Summary: | <dev-lang/php-{5.2.17,5.3.5}: DoS (hang) due to incorrect floating point handling (CVE-2010-4645) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matti Bickel (RETIRED) <mabi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.php.net/53632 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 350747 | ||
Bug Blocks: | 340807 |
Description
Matti Bickel (RETIRED)
2011-01-06 23:47:36 UTC
Per http://www.openwall.com/lists/oss-security/2011/01/06/5 this was assigned CVE-2010-4645. And from #gentoo-dev: 2011-01-06 17:57 <@mabi> aright, i removed the freshly added 5.3.4-r1 and 5.2.16-r1, too, since they serve no purpose now ... 2011-01-06 17:59 <@mabi> also note the updated dep on eselect-php-0.6.2 which fixes the annoying upgrade fail 2011-01-06 17:59 <@mabi> it needs to go stable along php Arches, please test and mark stable: =dev-lang/php-5.2.17 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" =dev-lang/php-5.3.5 Target keywords : "amd64 hppa x86" Arches, please test and mark stable: =app-admin/eselect-php-0.6.2 Target keywords : "alpha amd64 hppa ppc64 x86" Tested on SPARC: dev-lang/php-5.2.17 dev-lang/php-5.3.5 app-admin/eselect-php-0.6.2 Tested with a simple phpinfo() page and with phpsysinfo-2.5.4-r1 (also filed bug for stabilisation as phpsysinfo-2.5.4 will not work with php-5.3.5). All appears well, even though php-5.3.5 is not keyworded for SPARC. Take note, app-admin/eselect-php-0.6.2 must be keyworded for SPARC, otherwise how will dev-lang/php-5.2.17 will work? amd64 ok amd64 done. Thanks Agostino x86 stable arm stable ppc done ppc64 stable Stable for HPPA. alpha/ia64/s390/sh/sparc stable Thanks, folks. Added to existing GLSA request. CVE-2010-4645 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4645): strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308. This issue was resolved and addressed in GLSA 201110-06 at http://security.gentoo.org/glsa/glsa-201110-06.xml by GLSA coordinator Tobias Heinlein (keytoaster). |