A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the "asn1_time_to_time_t()" function (ext/openssl/openssl.c) when parsing X.509 certificates and can be exploited to corrupt memory via a specially crafted X.509 certificate. The vulnerability is reported in versions 5.3.27 and prior, 5.4.22 and prior, and 5.5.6 and prior. Other versions may also be affected. Solution Fixed in the source code repository. http://git.php.net/?p=php-src.git;a=commitdiff;h=c1224573c773b6845e83505f717fbf820fc18415 See also http://www.securelist.com/en/advisories/56055 Reproducible: Always
The issue is fixed in PHP 5.3.28, 5.4.23, 5.5.7 c.f. http://php.net/archive/2013.php#id2013-12-12-3
Also CVE-2013-4073 is fixed in version 4.3.28. http://www.php.net/archive/2013.php
CVE-2013-6420 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420): The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Are we ready for stabilization on affected versions? If so please advise what versions to stabilize.
We have Bug # 492784 going through stabilization now. Based on the text of this bug the patches/fixes are applied to the versions being stabilized as part of that bug: dev-lang/php-5.3.28 dev-lang/php-5.4.23 dev-lang/php-5.5.7 Setting this bug to depend on the 492784 (please advise if I am incorrect).
(In reply to Mike Limansky from comment #2) > Also CVE-2013-4073 is fixed in version 4.3.28. > http://www.php.net/archive/2013.php Note should be 5.3.28 - Correction only.
Maintainer(s), please drop the vulnerable version(s). Adding to existing GLSA.
This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F).