Summary: | <dev-lang/php-5.3.10: php_register_variable_ex() ACE introduced by HashDos fix (CVE-2012-{0830,0831}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | kfm, mlspamcb, php-bugs, toto |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ | ||
Whiteboard: | A1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2012-02-02 22:10:32 UTC
php-5.3.10 committed to CVS. It may take 1-2 hours till the patchset is available on mirrors, tho. *** Bug 401999 has been marked as a duplicate of this bug. *** *** Bug 402079 has been marked as a duplicate of this bug. *** Arches, please test and mark stable: =dev-lang/php-5.3.10 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" amd64 stable Stable for HPPA. ppc done x86 done. Thanks arm stable Stable on alpha. ia64/s390/sh/sparc stable CVE-2012-0830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0830): The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. CVE-2012-0831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0831): PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. ppc64 done Thanks, everyone. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201209-03 at http://security.gentoo.org/glsa/glsa-201209-03.xml by GLSA coordinator Sean Amoss (ackle). |