Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 292132

Summary: <dev-lang/php-5.2.11-r1: Improper colorsTotal structure member verification (CVE-2009-3546)
Product: Gentoo Security Reporter: Tobias Heinlein (RETIRED) <keytoaster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: graphics+disabled, php-bugs, vapier
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://svn.php.net/viewvc?view=revision&revision=289557
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 292130    
Bug Blocks:    
Attachments:
Description Flags
Fix for gd maxcolors bug none

Description Tobias Heinlein (RETIRED) gentoo-dev 2009-11-06 15:13:45 UTC
+++ This bug was initially created as a clone of Bug #292130 +++

CVE-2009-3546 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3546):
  The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
  GD Graphics Library 2.x, does not properly verify a certain
  colorsTotal structure member, which might allow remote attackers to
  conduct buffer overflow or buffer over-read attacks via a crafted GD
  file, a different vulnerability than CVE-2009-3293.  NOTE: some of
  these details are obtained from third party information.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2009-11-06 15:14:49 UTC
Maintainers, please provide a fixed ebuild.
Comment 2 Dawid Węgliński (RETIRED) gentoo-dev 2009-11-13 13:07:17 UTC
Created attachment 210125 [details, diff]
Fix for gd maxcolors bug

As i can see php herd lacks manpower to fix their bugs, so if noone is against i'll apply this patch and commit later today or tomorrow.
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2009-11-13 13:50:34 UTC
I talked to hoffie last weekend and he said that he wanted to fix it this week. He planned to add some further (non-security) patches for various crashes that can be found in upstream's SVN.
I'm not sure if he has enough time to do it, and I think it wouldn't hurt to just commit it.
Comment 4 Dawid Węgliński (RETIRED) gentoo-dev 2009-11-13 16:12:38 UTC
Ok, i've just commited fixed ebuild. Sorry for hurry, but this is important to me. ;)
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2009-11-13 19:27:47 UTC
Thanks.

Arches, please test and mark stable:
=dev-lang/php-5.2.11-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 6 Stefan Behte (RETIRED) gentoo-dev Security 2009-11-13 23:36:35 UTC
CVE-2009-3546 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3546):
  The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
  GD Graphics Library 2.x, does not properly verify a certain
  colorsTotal structure member, which might allow remote attackers to
  conduct buffer overflow or buffer over-read attacks via a crafted GD
  file, a different vulnerability than CVE-2009-3293.  NOTE: some of
  these details are obtained from third party information.

Comment 7 Markus Meier gentoo-dev 2009-11-14 16:08:51 UTC
amd64/x86 stable
Comment 8 Markus Meier gentoo-dev 2009-11-14 20:30:06 UTC
arm stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2009-11-15 06:02:43 UTC
Stable for HPPA.
Comment 10 Brent Baude (RETIRED) gentoo-dev 2009-11-17 16:47:09 UTC
ppc64 done
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2009-11-17 16:57:57 UTC
alpha/ia64/s390/sh/sparc stable
Comment 12 nixnut (RETIRED) gentoo-dev 2009-11-21 19:53:05 UTC
ppc stable
Comment 13 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-05 21:14:10 UTC
GLSA 201001-03.

Thank you everyone, sorry about the delay.