Summary: | <dev-lang/php-{5.4.38,5.5.22,5.6.6}: use after free vulnerability in unserialize() with DateTimeZone (CVE-2014-9705,CVE-2015-0273) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tomáš Mózes <hydrapolic> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ap, php-bugs, tb |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://php.net/ChangeLog-5.php | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Tomáš Mózes
2015-02-23 07:23:09 UTC
PHP team, can we go stable with 5.5.22? (In reply to Tobias Heinlein from comment #1) > PHP team, can we go stable with 5.5.22? Yes. Go ahead Arches, please test and mark stable: =dev-lang/php-5.4.38 =dev-lang/php-5.5.22 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" amd64 stable Stable for HPPA. arm stable x86 done ia64 stable ppc stable ppc64 stable this will continue in bug 544186 CVE-2015-0273 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273): Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. CVE-2014-9705 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705): Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. This issue was resolved and addressed in GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10 by GLSA coordinator Kristian Fiskerstrand (K_F). |