Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 520134 (CVE-2014-4698) - <dev-lang/php-5.4.32: PHP 5.4 series - Two Use-After-Free Vulnerabilities (CVE-2014-{4670,4698})
Summary: <dev-lang/php-5.4.32: PHP 5.4 series - Two Use-After-Free Vulnerabilities (CV...
Status: RESOLVED FIXED
Alias: CVE-2014-4698
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://secunia.com/advisories/56800/
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-17 15:06 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2014-08-31 11:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-17 15:06:53 UTC
+++ This bug was initially created as a clone of Bug #516994 +++

##

PHP 5.4 is also affected by this bug which is corrected in 
http://git.php.net/?p=php-src.git;a=commit;h=51c38a09970c1f8395e68500c0b2ed1b3c9a6786
and 
http://git.php.net/?p=php-src.git;a=commit;h=61e0f8599d4e2a222ec49781e5be90fbbc1cd65b

##
From ${URL} :

Description

Two vulnerabilities have been reported in PHP, which can be exploited by malicious, local users to gain escalated privileges.

1) A use-after-free error related to SPL iterators can be exploited to corrupt memory.

2) A use-after-free error related to ArrayIterators can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code with e.g. web server's privileges by executing a specially crafted PHP 
script within Apache HTTP server context.

The vulnerabilities are reported in version 5.5.14. Other versions may also be affected.

Solution:
Fixed in the source code repository.

Provided and/or discovered by:
insighti within bug entries.

Original Advisory:
https://bugs.php.net/bug.php?id=67538
https://bugs.php.net/bug.php?id=67539


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-08-25 02:41:58 UTC
CVE-2014-4698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4698):
  Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in
  PHP through 5.5.14 allows context-dependent attackers to cause a denial of
  service or possibly have unspecified other impact via crafted ArrayIterator
  usage within applications in certain web-hosting environments.

CVE-2014-4670 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670):
  Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in
  PHP through 5.5.14 allows context-dependent attackers to cause a denial of
  service or possibly have unspecified other impact via crafted iterator usage
  within applications in certain web-hosting environments.
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-26 10:03:57 UTC
Stabilization, cleanup done. In existing GLSA request.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:28:27 UTC
This issue was resolved and addressed in
 GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).