Summary: | <dev-lang/php-{5.4.41,5.5.25-r1}: Multiple vulnerabilities (CVE-2015-{2325,2326,4021,4022,4024,4025,4026}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hydrapolic, infoman1985, php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://php.net/ChangeLog-5.php | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 547310 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-05-15 10:24:09 UTC
*** Bug 549798 has been marked as a duplicate of this bug. *** Can we please get the fixed versions to portage? (In reply to Tomas Mozes from comment #2) > Can we please get the fixed versions to portage? Are they not? @security, btw, feel free to stabilise (In reply to Ole Markus With from comment #3) > (In reply to Tomas Mozes from comment #2) > > Can we please get the fixed versions to portage? > > Are they not? > > @security, btw, feel free to stabilise I don't see them in portage, nor by looking at: https://packages.gentoo.org/package/dev-lang/php Am I missing something? :) (In reply to Tomas Mozes from comment #4) > (In reply to Ole Markus With from comment #3) > > (In reply to Tomas Mozes from comment #2) > > > Can we please get the fixed versions to portage? > > > > Are they not? > > > > @security, btw, feel free to stabilise > > I don't see them in portage, nor by looking at: > https://packages.gentoo.org/package/dev-lang/php > > Am I missing something? :) Seems like I forgot to do something rather important ... My bad. They should be there shortly. (In reply to Ole Markus With from comment #5) > Seems like I forgot to do something rather important ... My bad. > > They should be there shortly. Thanks! Arches, please test and mark stable: =dev-lang/php-5.4.41 =dev-lang/php-5.5.25 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Stable for HPPA. amd64 stable x86 stable Stable for PPC64. Arches, please test & mark stable: =dev-lang/php-5.5.25-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" This is to address a libvpx related compile-time failure, as described in bug #547310. amd64 stable arm stable Readding arm for the new 5.5.25-r1 target. List of Vulnerabilities: Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (CVE-2015-4024) Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025) Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022) Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026) Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326) Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021) Stabilization for 5.6.9 which has these vulnerabilities as well is part of Bug 550164 ia64 stable sparc stable Both CVE-2015-3329 and CVE-2015-2783 were also fixed as part of the 5.6.9 stabilisation. From http://php.net/ChangeLog-5.php: ---- Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783) Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (CVE-2015-3329) ---- x86 stable arm stable CVE-2015-4026 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026): The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. CVE-2015-4025 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025): PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. CVE-2015-4022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022): Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. CVE-2015-4021 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021): The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. ppc stable alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Arches, Thank you for your work. Maintainer(s), please drop the vulnerable version(s). Vulnerable Versions are: 5.4.{39,40}, 5.5.{22,23,24,25} Added to an existing GLSA Request. Maintainer(s), Thank you for you for cleanup. This issue was resolved and addressed in GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10 by GLSA coordinator Kristian Fiskerstrand (K_F). |