From ${URL} : Stefan Esser pointed out that the following commit fixes a heap-based buffer overflow in DNS TXT record parsing: https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468 A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Ebuild for this one has been committed and can be stabilised
Updated in http://git.php.net/?p=php-src.git;a=commit;h=2fefae47716d501aec41c1102f3fd4531f070b05 Fixed Sec Bug #67717 segfault in dns_get_record CVE-2014-3597 Incomplete fix for CVE-2014-4049 Check possible buffer overflow - pass real buffer end to dn_expand calls - check buffer len before each read Patches: PHP 5.5: http://git.php.net/?p=php-src.git;a=commit;h=529da0f74c1a230d0656799efc73a387392dbc10 PHP 5.4: http://git.php.net/?p=php-src.git;a=commit;h=2fefae47716d501aec41c1102f3fd4531f070b05
This is fixed in PHP 5.5.16 and 5.4.32
Arches, please stabilize =dev-lang/php-5.5.16 =dev-lang/php-5.4.32 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
amd64 stable
x86 stable
alpha stable
arm stable
Stable for HPPA.
CVE-2014-4049 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049): Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. CVE-2014-3597 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597): Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
ia64/sparc stable
ppc stable
ppc64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches: Thank you very much. Maintainers: Please cleanup Added to existing GLSA request.
cleanup done
This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
