The linked bug report has more detail. The gist is: php enters an infinite loop when (a) presented a specific floating point number (b) it processes that number with the x87 FPU According to the php website, only 32 bit processes are affected. Additionally, using SSE or MMX mitigates the risk. Users who use "-mfpmath=sse" in their CFLAGS should still be fine. I've uploaded the new upstream releases. One more info: since Sektion Eins has not released a new suhosin patch (yet), I've used the one for 5.3.4/5.2.16, which still applies cleanly.
Per http://www.openwall.com/lists/oss-security/2011/01/06/5 this was assigned CVE-2010-4645. And from #gentoo-dev: 2011-01-06 17:57 <@mabi> aright, i removed the freshly added 5.3.4-r1 and 5.2.16-r1, too, since they serve no purpose now ... 2011-01-06 17:59 <@mabi> also note the updated dep on eselect-php-0.6.2 which fixes the annoying upgrade fail 2011-01-06 17:59 <@mabi> it needs to go stable along php
Arches, please test and mark stable: =dev-lang/php-5.2.17 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" =dev-lang/php-5.3.5 Target keywords : "amd64 hppa x86" Arches, please test and mark stable: =app-admin/eselect-php-0.6.2 Target keywords : "alpha amd64 hppa ppc64 x86"
Tested on SPARC: dev-lang/php-5.2.17 dev-lang/php-5.3.5 app-admin/eselect-php-0.6.2 Tested with a simple phpinfo() page and with phpsysinfo-2.5.4-r1 (also filed bug for stabilisation as phpsysinfo-2.5.4 will not work with php-5.3.5). All appears well, even though php-5.3.5 is not keyworded for SPARC. Take note, app-admin/eselect-php-0.6.2 must be keyworded for SPARC, otherwise how will dev-lang/php-5.2.17 will work?
amd64 ok
amd64 done. Thanks Agostino
x86 stable
arm stable
ppc done
ppc64 stable
Stable for HPPA.
alpha/ia64/s390/sh/sparc stable
Thanks, folks. Added to existing GLSA request.
CVE-2010-4645 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645): strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.
This issue was resolved and addressed in GLSA 201110-06 at http://security.gentoo.org/glsa/glsa-201110-06.xml by GLSA coordinator Tobias Heinlein (keytoaster).
