Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 292132 - <dev-lang/php-5.2.11-r1: Improper colorsTotal structure member verification (CVE-2009-3546)
Summary: <dev-lang/php-5.2.11-r1: Improper colorsTotal structure member verification (...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://svn.php.net/viewvc?view=revisi...
Whiteboard: B2 [glsa]
Keywords:
Depends on: CVE-2009-3546
Blocks:
  Show dependency tree
 
Reported: 2009-11-06 15:13 UTC by Tobias Heinlein (RETIRED)
Modified: 2010-01-05 21:14 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Fix for gd maxcolors bug (php.patch,1.52 KB, patch)
2009-11-13 13:07 UTC, Dawid Węgliński (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Heinlein (RETIRED) gentoo-dev 2009-11-06 15:13:45 UTC
+++ This bug was initially created as a clone of Bug #292130 +++

CVE-2009-3546 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3546):
  The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
  GD Graphics Library 2.x, does not properly verify a certain
  colorsTotal structure member, which might allow remote attackers to
  conduct buffer overflow or buffer over-read attacks via a crafted GD
  file, a different vulnerability than CVE-2009-3293.  NOTE: some of
  these details are obtained from third party information.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2009-11-06 15:14:49 UTC
Maintainers, please provide a fixed ebuild.
Comment 2 Dawid Węgliński (RETIRED) gentoo-dev 2009-11-13 13:07:17 UTC
Created attachment 210125 [details, diff]
Fix for gd maxcolors bug

As i can see php herd lacks manpower to fix their bugs, so if noone is against i'll apply this patch and commit later today or tomorrow.
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2009-11-13 13:50:34 UTC
I talked to hoffie last weekend and he said that he wanted to fix it this week. He planned to add some further (non-security) patches for various crashes that can be found in upstream's SVN.
I'm not sure if he has enough time to do it, and I think it wouldn't hurt to just commit it.
Comment 4 Dawid Węgliński (RETIRED) gentoo-dev 2009-11-13 16:12:38 UTC
Ok, i've just commited fixed ebuild. Sorry for hurry, but this is important to me. ;)
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2009-11-13 19:27:47 UTC
Thanks.

Arches, please test and mark stable:
=dev-lang/php-5.2.11-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 6 Stefan Behte (RETIRED) gentoo-dev Security 2009-11-13 23:36:35 UTC
CVE-2009-3546 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3546):
  The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
  GD Graphics Library 2.x, does not properly verify a certain
  colorsTotal structure member, which might allow remote attackers to
  conduct buffer overflow or buffer over-read attacks via a crafted GD
  file, a different vulnerability than CVE-2009-3293.  NOTE: some of
  these details are obtained from third party information.

Comment 7 Markus Meier gentoo-dev 2009-11-14 16:08:51 UTC
amd64/x86 stable
Comment 8 Markus Meier gentoo-dev 2009-11-14 20:30:06 UTC
arm stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2009-11-15 06:02:43 UTC
Stable for HPPA.
Comment 10 Brent Baude (RETIRED) gentoo-dev 2009-11-17 16:47:09 UTC
ppc64 done
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2009-11-17 16:57:57 UTC
alpha/ia64/s390/sh/sparc stable
Comment 12 nixnut (RETIRED) gentoo-dev 2009-11-21 19:53:05 UTC
ppc stable
Comment 13 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-05 21:14:10 UTC
GLSA 201001-03.

Thank you everyone, sorry about the delay.