Jarjar
Apprentice
Joined: 21 Jul 2002
Posts: 265
Location: Sweden
|
 Posted: Mon Dec 29, 2014 8:25 am Post subject: Suddenly vulnerable to old PHP GLSAs? |
 |
|
A few days ago, my system suddenly became vulnerable to two old PHP GLSAs (I run a emerge --sync and glsa-check during the night).
Any idea what's going on? Re-emerging PHP doesn't help, and since my version is higher than the recommended one for 5.4.x, it shouldn't be vulnerable.
| Code: |
This system is affected by the following GLSAs:
201411-04
201408-11
GLSA 201411-04:
PHP: Multiple vulnerabilities
============================================================================
Synopsis: Multiple vulnerabilities have been discovered in PHP, the
worst of which could lead to remote execution of
arbitrary code.
Announced on: November 09, 2014
Last revised on: November 09, 2014 : 01
Affected package: dev-lang/php
Affected archs: All
Vulnerable: <5.5.18
Unaffected: >=5.5.18, >=~5.4.34, >=~5.3.29
[...]
All PHP 5.4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=dev-lang/php-5.4.34"
[...]
PHP: Multiple vulnerabilities
============================================================================
Synopsis: Multiple vulnerabilities have been discovered in PHP, the
worst of which could lead to remote execution of
arbitrary code.
Announced on: August 29, 2014
Last revised on: November 04, 2014 : 02
Affected package: dev-lang/php
Affected archs: All
Vulnerable: <5.5.16
Unaffected: >=5.5.16, >=~5.4.32, >=~5.3.29, >=~5.4.34
[...]
All PHP 5.4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=dev-lang/php-5.4.32"
[...]
# eix -I ^php$
[I] dev-lang/php
Available versions:
(5.3) 5.3.29
(5.4) ****5.4.36****
(5.5) [m]5.5.20
(5.6) [m]~5.6.4
{apache2 bcmath berkdb bzip2 calendar cdb cgi cjk +cli crypt +ctype curl curlwrappers debug embed enchant exif +fileinfo +filter firebird flatfile fpm frontbase ftp gd gdbm gmp +hash +iconv imap inifile intl iodbc ipv6 +json kerberos ldap ldap-sasl libedit libmysqlclient mhash mssql mysql mysqli mysqlnd nls oci8-instant-client odbc +opcache pcntl pdo +phar +posix postgres qdbm readline recode selinux +session sharedmem +simplexml snmp soap sockets spell sqlite sqlite2 ssl sybase-ct systemd sysvipc threads tidy +tokenizer truetype unicode vpx wddx +xml xmlreader xmlrpc xmlwriter xpm xslt zip zlib}
Installed versions: 5.4.36(5.4)(09:13:04 AM 12/29/2014)(apache2 bcmath berkdb bzip2 cli crypt ctype curl curlwrappers exif fileinfo filter flatfile ftp gd gdbm hash iconv imap ipv6 json mhash mysql nls pdo phar posix readline session simplexml sockets ssl tokenizer truetype unicode xml zlib -calendar -cdb -cgi -cjk -debug -embed -enchant -firebird -fpm -gmp -inifile -intl -iodbc -kerberos -ldap -ldap-sasl -libedit -mssql -mysqli -mysqlnd -oci8-instant-client -odbc -pcntl -postgres -qdbm -recode -selinux -sharedmem -snmp -soap -spell -sqlite -sybase-ct -systemd -sysvipc -threads -tidy -wddx -xmlreader -xmlrpc -xmlwriter -xpm -xslt -zip)
Homepage: http://php.net/
Description: The PHP language runtime engine: CLI, CGI, FPM/FastCGI, Apache2 and embed SAPIs
|
_________________
[Server etc. | C2D 2.2 @ 3.0 GHz / 4 GB RAM / 3x1 TB + 1x2 TB SATA disks + 1.5 TB ext. | Gentoo]
[Laptop | Macbook Pro 15" / Core i7 (Sandy) Quad 2.2 GHz / 16 GB RAM / Samsung 840 250 GB SSD + 1 TB + 2 TB HDD / 6750M 1 GB / OS X, Win 7] |
|
Networking & Security
