Summary: | <dev-php/suhosin-0.9.33 Transparent Cookie Encryption Stack Buffer Overflow (CVE-2012-{0807,0808}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Harrison <n0idx80> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | kripton, php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.suhosin.org/ | ||
Whiteboard: | C1 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 400889 | ||
Bug Blocks: |
Description
Michael Harrison
2012-01-19 23:04:35 UTC
Gentoo compiles all sources by default with -D_FORTIFY_SOURCE=2 so, to be vulnerable to this issue, probably an user should specifies -D_FORTIFY_SOURCE=0 in his make.conf. This bug seems not very valid on gentoo @php-bugs: If you have no time atm to make new ebuild, I guess you can make a new revision with forced -D_FORTIFY_SOURCE and since the ebuild is the same you can mark stable it by yourself. dev-php/suhosin-0.9.33 should now be in CVS. Everything is ready for stabilisation on our end. Cheers, Ole Markus (In reply to comment #3) > dev-php/suhosin-0.9.33 should now be in CVS. Everything is ready for > stabilisation on our end. > Great, thank you. Arches, please test and mark stable: =dev-php/suhosin-0.9.33 Target keywords : "alpha amd64 arm hppa ia64 s390 sh sparc x86" amd64 stable Suhosin-0.9.33 fails to compile with php[threads]. See bug 400889. Unless bug #400889 isn't a regression, I'm going to postpone x86 stabilization. If bug #400889 isn't a regression, feel free to remove it from dependencies. Bug 400889 fixed, so you can start stabilisation again. Cheers! Ole Markus Stable for HPPA. x86 stable arm stable Stable on alpha. ia64/s390/sh/sparc stable Thanks, everyone. GLSA request filed. CVE-2012-0807 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0807): Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. This issue was resolved and addressed in GLSA 201412-10 at http://security.gentoo.org/glsa/glsa-201412-10.xml by GLSA coordinator Sean Amoss (ackle). |