Description of problem: Upstream bug: https://bugs.php.net/bug.php?id=69364 Upstream fixed in 5.6.9/5.5.25/5.4.41.
Created php tracking bugs for this issue: Affects: fedora-all [bug 1223402]
When did you release the new rpm for this vulnerability? We need rpm for the batch upgrade.
php-5.6.9-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Upstream commit: http://git.php.net/?p=php-src.git;a=commitdiff;h=4605d536d23b00813d11cc906bb48d39bdcf5f25 A specially-crafted multipart/form-data HTTP request can cause PHP to use an excessive amount of CPU time. The amount of time spent parsing such malicious request is limited by the max_input_time php.ini setting (the default limit is 60s). Lowering the limit can be used to mitigate the issue. Another possible mitigation is to lower post_max_size limit. However, it may not be practical to lower the value enough to sufficiently mitigate the issue.
php-5.6.9-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
php-5.5.25-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1135 https://rhn.redhat.com/errata/RHSA-2015-1135.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Via RHSA-2015:1186 https://rhn.redhat.com/errata/RHSA-2015-1186.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Via RHSA-2015:1187 https://rhn.redhat.com/errata/RHSA-2015-1187.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1218 https://rhn.redhat.com/errata/RHSA-2015-1218.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Via RHSA-2015:1219 https://rhn.redhat.com/errata/RHSA-2015-1219.html