Bug 474656 (CVE-2013-4635)

Summary:	<dev-lang/php-{5.4.17,5.3.27} : Multiple vulnerabilities (CVE-2013-{4635,4636})
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	php-bugs
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugzilla.redhat.com/show_bug.cgi?id=977463
See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=977462
Whiteboard:	A3 [glsa]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2013-06-25 02:19:35 UTC

From https://bugzilla.redhat.com/show_bug.cgi?id=977463 :

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4636 to the following 
vulnerability:

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 
allows remote attackers to cause a denial of service (invalid pointer dereference and application 
crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo 
object.

References:
[1] http://www.php.net/ChangeLog-5.php
[2] https://bugs.php.net/bug.php?id=64830

Relevant upstream patch:
[3] http://git.php.net/?p=php-src.git;a=commit;h=74555e7c26b2c61bb8e67b7d6a6f4d2b8eb3a5f3

Comment 1 Agostino Sarubbo gentoo-dev

2013-06-25 02:19:40 UTC

From https://bugzilla.redhat.com/show_bug.cgi?id=977462 :

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4635 to the following 
vulnerability:

Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 
5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service 
(application hang) via a large argument to the jdtojewish function.

References:
[1] http://www.php.net/ChangeLog-5.php
[2] https://bugs.php.net/bug.php?id=64895

Relevant upstream patches:
[3] http://git.php.net/?p=php-src.git;a=commit;h=fc2a9d6e47ae23adb28122539b56df0d6195bdce
[4] http://git.php.net/?p=php-src.git;a=commit;h=c50cef1dc54ffd1d0fb71d1afb8b2c3cb3c5b6ef
[5] http://git.php.net/?p=php-src.git;a=commit;h=c50cef1dc54ffd1d0fb71d1afb8b2c3cb3c5b6ef


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.

Comment 2 Ole Markus With (RETIRED) gentoo-dev

2013-07-05 06:40:47 UTC

Sorry. Must have missed this one, but version with a fix has been in the tree for a while. Maintainer OK for stabilisation.

Comment 3 Chris Reffett (RETIRED) gentoo-dev

2013-07-07 12:04:33 UTC

Versions with fixes are being stabled in bug 472558.

Comment 4 Chris Reffett (RETIRED) gentoo-dev

2013-08-27 03:46:29 UTC

Added to GLSA request.

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2013-08-27 03:48:09 UTC

CVE-2013-4636 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636):
  The mget function in libmagic/softmagic.c in the Fileinfo component in PHP
  5.4.x before 5.4.16 allows remote attackers to cause a denial of service
  (invalid pointer dereference and application crash) via an MP3 file that
  triggers incorrect MIME type detection during access to an finfo object.

CVE-2013-4635 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635):
  Integer overflow in the SdnToJewish function in jewish.c in the Calendar
  component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows
  context-dependent attackers to cause a denial of service (application hang)
  via a large argument to the jdtojewish function.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2014-08-31 10:49:21 UTC

This issue was resolved and addressed in
 GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).

Comment 7 GLSAMaker/CVETool Bot gentoo-dev

2014-08-31 11:26:10 UTC

This issue was resolved and addressed in
 GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).