| Summary: | <dev-lang/php-{5.4.29,5.5.13}: Multiple vulnerabilities (CVE-2014-{0237,0238}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | php-bugs |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/58804/ | ||
| Whiteboard: | A3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
Yep. They can be stabilised Stabilization happening in bug 512492 CVE-2014-0238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238): The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. CVE-2014-0237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237): The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. Arches, Thank you for your work Maintainer(s), please drop the vulnerable version(s). Added to existing GLSA Request Maintainer(s), Thank you for cleanup! This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : Description Two vulnerabilities have been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error within the "unpack_summary_info()" function (src/cdf.c) can be exploited to cause excessive CPU resources consumption via a specially crafted CDF file. 2) An error within the "cdf_read_property_info()" function (src/cdf.c) can be exploited to cause an infinite loop via a specially crafted CDF file with a property entry with 0 elements. The vulnerabilities are reported in versions prior to 5.4.29 and 5.5.13. Solution: Update to version 5.4.29 or 5.5.13. Provided and/or discovered by: Reported by the vendor. Original Advisory: http://www.php.net/ChangeLog-5.php#5.4.29 http://www.php.net/ChangeLog-5.php#5.5.13 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.