Summary: | <dev-lang/php-{5.5.34,5.6.20,7.0.5}: Multiple vulnerabilities (CVE-2015-8865,CVE-2016-{4071,4072,4073}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tomáš Mózes <hydrapolic> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | himbeere, php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.php.net/ChangeLog-5.php#5.5.34 | ||
Whiteboard: | A2 [glsa glsa blocked cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 581834 | ||
Bug Blocks: |
Description
Tomáš Mózes
2016-04-01 07:19:36 UTC
I just pushed out the fixed versions. Arches, please test and mark stable: =dev-lang/php-5.5.34 =dev-lang/php-5.6.20 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" What about 7.0.5? (In reply to Tomáš Mózes from comment #3) > What about 7.0.5? the slot 7 is not stable, the stabilization won't happen in a security bug. amd64 stable x86 stable (In reply to Agostino Sarubbo from comment #4) > (In reply to Tomáš Mózes from comment #3) > > What about 7.0.5? > > the slot 7 is not stable, the stabilization won't happen in a security bug. That was more a question towards the php team. Stable for PPC64. Stable for HPPA. arm stable Alpha is skipping these in favor of =dev-lang/php-5.5.35/=dev-lang/php-5.6.21 from bug 581834. CVE-2016-4073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073): Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. CVE-2016-4072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072): The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c. CVE-2016-4071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071): Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. CVE-2015-8865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865): The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. This issue was resolved and addressed in GLSA 201611-22 at https://security.gentoo.org/glsa/201611-22 by GLSA coordinator Aaron Bauman (b-man). |