| Summary: | dev-php/pecl-radius: Security flaw in radius_get_vendor_attr() (CVE-2013-2220) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | php-bugs |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2013/06/28/2 | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
CVE-2013-2220 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2220): Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value. The ebuild exists in the tree and old versions are removed. Security team can continue from here. Security: this is ready for your attention. No glsa for testing branch |
From ${URL} : PHP PECL upstream has released 1.2.7 version of the Radius client library, correcting one security flaw (from [1]): "- Fix a security issue in radius_get_vendor_attr() by enforcing checks of the VSA length field against the buffer size. (Adam)" References: [1] http://pecl.php.net/package-changelog.php?package=radius [2] http://pecl.php.net/news/ Relevant upstream patch: [3] https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e8d7cc32111e84b49d57234 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.