-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2015-4
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 アナウンス日 : 2015/02/12
 最終更新日   : 2015/02/12

 パッケージ名 : php

 タイトル : php に任意のコードが実行される脆弱性

 概要 : PHP は、HTML ファイル内に記述するタイプのスクリプト言語です。

      exif_process_unicode function 関数の欠陥で、JPEG に細工された
      EXIF データを利用して任意のコードが実行される脆弱性が存在します。

 影響 : 第三者が脆弱性を利用して、任意のコードが実行されて、又は、
      サービス運用妨害(DoS)攻撃を受ける可能性があります。

 影響製品 :

    - Turbolinux Client 12.5
    - Turbolinux Appliance Server 3.0 x64 Edition
    - Turbolinux Appliance Server 3.0
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - Turbolinux Appliance Server 2.0 (延長メンテナンス)
    - Turbolinux 10 Server x64 Edition (延長メンテナンス)

 対策方法 : 下記パッケージにアップデートを行って下さい。
          [Turbolinux Client 12.5 の場合]
          アップデートは、KDE デスクトップのパネルの通知アイコンをクリックし
          メニューから [アップデートの参照] を選択し行って下さい。

          [Turbolinux 11 Server, Turbolinux 11 Server x64 Edition の場合]
          アップデートは、ディスクトップメニュー「パネルの左端のメニュー」をクリックし
          Turbo プラス を起動し行って下さい。

          [Turbolinux 10 Server x64 Edition の場合]
          アップデートは、Kメニュー「左端の メニュー」をクリックし
          Turbo プラス を起動し行って下さい。

          [Turbolinux Appliance Server の場合]
          アップデートは、 TLAS Server Desktop 上から行って下さい。

 コンソールから実行する場合
 ----------------------------------------
 [Turbolinux 11 Server の場合]
 # turbo+ --cui
 もしくは、
 # turbo+ -u php php-bcmath php-cli php-common php-dba php-embedded php-gd \
             php-imap php-ldap php-mbstring php-mcrypt php-mhash php-mssql \
             php-mysql php-ncurses php-odbc php-pdo php-pgsql php-snmp \
             php-soap php-tidy php-xml

 [Turbolinux 10 Server x64 Edition の場合]
 # turbopkg
 # turbo+ --cui
 もしくは、
 # turbo+ -u php4 php4-gd php4-imap php4-ldap php4-manual php4-ming php4-mysql php4-pgsql
 ----------------------------------------


 <Turbolinux Client 12.5>

   Source Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12.5/turbolinux-source/php-5.2.4-24.src.rpm
      7717321 7ba1739947550f23285de43a8273122a

   Binary Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12.5/turbolinux-updates/php-5.2.4-24.i586.rpm
      4082950 bc6dacecc9423692c801ff196b7a5caf
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12.5/turbolinux-updates/php-cli-5.2.4-24.i586.rpm
      2654503 ab05bacd7aeaf33d773651a8a319b2ba
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12.5/turbolinux-updates/php-common-5.2.4-24.i586.rpm
       280746 74b2c892839985bbc89d9d5b4763411e
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12.5/turbolinux-updates/php-devel-5.2.4-24.i586.rpm
       552116 978ab1678d5601fd450ac00e781f946c

 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   php-5.2.4-24.src.rpm
      7734654 fe633c2447bdb8384e39e4182b771fde

   Binary Packages
   Size: MD5

   php-5.2.4-24.x86_64.rpm
      4178061 3415762015c7a2be55ef2bc998333a7d
   php-bcmath-5.2.4-24.x86_64.rpm
        47860 141e07a20102eec586c67dbb10b08225
   php-cli-5.2.4-24.x86_64.rpm
      2642042 afcc309470f437267705442c76a414e1
   php-common-5.2.4-24.x86_64.rpm
       286039 4c3d6c695bb51570b1b0766545cd83a2
   php-dba-5.2.4-24.x86_64.rpm
        62491 69057623536943a94769d9da5ae6d5f2
   php-embedded-5.2.4-24.x86_64.rpm
      1377525 1b2dc57f6f0b968316944843b90244fa
   php-gd-5.2.4-24.x86_64.rpm
       215372 e699054a53e21c27804ed1ceb73d9b1d
   php-imap-5.2.4-24.x86_64.rpm
        88850 136c2302a1a64ec3b3db97bffd6a6dfa
   php-ldap-5.2.4-24.x86_64.rpm
        52647 817241cfb923872d7e60b6f1f1a28f85
   php-mbstring-5.2.4-24.x86_64.rpm
      2167835 57879b27dfb26be5b076504427e02403
   php-mcrypt-5.2.4-24.x86_64.rpm
        40421 64414ab0d6bedabdea408bd31f033f70
   php-mhash-5.2.4-24.x86_64.rpm
        21713 12f9191317630dcdd3fa616343711c14
   php-mssql-5.2.4-24.x86_64.rpm
        56070 3d5ecb702d72e1b6bb7db74c917fdfdd
   php-mysql-5.2.4-24.x86_64.rpm
       158786 b03a131c45f1e9d3cbeb41b39c5c78de
   php-ncurses-5.2.4-24.x86_64.rpm
        62431 69d3c7633b2ed0915fdd4b4f3a06dec1
   php-odbc-5.2.4-24.x86_64.rpm
        87011 7be47f1d75a44d4751bae4078ef0e529
   php-pdo-5.2.4-24.x86_64.rpm
       113460 53503f7f3e8b278948272b652b484cc0
   php-pgsql-5.2.4-24.x86_64.rpm
       124530 f37ad2e4e5bb0174a494d9691f9a3bd8
   php-snmp-5.2.4-24.x86_64.rpm
        33217 2ba077d2e4e82dd02f8394032f2f9c96
   php-soap-5.2.4-24.x86_64.rpm
       272340 4ac3f55087484c2bad20fca086d97078
   php-tidy-5.2.4-24.x86_64.rpm
        47885 10b1311a1a50e9e2b526f68e9f8f367e
   php-xml-5.2.4-24.x86_64.rpm
       191086 215b12711ca45f513c00009756a42060
   php-xmlrpc-5.2.4-24.x86_64.rpm
        91647 eb26444eb6b8f861c8bf86a306cde559

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   php-5.2.4-24.src.rpm
      7734654 fe633c2447bdb8384e39e4182b771fde

   Binary Packages
   Size: MD5

   php-5.2.4-24.i686.rpm
      3843298 82a0704a3f04c365ae6a0ee98f047992
   php-bcmath-5.2.4-24.i686.rpm
        37435 247a89556dfd5d3f85d082aba3798701
   php-cli-5.2.4-24.i686.rpm
      2498011 d0c02b2d004c3672595ee6572bd0bff5
   php-common-5.2.4-24.i686.rpm
       273871 36df1ddef2c35134704af47910c55d6b
   php-dba-5.2.4-24.i686.rpm
        58048 09e1546cda93b822ecf080dd76146644
   php-embedded-5.2.4-24.i686.rpm
      1268414 b6f53a4908e25cd7a10d62cc5b148afc
   php-gd-5.2.4-24.i686.rpm
       202068 8a6500eab88137c6f2350c21d2f89b35
   php-imap-5.2.4-24.i686.rpm
        81552 16a6c91dda09759939bca905ac3be43b
   php-ldap-5.2.4-24.i686.rpm
        48333 8eaca52fa706318a0d988fc081e0d6bc
   php-mbstring-5.2.4-24.i686.rpm
      2124367 622b16a071be150c60e0b9719f298839
   php-mcrypt-5.2.4-24.i686.rpm
        33864 5afa076d227b4c9d7202312c77912a0d
   php-mhash-5.2.4-24.i686.rpm
        20859 f355724f36bb75f30afe1fdbd429afa6
   php-mssql-5.2.4-24.i686.rpm
        52460 0890e7be961cb416ec78e68813e1e1d1
   php-mysql-5.2.4-24.i686.rpm
       141561 1dd5aab80322d6a248a74c4a6c6e2afa
   php-ncurses-5.2.4-24.i686.rpm
        55959 5f3aefac9b9fbd733fc01060fd43b81e
   php-odbc-5.2.4-24.i686.rpm
        79103 3f722bcf69c59207e29e3b1e73c1d03e
   php-pdo-5.2.4-24.i686.rpm
       105262 daa73920641a13092bf4f37b61fcd83f
   php-pgsql-5.2.4-24.i686.rpm
       112775 7982e0103a8ba5b04dfe4435a3ec51c8
   php-snmp-5.2.4-24.i686.rpm
        30724 a08c2986d4275152556600dfbe26c176
   php-soap-5.2.4-24.i686.rpm
       267848 69db7b99c77db8a1b7ac91ae0066ba53
   php-tidy-5.2.4-24.i686.rpm
        44634 18b833713f2843dde74e988d6ec20acc
   php-xml-5.2.4-24.i686.rpm
       167310 cde681b4a66a96ce7be80881ff3c5f11
   php-xmlrpc-5.2.4-24.i686.rpm
        85030 aa065e97c69b28d17ea1a8f4eb8304de

 <Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/php-5.2.4-24.src.rpm
      7717180 82e02230641cc29a51a65ba2e3fc5780

   Binary Packages
   Size: MD5

   php-5.2.4-24.x86_64.rpm
      4178061 3415762015c7a2be55ef2bc998333a7d
   php-bcmath-5.2.4-24.x86_64.rpm
        47860 141e07a20102eec586c67dbb10b08225
   php-cli-5.2.4-24.x86_64.rpm
      2642042 afcc309470f437267705442c76a414e1
   php-common-5.2.4-24.x86_64.rpm
       286039 4c3d6c695bb51570b1b0766545cd83a2
   php-dba-5.2.4-24.x86_64.rpm
        62491 69057623536943a94769d9da5ae6d5f2
   php-devel-5.2.4-24.x86_64.rpm
       572745 6505dec6eeffe645a637e82e4ff4be64
   php-embedded-5.2.4-24.x86_64.rpm
      1377525 1b2dc57f6f0b968316944843b90244fa
   php-gd-5.2.4-24.x86_64.rpm
       215372 e699054a53e21c27804ed1ceb73d9b1d
   php-imap-5.2.4-24.x86_64.rpm
        88850 136c2302a1a64ec3b3db97bffd6a6dfa
   php-ldap-5.2.4-24.x86_64.rpm
        52647 817241cfb923872d7e60b6f1f1a28f85
   php-mbstring-5.2.4-24.x86_64.rpm
      2167835 57879b27dfb26be5b076504427e02403
   php-mcrypt-5.2.4-24.x86_64.rpm
        40421 64414ab0d6bedabdea408bd31f033f70
   php-mhash-5.2.4-24.x86_64.rpm
        21713 12f9191317630dcdd3fa616343711c14
   php-mssql-5.2.4-24.x86_64.rpm
        56070 3d5ecb702d72e1b6bb7db74c917fdfdd
   php-mysql-5.2.4-24.x86_64.rpm
       158786 b03a131c45f1e9d3cbeb41b39c5c78de
   php-ncurses-5.2.4-24.x86_64.rpm
        62431 69d3c7633b2ed0915fdd4b4f3a06dec1
   php-odbc-5.2.4-24.x86_64.rpm
        87011 7be47f1d75a44d4751bae4078ef0e529
   php-pdo-5.2.4-24.x86_64.rpm
       113460 53503f7f3e8b278948272b652b484cc0
   php-pgsql-5.2.4-24.x86_64.rpm
       124530 f37ad2e4e5bb0174a494d9691f9a3bd8
   php-snmp-5.2.4-24.x86_64.rpm
        33217 2ba077d2e4e82dd02f8394032f2f9c96
   php-soap-5.2.4-24.x86_64.rpm
       272340 4ac3f55087484c2bad20fca086d97078
   php-tidy-5.2.4-24.x86_64.rpm
        47885 10b1311a1a50e9e2b526f68e9f8f367e
   php-xml-5.2.4-24.x86_64.rpm
       191086 215b12711ca45f513c00009756a42060
   php-xmlrpc-5.2.4-24.x86_64.rpm
        91647 eb26444eb6b8f861c8bf86a306cde559

 <Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/php-5.2.4-24.src.rpm
      7734654 fe633c2447bdb8384e39e4182b771fde

   Binary Packages
   Size: MD5

   php-5.2.4-24.i686.rpm
      3843298 76ab337c5b779525f6fb08968fbda4c0
   php-bcmath-5.2.4-24.i686.rpm
        37435 6d784668b1c22d159d71d0ecc07885a1
   php-cli-5.2.4-24.i686.rpm
      2498011 231ed3648fc0188b091374a1879410c3
   php-common-5.2.4-24.i686.rpm
       273871 d3779a21dd6cc7f37adc7ff1029551a1
   php-dba-5.2.4-24.i686.rpm
        58048 a795d515cdf264b2aa9cc98545581319
   php-devel-5.2.4-24.i686.rpm
       573262 5d7fd0bed3dcfe00f9e1a5d812f3c057
   php-embedded-5.2.4-24.i686.rpm
      1268414 732b32b863dcda43c04a525b1fca0155
   php-gd-5.2.4-24.i686.rpm
       202068 10834225f0636d69437f63b6732dc51b
   php-imap-5.2.4-24.i686.rpm
        81552 aff9a98fc3efd5d84775c2acd03b06d4
   php-ldap-5.2.4-24.i686.rpm
        48333 cc9e9269ece8cec2f97744a34148ddcc
   php-mbstring-5.2.4-24.i686.rpm
      2124367 6c34630c05362577621466699670a7e7
   php-mcrypt-5.2.4-24.i686.rpm
        33864 b36061c004368463829192bb9a591f99
   php-mhash-5.2.4-24.i686.rpm
        20859 ada91cc0c1d773cd3351dad3a602674b
   php-mssql-5.2.4-24.i686.rpm
        52460 d130efe2b50a8e09564a139da2294ebc
   php-mysql-5.2.4-24.i686.rpm
       141561 3499a5a247b70c8c2b96315e932b2d2b
   php-ncurses-5.2.4-24.i686.rpm
        55959 420846757299357b6e9605210482bd1f
   php-odbc-5.2.4-24.i686.rpm
        79103 f2979b5ae46acd33f069f10199b12b2d
   php-pdo-5.2.4-24.i686.rpm
       105262 820dea7b28273eebf358a9847c5bd2ca
   php-pgsql-5.2.4-24.i686.rpm
       112775 d48337eb8e237602309151bb9d368f2c
   php-snmp-5.2.4-24.i686.rpm
        30724 e671123bf21d1338dfbf4f296d3dff4b
   php-soap-5.2.4-24.i686.rpm
       267848 fd63f48ee14b1f4796bdb2830888980f
   php-tidy-5.2.4-24.i686.rpm
        44634 1b18b820884608b6b6d7acc248034a04
   php-xml-5.2.4-24.i686.rpm
       167310 70c80bd192e8a4a2bddbf8ee0824833a
   php-xmlrpc-5.2.4-24.i686.rpm
        85030 61d3bec13f3585bbac81d9369ebf53b0

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   php4-4.3.11-36.src.rpm
     12624561 2d93f2630b36ec7c2dfbb1bd99a89599

   Binary Packages
   Size: MD5

   php4-4.3.11-36.i586.rpm
      5374493 3a02157fecdcca9b788196e447bc0d66
   php4-gd-4.3.11-36.i586.rpm
        51747 0364ba03f692d2f5534a2dc7b90b0ae8
   php4-imap-4.3.11-36.i586.rpm
        14883 47b79307242d2436d42d9110a55905ea
   php4-ldap-4.3.11-36.i586.rpm
        38287 d8abbba5161a0271847c4313d40f1c42
   php4-manual-4.3.11-36.i586.rpm
      7506207 38747a649b6c75e346f969183c62c6f4
   php4-ming-4.3.11-36.i586.rpm
        49687 aaf2e7c4e7652405c25f8e4bceb826ee
   php4-mysql-4.3.11-36.i586.rpm
       126774 494e0243f014f35d02b6a15c231757e3
   php4-pgsql-4.3.11-36.i586.rpm
        74854 5b569d9a504282656de483ece3a1a6c3

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/php4-4.3.9-28.src.rpm
     12386490 e6bfa49a70c0e34b6516f1bc047c29d4

   Binary Packages
   Size: MD5

   php4-4.3.9-28.x86_64.rpm
      5481200 94b961ce7dbe78a38825c5278f3c1a88
   php4-debug-4.3.9-28.x86_64.rpm
      6592029 366bd9467b527a7cf74c853c0873887f
   php4-gd-4.3.9-28.x86_64.rpm
        54902 02a209249f67efb47f5dc63ec1d2d2db
   php4-imap-4.3.9-28.x86_64.rpm
        12643 0c4421f8c3ff039917849ec3fee897f3
   php4-ldap-4.3.9-28.x86_64.rpm
        40499 0aeaedfc7a16b61036251cc9d94ef7a7
   php4-manual-4.3.9-28.x86_64.rpm
      7503608 dcbc4d600cc0e33680e00ca5bec3a639
   php4-ming-4.3.9-28.x86_64.rpm
        52601 a0d18ebfc5824bbe7566df3099d09031
   php4-mysql-4.3.9-28.x86_64.rpm
       135911 2acf54f5888627890062ea039d317a1a
   php4-pgsql-4.3.9-28.x86_64.rpm
        77501 e5d74e3f5d4dbfcef85fc30366321577


 関連文章 :

 CVE
   [CVE-2015-0232]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232

 --------------------------------------------------------------------------
 更新履歴
   初版   2015/02/12
 --------------------------------------------------------------------------

 Copyright(C) 2015 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlTcAp8ACgkQK0LzjOqIJMyxTwCbBgpaagJuxuY1+rmrtlslWA8o
+7kAnjPkKLML/VNc75GdZoJ+epWGRoZY
=Z4td
-----END PGP SIGNATURE-----