A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error within the "asn1_time_to_time_t()" function (ext/openssl/openssl.c) when parsing X.509 certificates and can be exploited to corrupt memory via a specially crafted X.509 certificate.
The vulnerability is reported in versions 5.3.27 and prior, 5.4.22 and prior, and 5.5.6 and prior. Other versions may also be affected.
Fixed in the source code repository.
The issue is fixed in PHP 5.3.28, 5.4.23, 5.5.7 c.f. http://php.net/archive/2013.php#id2013-12-12-3
Also CVE-2013-4073 is fixed in version 4.3.28. http://www.php.net/archive/2013.php
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before
5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse
(1) notBefore and (2) notAfter timestamps in X.509 certificates, which
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption) via a crafted certificate that is not properly
handled by the openssl_x509_parse function.
Are we ready for stabilization on affected versions? If so please advise what versions to stabilize.
We have Bug # 492784 going through stabilization now. Based on the text of this bug the patches/fixes are applied to the versions being stabilized as part of that bug:
Setting this bug to depend on the 492784 (please advise if I am incorrect).
(In reply to Mike Limansky from comment #2)
> Also CVE-2013-4073 is fixed in version 4.3.28.
Note should be 5.3.28 - Correction only.
Maintainer(s), please drop the vulnerable version(s).
Adding to existing GLSA.
This issue was resolved and addressed in
GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).