Summary: | <dev-php/suhosin-0.9.38: Remote DoS Vulnerability (CVE-2015-4024) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | cyberbat <cyberbat83> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://raw.githubusercontent.com/stefanesser/suhosin/master/Changelog | ||
Whiteboard: | C3 [noglsa/cve] | ||
Package list: | Runtime testing required: | --- |
Description
cyberbat
2015-05-29 19:56:50 UTC
Arches, please mark stable Target keywords: dev-php/suhosin-0.9.38 alpha amd64 arm hppa ia64 sparc x86 Note: Upstream acknowledges these tests fail on php 5.4 [1] So please expect these tests to fail. Testing: suhosin.executor.eval.blacklist=max [tests/executor/eval_blacklist.phpt] Testing: suhosin.executor.eval.blacklist=printf via call_user_func [tests/executor/eval_blacklist_printf.phpt] Testing: suhosin.executor.eval.whitelist=printf via call_user_func [tests/executor/eval_whitelist_call_user_func.phpt] Testing: suhosin.executor.func.blacklist=printf [tests/executor/function_blacklist_printf.phpt] Testing: suhosin.executor.func.whitelist=call_user_func [tests/executor/function_whitelist_call_user_func.phpt] [1] https://github.com/stefanesser/suhosin/issues/68 Stable for HPPA. amd64 stable x86 stable CVE-2015-4024 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4024): Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. sparc stable arm stable alpha stable ia64 stable cleanup please! GLSA vote: no. GLSA Vote: No Cleanup done. + 22 Jul 2015; Brian Evans <grknight@gentoo.org> -suhosin-0.9.37.1.ebuild: + Remove security vulnerable version (In reply to Brian Evans from comment #11) > Cleanup done. > + 22 Jul 2015; Brian Evans <grknight@gentoo.org> -suhosin-0.9.37.1.ebuild: > + Remove security vulnerable version Thanks for cleanup |