Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 544186 (CVE-2015-0231) - <dev-lang/php-{5.4.39,5.5.23,5.6.7}: Multiple vulnerabilities (CVE-2015-{0231,2305,2331,2348,2787,4147,4148})
Summary: <dev-lang/php-{5.4.39,5.5.23,5.6.7}: Multiple vulnerabilities (CVE-2015-{0231...
Status: RESOLVED FIXED
Alias: CVE-2015-0231
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://php.net/archive/2015.php#id201...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-23 06:29 UTC by Tomáš Mózes
Modified: 2016-06-19 00:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomáš Mózes 2015-03-23 06:29:52 UTC
Already in tree.
Comment 1 Agostino Sarubbo gentoo-dev 2015-03-23 15:11:08 UTC
@php team: could we stabilize?
Comment 2 Ole Markus With (RETIRED) gentoo-dev 2015-03-23 20:56:38 UTC
(In reply to Agostino Sarubbo from comment #1)
> @php team: could we stabilize?

Yep. Terribly sorry for not notifying about this when I made the bump.
Comment 3 Agostino Sarubbo gentoo-dev 2015-03-26 14:29:47 UTC
Arches, please test and mark stable:
=dev-lang/php-5.4.39
=dev-lang/php-5.5.23
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 4 Agostino Sarubbo gentoo-dev 2015-03-27 09:55:59 UTC
amd64 stable
Comment 5 Jeroen Roovers gentoo-dev 2015-03-28 06:14:09 UTC
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2015-03-29 12:08:35 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-03-30 09:58:14 UTC
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2015-03-30 10:07:32 UTC
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-03-31 07:58:11 UTC
ppc64 stable
Comment 10 Markus Meier gentoo-dev 2015-04-02 19:59:24 UTC
arm stable
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2015-04-05 04:30:28 UTC
CVE-2015-2331 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2331):
  Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip
  0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x
  before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote
  attackers to cause a denial of service (application crash) or possibly
  execute arbitrary code via a ZIP archive that contains many entries, leading
  to a heap-based buffer overflow.

CVE-2015-2305 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2305):
  Integer overflow in the regcomp implementation in the Henry Spencer BSD
  regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in
  NetBSD through 6.1.5 and other products, might allow context-dependent
  attackers to execute arbitrary code via a large regular expression that
  leads to a heap-based buffer overflow.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2015-04-05 04:32:10 UTC
CVE-2015-0231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231):
  Use-after-free vulnerability in the process_nested_data function in
  ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21,
  and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via
  a crafted unserialize call that leverages improper handling of duplicate
  numerical keys within the serialized properties of an object.  NOTE: this
  vulnerability exists because of an incomplete fix for CVE-2014-8142.
Comment 13 Yury German Gentoo Infrastructure gentoo-dev Security 2015-04-17 00:19:07 UTC
Ping on stabilization for ia64 and ppc.
Comment 14 Agostino Sarubbo gentoo-dev 2015-04-17 09:46:39 UTC
ia64 stable
Comment 15 Agostino Sarubbo gentoo-dev 2015-04-17 09:46:59 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 16 Agostino Sarubbo gentoo-dev 2015-04-17 09:49:22 UTC
cleanup done
Comment 17 Yury German Gentoo Infrastructure gentoo-dev Security 2015-04-18 22:37:31 UTC
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2015-06-21 00:00:50 UTC
CVE-2015-4148 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148):
  The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x
  before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property
  is a string, which allows remote attackers to obtain sensitive information
  by providing crafted serialized data with an int data type, related to a
  "type confusion" issue.

CVE-2015-4147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147):
  The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x
  before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers
  is an array, which allows remote attackers to execute arbitrary code by
  providing crafted serialized data with an unexpected data type, related to a
  "type confusion" issue.

CVE-2015-2787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787):
  Use-after-free vulnerability in the process_nested_data function in
  ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23,
  and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via
  a crafted unserialize call that leverages use of the unset function within
  an __wakeup function, a related issue to CVE-2015-0231.

CVE-2015-2348 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348):
  The move_uploaded_file implementation in ext/standard/basic_functions.c in
  PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a
  pathname upon encountering a \x00 character, which allows remote attackers
  to bypass intended extension restrictions and create files with unexpected
  names via a crafted second argument.  NOTE: this vulnerability exists
  because of an incomplete fix for CVE-2006-7243.
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2016-06-19 00:26:32 UTC
This issue was resolved and addressed in
 GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10
by GLSA coordinator Kristian Fiskerstrand (K_F).