Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 541098 (CVE-2015-0273) - <dev-lang/php-{5.4.38,5.5.22,5.6.6}: use after free vulnerability in unserialize() with DateTimeZone (CVE-2014-9705,CVE-2015-0273)
Summary: <dev-lang/php-{5.4.38,5.5.22,5.6.6}: use after free vulnerability in unserial...
Status: RESOLVED FIXED
Alias: CVE-2015-0273
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://php.net/ChangeLog-5.php
Whiteboard: A3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-23 07:23 UTC by Tomáš Mózes
Modified: 2016-06-19 00:26 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tomáš Mózes 2015-02-23 07:23:09 UTC 
Unaffected versions in tree already.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2015-02-23 17:11:00 UTC 
PHP team, can we go stable with 5.5.22?
Comment 2 Ole Markus With (RETIRED) gentoo-dev 2015-02-24 11:38:13 UTC 
(In reply to Tobias Heinlein from comment #1)
> PHP team, can we go stable with 5.5.22?

Yes. Go ahead
Comment 3 Agostino Sarubbo gentoo-dev 2015-02-24 11:58:35 UTC 
Arches, please test and mark stable:
=dev-lang/php-5.4.38
=dev-lang/php-5.5.22
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 4 Agostino Sarubbo gentoo-dev 2015-02-25 11:11:44 UTC 
amd64 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2015-02-26 07:23:32 UTC 
Stable for HPPA.
Comment 6 Markus Meier gentoo-dev 2015-03-04 05:59:27 UTC 
arm stable
Comment 7 Andreas Schürch gentoo-dev 2015-03-17 09:33:06 UTC 
x86 done
Comment 8 Agostino Sarubbo gentoo-dev 2015-03-25 16:07:11 UTC 
ia64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-03-26 11:22:13 UTC 
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2015-03-26 11:29:20 UTC 
ppc64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2015-03-26 14:30:40 UTC 
this will continue in bug 544186
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2015-04-05 04:35:49 UTC 
CVE-2015-0273 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273):
  Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before
  5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers
  to execute arbitrary code via crafted serialized input containing a (1) R or
  (2) r type specifier in (a) DateTimeZone data handled by the
  php_date_timezone_initialize_from_hash function or (b) DateTime data handled
  by the php_date_initialize_from_hash function.
Comment 13 Yury German Gentoo Infrastructure gentoo-dev 2015-04-18 22:36:02 UTC 
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2015-06-20 23:59:21 UTC 
CVE-2014-9705 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705):
  Heap-based buffer overflow in the enchant_broker_request_dict function in
  ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x
  before 5.6.6 allows remote attackers to execute arbitrary code via vectors
  that trigger creation of multiple dictionaries.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2016-06-19 00:26:24 UTC 
This issue was resolved and addressed in
 GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10
by GLSA coordinator Kristian Fiskerstrand (K_F).