Summary: | <dev-lang/php-5.6.7: Multiple vulnerabilities (CVE-2015-{1351,1352}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/01/08/2 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-01-24 20:05:36 UTC
@maintainers: should the opcache and fopen issues be backported to current versions? Based on a quick glance at the code the issues seems to still affect 5.5.22 at least (from what I can see the other issues were determined to be invalid as security fixes based on ${URL} thread) Maintainer(s) does the current version going through stabilization contain a fix for this? Stabilization versions: 5.4.38,5.5.22,5.6.6 as part of Bug 541098? Per the CVE: "Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." Added to existing GLSA. This issue was resolved and addressed in GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10 by GLSA coordinator Kristian Fiskerstrand (K_F). |