+++ This bug was initially created as a clone of Bug #516994 +++ ## PHP 5.4 is also affected by this bug which is corrected in http://git.php.net/?p=php-src.git;a=commit;h=51c38a09970c1f8395e68500c0b2ed1b3c9a6786 and http://git.php.net/?p=php-src.git;a=commit;h=61e0f8599d4e2a222ec49781e5be90fbbc1cd65b ## From ${URL} : Description Two vulnerabilities have been reported in PHP, which can be exploited by malicious, local users to gain escalated privileges. 1) A use-after-free error related to SPL iterators can be exploited to corrupt memory. 2) A use-after-free error related to ArrayIterators can be exploited to corrupt memory. Successful exploitation may allow execution of arbitrary code with e.g. web server's privileges by executing a specially crafted PHP script within Apache HTTP server context. The vulnerabilities are reported in version 5.5.14. Other versions may also be affected. Solution: Fixed in the source code repository. Provided and/or discovered by: insighti within bug entries. Original Advisory: https://bugs.php.net/bug.php?id=67538 https://bugs.php.net/bug.php?id=67539 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-4698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4698): Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE-2014-4670 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670): Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
Stabilization, cleanup done. In existing GLSA request.
This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F).