Summary: | <dev-lang/php-5.5.15: Two Use-After-Free Vulnerabilities (CVE-2014-4670) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/56800/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-07-12 19:21:23 UTC
CVE-2014-4670 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670): Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. Bump committed and can be stabilised. Thanks, Arches please stabilize =dev-lang/php-5.5.15 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. Stable on alpha. amd64 stable x86 stable arm stable ia64/sparc stable ppc stable ppc64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Added to existing GLSA draft @maintainers: Thanks for cleanup This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |