|Summary:||Multiple Vulnerabilities in PHP (CAN-2004-1018, CAN-2004-1019, CAN-2004-1063, CAN-2004-1064)|
|Product:||Gentoo Security||Reporter:||Hanno Böck <hanno>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||critical||CC:||christian.korff, cycloon, php-bugs|
|Whiteboard:||A1 [glsa] jaervosz|
|Package list:||Runtime testing required:||---|
|Bug Depends on:||74627|
Description Hanno Böck 2004-12-15 13:11:10 UTC
Stefan Esser has discovered various serious security issues in php (see link). Updates to 4.3.10 and 5.0.3 with fixes are available.
Comment 1 Hanno Böck 2004-12-15 14:06:58 UTC
After a quick test, it seems that just copying the php-5.0.2-r1.ebuild and mod_php-5.0.2.ebuild to 5.0.3 works.
Comment 2 Rajiv Aaron Manglani (RETIRED) 2004-12-15 15:26:16 UTC
*** This bug has been marked as a duplicate of 72735 ***
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) 2004-12-15 22:55:17 UTC
Reopening to handle stable marking.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) 2004-12-15 22:58:55 UTC
Arches please mark 4.3.10 stable.
Comment 5 Jochen Maes (RETIRED) 2004-12-16 00:24:17 UTC
stable on ppc
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) 2004-12-16 01:28:42 UTC
*** Bug 74600 has been marked as a duplicate of this bug. ***
Comment 7 Markus Rothe (RETIRED) 2004-12-16 02:19:17 UTC
stable on ppc64
Comment 8 Dylan Carlson (RETIRED) 2004-12-16 02:40:10 UTC
stable on amd64.
Comment 9 Stuart Herbert (RETIRED) 2004-12-16 02:46:16 UTC
Please make sure that you test & mark the following packages: * dev-php/php-4.3.10 * dev-php/mod_php-4.3.10 * dev-php/php-cgi-4.3.10 PHP 5.0.2 wasn't marked stable, so we don't need (and shouldn't be!) marking PHP-5.0.3 as stable. Best regards, Stu
Comment 10 Thierry Carrez (RETIRED) 2004-12-16 03:23:36 UTC
There are more fixed than just what was reported in Stefan's advisory : See http://www.php.net/release_4_3_10.php --------------------- CAN-2004-1018 - shmop_write() out of bounds memory write access. CAN-2004-1018 - integer overflow/underflow in pack() and unpack() functions. CAN-2004-1019 - possible information disclosure, double free and negative reference index array underflow in deserialization code. CAN-2004-1020 - addslashes() not escaping \0 correctly. CAN-2004-1063 - safe_mode execution directory bypass. CAN-2004-1064 - arbitrary file access through path truncation. CAN-2004-1065 - exif_read_data() overflow on long sectionname. magic_quotes_gpc could lead to one level directory traversal with file uploads. ---------------------
Comment 11 Christian Birchinger (RETIRED) 2004-12-16 04:32:17 UTC
Created attachment 46114 [details] build log 4.3.10 doesn't build on my sparc
Comment 12 Gustavo Zacarias (RETIRED) 2004-12-16 05:53:22 UTC
I'm getting the same (broken) results as Joker for my ultra.
Comment 13 Robin Johnson 2004-12-16 06:11:17 UTC
Could you please trace the errors in the zend .c file that is referenced in your errors there.
Comment 14 Christian Gut 2004-12-16 08:17:12 UTC
(php|php-cgi)-4.3.10 built on two i386 machines FYI Just had to fiddle with java and LDPATHs
Comment 15 Robin Johnson 2004-12-16 10:31:15 UTC
Sparc: please see bug #74627 I don't know why it didn't catch PPC.
Comment 16 Gustavo Zacarias (RETIRED) 2004-12-16 10:41:48 UTC
Probably because ppc is including stdint.h, linux/types.h or bits/types.h somewhere else which sparc isn't. I'm currently building fixed ebuilds for sparc, be back soon.
Comment 17 Gustavo Zacarias (RETIRED) 2004-12-16 18:36:30 UTC
php-4.3.10, mod_php-4.3.10 & php-cgi-4.3.10 sparc stable with the fix. It's just applied for sparc since i won't have access to a ppc box until tomorrow and it seems it's required and/or could break them. BTW, ppc forgot about php-cgi.
Comment 18 Bryan Østergaard (RETIRED) 2004-12-17 02:47:56 UTC
Comment 19 Sune Kloppenborg Jeppesen (RETIRED) 2004-12-18 03:13:14 UTC
SeJo you forget to mark mod_php stable. See comment #9
Comment 20 Michael Hanselmann (hansmi) (RETIRED) 2004-12-18 04:23:12 UTC
Comment 21 Sune Kloppenborg Jeppesen (RETIRED) 2004-12-18 04:46:50 UTC
Thx Micheal, please remember to remove CC:-)
Comment 22 Thierry Carrez (RETIRED) 2004-12-19 06:01:23 UTC
GLSA 200412-14 hppa, ia64, mips, s390 : please mark stable to benefit from GLSA.
Comment 23 Hardave Riar (RETIRED) 2005-02-21 13:37:26 UTC
Comment 24 René Nussbaumer (RETIRED) 2005-06-26 05:12:58 UTC
Already stable on hppa