Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 589744

Summary: <dev-lang/php-{7.0.9,5.6.24,5.5.38}: Multiple vulnerabilities
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secure.php.net/ChangeLog-7.php#7.0.9
Whiteboard:
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2016-07-26 11:43:40 UTC 
The latest PHP updates fix a worrying number of security issues. 

These from the zpstream changelog sound like being security relevant (for 7.0.9, but most issues affect all three version trees):
Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex).
Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).
Fixed bug #72541 (size_t overflow lead to heap corruption).
Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
Fixed bug #72519 (imagegif/output out-of-bounds access).
Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow).
Fixed bug #72494 (imagecropauto out-of-bounds access).
Fixed bug #72533 (locale_accept_from_http out-of-bounds access).
Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).
Fixed bug #72399 (Use-After-Free in MBString (search_re)).
Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).
Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow).
Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization).
Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).
Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).

This one
https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
got a bit more public attention.

Please bump. Not sure if 5.5.x should still be bumped or just declared to be deprecated, as it won't receive any further security updates.
Comment 1 Brian Evans (RETIRED) gentoo-dev 2016-07-26 13:19:01 UTC 
(In reply to Hanno Boeck from comment #0)
> The latest PHP updates fix a worrying number of security issues. 
> 
> These from the zpstream changelog sound like being security relevant (for
> 7.0.9, but most issues affect all three version trees):
> Fixed bug #72513 (Stack-based buffer overflow vulnerability in
> virtual_file_ex).
> Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and
> applications).
> Fixed bug #72541 (size_t overflow lead to heap corruption).
> Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
> Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
> access).
> Fixed bug #72519 (imagegif/output out-of-bounds access).
> Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
> Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow).
> Fixed bug #72494 (imagecropauto out-of-bounds access).
> Fixed bug #72533 (locale_accept_from_http out-of-bounds access).
> Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read
> access).
> Fixed bug #72399 (Use-After-Free in MBString (search_re)).
> Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to
> heap overflow in mdecrypt_generic).
> Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
> Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow).
> Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
> Deserialization).
> Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
> unserialize()).
> Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn
> simplestring.c).
> Fixed bug #72520 (Stack-based buffer overflow vulnerability in
> php_stream_zip_opener).
> 
> This one
> https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-
> dollar/
> got a bit more public attention.
> 
> Please bump. Not sure if 5.5.x should still be bumped or just declared to be
> deprecated, as it won't receive any further security updates.

*** This bug has been marked as a duplicate of bug 589232 ***