| Summary: | <dev-lang/php-5.2.11: multiple vulnerabilities (CVE-2009-{3291,3292,3293}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Bernd Marienfeldt <bernd> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | bugs, grknight, hanno, himbeere, josh, ole+gentoo, php-bugs, steffen.weber |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.php.net/releases/5_2_11.php | ||
| Whiteboard: | B1? [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 276583 | ||
| Bug Blocks: | 278064 | ||
CVE-2009-3291 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3291): The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. CVE-2009-3292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3292): Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to "missing sanity checks around exif processing." CVE-2009-3293 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3293): Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." Any updates on this ? When will dev-lang/php PHP 5.2.11 be available through portage ? *** Bug 286359 has been marked as a duplicate of this bug. *** (In reply to comment #2) > When will dev-lang/php PHP 5.2.11 be available through portage ? Approx. after your next sync :) Please give it a day or two for testing before requesting stabilization. Not sure about B1, it isn't clear to me whether code execution is possible or not, but apparently mitre had the same problem when assigning the CVEs ;) Arches, please test and mark stable: =dev-lang/php-5.2.11 Target keywords: "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" Well, have been away for too long.. actually CC'ing arches. While doing a basic php functionality test anyway, you might want to stabilize suhosin per bug 276583 in the same go. x86 stable Stable for HPPA. alpha/arm/ia64/s390/sh/sparc stable + 07 Oct 2009; <chainsaw@gentoo.org> php-5.2.11.ebuild: + Marked stable on AMD64 as requested by Bernd Marienfeldt in security bug + #285434. Tested with USE="apache2 berkdb bzip2 calendar cgi cli crypt + ctype curl gd iconv imap ipv6 mhash mysql ncurses nls pcre pic posix + readline session snmp spl ssl threads tokenizer truetype unicode xml + xmlrpc zlib" serving www.linx.net on hardened AMD64 non-multilib system. ppc64 done ppc stable It was the last arch so the bug is ready to be fixed by security team. GLSA together with bug 260576, bug 266125, and bug 255121. GLSA 201001-03. Thank you everyone, sorry about the delay. |
Security Enhancements and Fixes in PHP 5.2.11: * Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia) * Fixed sanity check for the color index in imagecolortransparent(). (Pierre) * Added missing sanity checks around exif processing. (Ilia) * Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre) Source: http://www.php.net/downloads.php#v5 Reproducible: Always