Vincent Danen from Mandriva discovered that the patch didn't work as expected on 64 bit systems. No complete fix is currently available.
We should check if we are indeed affected by usig the following testcase on a 64-bit system : <?php $a = str_repeat("A",438013); $b = str_repeat("B",951140); wordwrap($a,0,$b,0); ?>
We are... Output of that on a 32bit system (x86): Fatal error: Possible integer overflow in memory allocation (438013 * 951141 + 1) in /home/chtekk/test.php on line 4 Output of that on a 64bit system (amd64): Segmentation fault So it seems to be detected in 32bit mode and PHP exits, while it just segfaults on 64bit platforms... Best regards, CHTEKK.
Thx Luca. Waiting for upstream patch.
Fixed in dev-lang/php-4.4.2-r6 and dev-lang/php-5.1.4-r4. To security: please unrestrict. To all arches: please stable. :) Best regards, CHTEKK.
Arches, please test and stable dev-lang/php-4.4.2-r6 and dev-lang/php-5.1.4-r4, thx
SPARC doth be stable
ppc stable
ppc64 stable
alpha stable.
x86 is gone..I need to come up with witty messages like sparc and everyone else has ~_~;;
amd64 stable. Best regards, CHTEKK.
Ready for GLSA update of GLSA 200605-08.
Hmm not sure how to handle this. This is my proposal: Unaffected: >=5.1.4 arm hppa ppc s390 sh sparc x86 x86-fbsd >=5.1.4-r4 alpha amd64 ia64 ppc64 Vulnerable: <5.1.4 arm hppa ppc s390 sh sparc x86 x86-fbsd <5.1.4-r4 alpha amd64 ia64 ppc64 @security please comment and I'll update the GLSA and send an errata.
I'd say sparc not vulnerable since only the kernel is 64-bit, userland is 32. Userland @ 64 isn't supported yet. Thus from userland perspective the machine acts as 32-bit. And in the hppa case under most circumstances everything is 32-bit.
Comment #13 sounds good
@Security please double check as this is a version and arch mess. Updated in GLSAmaker with the following versions: Unaffected packages: dev-lang/php >= 5.1.4 on arm hppa ppc s390 sh sparc x86 x86-fbsd dev-lang/php *>= 4.4.2-r2 on arm hppa ppc s390 sh sparc x86 x86-fbsd dev-lang/php >= 5.1.4-r4 on alpha amd64 ia64 ppc64 dev-lang/php *>= 4.4.2-r6 on alpha amd64 ia64 ppc64 Vulnerable packages: dev-lang/php < 5.1.4 on arm hppa ppc s390 sh sparc x86 x86-fbsd dev-lang/php < 5.1.4-r4 on alpha amd64 ia64 ppc64
(In reply to comment #16) > @Security please double check as this is a version and arch mess. Looks correct to me.
does not affect us. Currently there's no 64 UL. The kernel can be 64 bit, but it's not recommended.
GLSA UPDATE 200605-08:02 Handling last stable marking back on bug #138180, since remaining arches are not affected by this issue.
Cleaning up.
Now also actually remove arches.
Getting a false-positive with GLSA on PHP-4.4.3 -- would it be better to get around this by putting lower-bounds on vulnerability on a per-slot basis? ie: <package name="dev-lang/php" auto="yes" arch="alpha amd64 ia64 ppc64"> <unaffected range="ge">5.1.4-r4</unaffected> <vulnerable range="lt">5.1.4-r4</vulnerable> <vulnerable range="ge">5.0</vulnerable> <unaffected range="lt">5.0</unaffected> <unaffected range="ge">4.4.2-r6</unaffected> <vulnerable range="lt">4.4.2-r6</vulnerable> </package>