Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 474656 (CVE-2013-4635)

Summary: <dev-lang/php-{5.4.17,5.3.27} : Multiple vulnerabilities (CVE-2013-{4635,4636})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: php-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=977463
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=977462
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-06-25 02:19:35 UTC
From https://bugzilla.redhat.com/show_bug.cgi?id=977463 :

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4636 to the following 
vulnerability:

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 
allows remote attackers to cause a denial of service (invalid pointer dereference and application 
crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo 
object.

References:
[1] http://www.php.net/ChangeLog-5.php
[2] https://bugs.php.net/bug.php?id=64830

Relevant upstream patch:
[3] http://git.php.net/?p=php-src.git;a=commit;h=74555e7c26b2c61bb8e67b7d6a6f4d2b8eb3a5f3
Comment 1 Agostino Sarubbo gentoo-dev 2013-06-25 02:19:40 UTC
From https://bugzilla.redhat.com/show_bug.cgi?id=977462 :

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4635 to the following 
vulnerability:

Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 
5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service 
(application hang) via a large argument to the jdtojewish function.

References:
[1] http://www.php.net/ChangeLog-5.php
[2] https://bugs.php.net/bug.php?id=64895

Relevant upstream patches:
[3] http://git.php.net/?p=php-src.git;a=commit;h=fc2a9d6e47ae23adb28122539b56df0d6195bdce
[4] http://git.php.net/?p=php-src.git;a=commit;h=c50cef1dc54ffd1d0fb71d1afb8b2c3cb3c5b6ef
[5] http://git.php.net/?p=php-src.git;a=commit;h=c50cef1dc54ffd1d0fb71d1afb8b2c3cb3c5b6ef


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 2 Ole Markus With (RETIRED) gentoo-dev 2013-07-05 06:40:47 UTC
Sorry. Must have missed this one, but version with a fix has been in the tree for a while. Maintainer OK for stabilisation.
Comment 3 Chris Reffett (RETIRED) gentoo-dev Security 2013-07-07 12:04:33 UTC
Versions with fixes are being stabled in bug 472558.
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-27 03:46:29 UTC
Added to GLSA request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-08-27 03:48:09 UTC
CVE-2013-4636 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636):
  The mget function in libmagic/softmagic.c in the Fileinfo component in PHP
  5.4.x before 5.4.16 allows remote attackers to cause a denial of service
  (invalid pointer dereference and application crash) via an MP3 file that
  triggers incorrect MIME type detection during access to an finfo object.

CVE-2013-4635 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635):
  Integer overflow in the SdnToJewish function in jewish.c in the Calendar
  component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows
  context-dependent attackers to cause a denial of service (application hang)
  via a large argument to the jdtojewish function.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 10:49:21 UTC
This issue was resolved and addressed in
 GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:26:10 UTC
This issue was resolved and addressed in
 GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).