-68819.patch denial of service when processing a crafted file with Fileinfo * CVE-2014-0238 The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. * CVE-2014-0237 The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. * CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. * CVE-2014-8117 Stop reporting bad capabilities after the first few. limit the number of program and section header number of sections limit recursion level * CVE-2014-3668 Fix bug #68027 - fix date parsing in XMLRPC lib * CVE-2014-3669 Fixed bug #68044: Integer overflow in unserialize() (32-bits only) * CVE-2014-3670 Fix bug #68113 (Heap corruption in exif_thumbnail()) * CVE-2014-3710 Fix bug #68283: fileinfo: out-of-bounds read in elf note headers * CVE-2014-3538 extensive backtracking in rule regular expression * CVE-2014-3597 Segfault in dns_get_record (PHP#67717) * CVE-2014-3587 Segfault in cdf.c (PHP#67716) * CVE-2014-3515 fix unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion * CVE-2014-0207 fileinfo: cdf_read_short_sector insufficient boundary check * CVE-2014-3480 fileinfo: cdf_count_chain insufficient boundary check * CVE-2014-4721 The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. * CVE-2014-4029 * CVE-2014-1943 Fix segmentation fault in libmagic (Closes: #739012) - -- Univention GmbH be open. Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-0 Fax : +49 421 22232-99 http://www.univention.de/ Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVXwPpAAoJEC07aMN37ihbUPYP/1WaBUK9uHjzyhKylZR92QLc Z9KLV5Gd8wlowgMLGEVlU8A8gG/RniN9mvDU4dXf7TXZWA7NCGDGsXJDmg1jMH9w ssm1Kmacl4+kf8hxzN0cfKJAfVd1eVHwYXPVJD94JRsGk7Cz68WQ3tIkjdlBcdKI VAnFT/OE52FNFpk/pOn9fEA9Pz4yqASBIiimRaEdLDO8aUKeN9UpA9v36j4gWvVV WgOW5lb7sMSHaFJCwvgfoUVLvjjd3hS2cUUlg7PQOFQxY433SazHYFeML5C9owL+ ik4J3jp3LCRiBcL0FsHCB3lJDpnI9tJJy5ZTvd5S9GVwV9X8Ckgl8zZ7MQSILbtA 0K0TByGUSwwBLPP9Z3FRoqQkGOCphzuAhfZPoOZnK77QOoY5R9yRYvYcJsLwNcpE QxMzBv/kXM8PeimK5M7fY4nstpsDCmtGVOvLD6XvXOYc8rn+4jkXL2DgT/HM6/UL QabmRHOMuxuyIGVBpjWghw63svpC0rzIViUiLkDg//yxQXcFGbj+ZdjOnyPEmJi4 75FQ6gknmwRK+q4Alm5zYkOml/HZ8y8BQDuqYkij/vpcrUqnNHzl1vvKt8rUCJvQ I3yvLgxpLLsyCdzD1rSDc7ix9927vYH/fgxwfmY+wJa4zeWCauJOpxJIs9nBsfWc i5BKJVqKtMJKnYGDlgTz =IV6h -----END PGP SIGNATURE-----