Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 516994 (CVE-2014-4670)

Summary: <dev-lang/php-5.5.15: Two Use-After-Free Vulnerabilities (CVE-2014-4670)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: php-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/56800/
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2014-07-12 19:21:23 UTC
From ${URL} :

Description

Two vulnerabilities have been reported in PHP, which can be exploited by malicious, local users to gain escalated privileges.

1) A use-after-free error related to SPL iterators can be exploited to corrupt memory.

2) A use-after-free error related to ArrayIterators can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code with e.g. web server's privileges by executing a specially crafted PHP 
script within Apache HTTP server context.

The vulnerabilities are reported in version 5.5.14. Other versions may also be affected.


Solution:
Fixed in the source code repository.

Provided and/or discovered by:
insighti within bug entries.

Original Advisory:
https://bugs.php.net/bug.php?id=67538
https://bugs.php.net/bug.php?id=67539


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-07-15 21:27:38 UTC
CVE-2014-4670 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670):
  Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in
  PHP through 5.5.14 allows context-dependent attackers to cause a denial of
  service or possibly have unspecified other impact via crafted iterator usage
  within applications in certain web-hosting environments.
Comment 2 Ole Markus With (RETIRED) gentoo-dev 2014-07-28 14:15:03 UTC
Bump committed and can be stabilised.
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-07-28 15:39:01 UTC
Thanks,

Arches please stabilize
=dev-lang/php-5.5.15
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2014-07-29 23:56:26 UTC
Stable for HPPA.
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2014-07-31 14:41:39 UTC
Stable on alpha.
Comment 6 Agostino Sarubbo gentoo-dev 2014-08-02 13:44:29 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-08-02 13:48:07 UTC
x86 stable
Comment 8 Markus Meier gentoo-dev 2014-08-03 18:27:57 UTC
arm stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2014-08-04 18:32:41 UTC
ia64/sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2014-08-08 21:36:02 UTC
ppc stable
Comment 11 Agostino Sarubbo gentoo-dev 2014-08-09 10:49:15 UTC
ppc64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 12 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-10 11:07:08 UTC
Added to existing GLSA draft
Comment 13 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-17 15:03:42 UTC
@maintainers: Thanks for cleanup
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:28:12 UTC
This issue was resolved and addressed in
 GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).