Summary: | <dev-lang/php-5.6.25: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secure.php.net/ChangeLog-5.php#5.6.25 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 594498 | ||
Bug Blocks: |
Description
Hanno Böck
2016-08-20 06:48:45 UTC
Additional vulnerabilities fixed in the mentioned versions (see CVE request at http://www.openwall.com/lists/oss-security/2016/09/02/5): GD: - select_colors write out-of-bounds PHP-Bug: https://bugs.php.net/bug.php?id=72697 EXIF: - Memory Leakage In exif_process_IFD_in_TIFF PHP-Bug: https://bugs.php.net/bug.php?id=72627 WDDX: - wddx_deserialize null dereference PHP-Bug: https://bugs.php.net/bug.php?id=72750 - wddx_deserialize null dereference with invalid xml PHP-Bug: https://bugs.php.net/bug.php?id=72790 - wddx_deserialize null dereference in php_wddx_pop_element PHP-Bug: https://bugs.php.net/bug.php?id=72799 PHP 7.0.10 only: Core: - memory allocator fails to realloc small block to large one PHP-Bug: https://bugs.php.net/bug.php?id=72742 An additional bug became a vulnerability: Core: - (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization) PHP-Bug: https://bugs.php.net/72663 CVEs are now assigned: http://www.openwall.com/lists/oss-security/2016/09/02/9 Arches, please test and mark stable: =dev-lang/php-5.6.25 =dev-lang/php-7.0.10 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Please disregard the reference to PHP 7 above, the correct atom is Arches, please test and mark stable: =dev-lang/php-5.6.25 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. amd64 stable Stable for PPC64. Stable on alpha. Stabilization of newer version in bug 594498 This issue was resolved and addressed in GLSA 201611-22 at https://security.gentoo.org/glsa/201611-22 by GLSA coordinator Aaron Bauman (b-man). |