Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 519932 (CVE-2014-0207)

Summary: <dev-lang/php-5.3.29: Multiple vulnerabilities (CVE-{2013-6712,2014-{0207,0237,0238,3515,3981,4049}})
Product: Gentoo Security Reporter: Kristian Fiskerstrand (RETIRED) <k_f>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: php-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://php.net/ChangeLog-5.php#5.3.29
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---

Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-14 17:43:01 UTC 
PHP 5.3.29 is available, PHP 5.3 reaching end of life
14 Aug 2014

The PHP development team announces the immediate availability of PHP 5.3.29. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively.

PHP 5.3.29 contains about 25 potentially security related fixes backported from PHP 5.4 and 5.5.

PHP-5.5.29 was just added to the tree.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-14 17:44:55 UTC 
Arches, please stabilize:
=dev-lang/php-5.3.29
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2014-08-15 12:04:52 UTC 
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2014-08-19 06:43:28 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-08-19 06:44:14 UTC 
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2014-08-19 07:36:43 UTC 
ia64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2014-08-19 08:50:08 UTC 
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-08-21 09:46:33 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-08-24 09:03:04 UTC 
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-08-24 09:04:32 UTC 
arm stable
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2014-08-25 03:31:21 UTC 
CVE-2014-4049 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049):
  Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c
  in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of
  service (crash) and possibly execute arbitrary code via a crafted DNS TXT
  record, related to the dns_get_record function.

CVE-2014-3981 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981):
  acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier,
  allows local users to overwrite arbitrary files via a symlink attack on the
  /tmp/phpglibccheck file.

CVE-2014-3515 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3515):
  The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly
  anticipates that certain data structures will have the array data type after
  unserialization, which allows remote attackers to execute arbitrary code via
  a crafted string that triggers use of a Hashtable destructor, related to
  "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-08-25 03:32:22 UTC 
CVE-2014-5177 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5177):
  libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control
  is enabled, allows local users to read arbitrary files via a crafted XML
  document containing an XML external entity declaration in conjunction with
  an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML,
  (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5)
  virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML,
  (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10)
  virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12)
  virConnectDomainXMLToNative, (13) virSecretDefineXML, (14)
  virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16)
  virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18)
  virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to
  an XML External Entity (XXE) issue.  NOTE: this issue was SPLIT from
  CVE-2014-0179 per ADT3 due to different affected versions of some vectors.

CVE-2014-0238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238):
  The cdf_read_property_info function in cdf.c in the Fileinfo component in
  PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a
  denial of service (infinite loop or out-of-bounds memory access) via a
  vector that (1) has zero length or (2) is too long.

CVE-2014-0237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237):
  The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in
  PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a
  denial of service (performance degradation) by triggering many file_printf
  calls.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-08-25 03:32:57 UTC 
CVE-2014-0207 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0207):
  The cdf_read_short_sector function in cdf.c in file before 5.19, as used in
  the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows
  remote attackers to cause a denial of service (assertion failure and
  application exit) via a crafted CDF file.
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2014-08-25 11:56:13 UTC 
sparc stable
Comment 14 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-25 12:15:54 UTC 
Arches: Thank you for your work. We already have a GLSA draft for this.

@maintainers: please clean up vulnerable versions
Comment 15 Agostino Sarubbo gentoo-dev 2014-08-26 09:59:46 UTC 
cleanup done
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:28:20 UTC 
This issue was resolved and addressed in
 GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).