Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 472558 (CVE-2013-2110) - <dev-lang/php-{5.4.17,5.3.27}: "php_quot_print_encode()" Buffer Overflow Vulnerability (CVE-2013-2110)
Summary: <dev-lang/php-{5.4.17,5.3.27}: "php_quot_print_encode()" Buffer Overflow Vuln...
Status: RESOLVED FIXED
Alias: CVE-2013-2110
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/53736/
Whiteboard: A2 [glsa]
Keywords:
: 470284 (view as bug list)
Depends on: 453948
Blocks: CVE-2013-3735
  Show dependency tree
 
Reported: 2013-06-07 09:35 UTC by Agostino Sarubbo
Modified: 2014-08-31 11:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-06-07 09:35:09 UTC
From ${URL} :

Description
A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the "php_quot_print_encode()" function (ext/standard/quot_print.c) when parsing passed strings, 
which can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

NOTE: Additionally, a security issue exists when parsing mimetype for MP3 files, which can be exploited to cause a crash in version 5.4.15.

The vulnerability is reported in versions prior to 5.4.16 and 5.3.26.


Solution
Update to version 5.4.16 or 5.3.26.

Provided and/or discovered by
Reported by the vendor.

Original Advisory
http://php.net/archive/2013.php#id2013-06-06-2
http://www.php.net/ChangeLog-5.php


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Ole Markus With (RETIRED) gentoo-dev 2013-06-07 12:14:17 UTC
Ebuilds in portage. Please go ahead with stabilisation.
Comment 2 Chris Reffett gentoo-dev Security 2013-07-03 00:12:12 UTC
Sure, why not. Arches, please stabilize =dev-lang/php-5.3.26 and =dev-lang/php-5.4.16, target arches for both: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86. Thanks!
Comment 3 Jeroen Roovers gentoo-dev 2013-07-06 11:49:59 UTC
Stable for HPPA.
Comment 4 Agostino Sarubbo gentoo-dev 2013-07-07 09:59:25 UTC
Arches, please test and mark stable:
=dev-lang/php-5.3.26
=dev-lang/php-5.4.16
=app-admin/eselect-php-0.7.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 5 Agostino Sarubbo gentoo-dev 2013-07-07 09:59:50 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-07-07 10:00:10 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-07-07 11:25:27 UTC
(In reply to Agostino Sarubbo from comment #4)
> Arches, please test and mark stable:
> =dev-lang/php-5.3.26
> =dev-lang/php-5.4.16
> =app-admin/eselect-php-0.7.1
> Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Arches, please test and mark stable:
=dev-lang/php-5.3.26
=dev-lang/php-5.4.17
=app-admin/eselect-php-0.7.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

It fixes also bug 474656 and bug 472204
Comment 8 Agostino Sarubbo gentoo-dev 2013-07-07 12:04:16 UTC
amd64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-07-07 12:04:51 UTC
x86 stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-07-07 15:21:27 UTC
ia64 stable
Comment 11 Chris Reffett gentoo-dev Security 2013-07-12 21:01:40 UTC
Re-adding completed 5.3.26 arches. Please test and stable =dev-lang/php-5.3.27, target arches alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86, in order to also fix bug 476570 (this seemed like the simplest way, instead of adding several more blockers).
Comment 12 Agostino Sarubbo gentoo-dev 2013-07-13 06:04:59 UTC
amd64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2013-07-13 06:05:06 UTC
ia64 stable
Comment 14 Agostino Sarubbo gentoo-dev 2013-07-13 06:05:14 UTC
x86 stable
Comment 15 Agostino Sarubbo gentoo-dev 2013-07-13 18:19:00 UTC
ppc stable
Comment 16 Agostino Sarubbo gentoo-dev 2013-07-13 18:25:17 UTC
(In reply to Chris Reffett from comment #11)
> Re-adding completed 5.3.26 arches. Please test and stable
> =dev-lang/php-5.3.27, target arches alpha amd64 arm hppa ia64 ppc ppc64 s390
> sh sparc x86, in order to also fix bug 476570 (this seemed like the simplest
> way, instead of adding several more blockers).

I don't see that version in tree
Comment 17 Agostino Sarubbo gentoo-dev 2013-07-13 19:15:27 UTC
ppc64 stable
Comment 18 Agostino Sarubbo gentoo-dev 2013-07-14 14:21:29 UTC
alpha stable
Comment 19 Agostino Sarubbo gentoo-dev 2013-07-14 17:36:21 UTC
arm stable
Comment 20 Agostino Sarubbo gentoo-dev 2013-07-21 17:40:41 UTC
sh stable
Comment 21 Agostino Sarubbo gentoo-dev 2013-07-22 08:54:02 UTC
sparc stable
Comment 22 Agostino Sarubbo gentoo-dev 2013-07-27 20:49:00 UTC
*** Bug 470284 has been marked as a duplicate of this bug. ***
Comment 23 Jeroen Roovers gentoo-dev 2013-07-31 14:30:15 UTC
Stable for HPPA.
Comment 24 Agostino Sarubbo gentoo-dev 2013-08-06 12:35:19 UTC
s390 stable
Comment 25 Chris Reffett gentoo-dev Security 2013-08-23 14:19:07 UTC
Thank you, GLSA request filed.
Comment 26 GLSAMaker/CVETool Bot gentoo-dev 2013-08-31 18:44:54 UTC
CVE-2013-2110 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110):
  Heap-based buffer overflow in the php_quot_print_encode function in
  ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16
  allows remote attackers to cause a denial of service (application crash) or
  possibly have unspecified other impact via a crafted argument to the
  quoted_printable_encode function.
Comment 27 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 10:49:12 UTC
This issue was resolved and addressed in
 GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 28 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:26:03 UTC
This issue was resolved and addressed in
 GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).