Univention Bugzilla – Attachment 6919 Details for
Bug 37666
php5: Multiple issues (ES 3.1)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
advisory
3.1-php5.txt.asc (text/plain), 6.23 KB, created by
Janek Walkenhorst
on 2015-05-22 12:28 CEST
(
hide
)
Description:
advisory
Filename:
MIME Type:
Creator:
Janek Walkenhorst
Created:
2015-05-22 12:28 CEST
Size:
6.23 KB
patch
obsolete
>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >A new update is available for Univention Corporate Server 3.1 as >part of the extended security maintenance. >It addresses the following problem: > >Program component: php5 >Reference: CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 > CVE-2014-1943 CVE-2014-2270 CVE-2014-3480 > CVE-2014-3515 CVE-2014-3538 CVE-2014-3587 > CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 > CVE-2014-3670 CVE-2014-3710 CVE-2014-4029 > CVE-2014-4721 CVE-2014-8117 CVE-2014-9705 > CVE-2015-0232 CVE-2015-2301 CVE-2015-2331 > CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 > CVE-2015-3330 >Fixed version: 5.3.3.1-7.211.201505211213 > > * CVE-2014-9705 > Heap-based buffer overflow in the enchant_broker_request_dict > function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x > before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers > to execute arbitrary code via vectors that trigger creation of > multiple dictionaries. > * CVE-2015-0232 > The exif_process_unicode function in ext/exif/exif.c in PHP > before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 > allows remote attackers to execute arbitrary code or cause a > denial of service (uninitialized pointer free and application > crash) via crafted EXIF data in a JPEG image. > * CVE-2015-2301 > Use-after-free vulnerability in the phar_rename_archive function > in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 > allows remote attackers to cause a denial of service or possibly > have unspecified other impact via vectors that trigger an attempted > renaming of a Phar archive to the name of an existing file. > * CVE-2015-2331 > Integer overflow in the _zip_cdir_new function in zip_dirent.c > in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP > before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and > other products, allows remote attackers to cause a denial of > service (application crash) or possibly execute arbitrary code > via a ZIP archive that contains many entries, leading to a > heap-based buffer overflow. > * CVE-2015-2783 > Buffer Over-read in unserialize when parsing Phar > * CVE-2015-2787 > Use-after-free vulnerability in the process_nested_data function > in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x > before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to > execute arbitrary code via a crafted unserialize call that > leverages use of the unset function within an __wakeup function, > a related issue to CVE-2015-0231. > * CVE-2015-3329 > Buffer Overflow when parsing tar/zip/phar in phar_set_inode) > * CVE-2015-3330 > PHP potential remote code execution with apache 2.4 apache2handler > * CVE-2015-temp-68819.patch > denial of service when processing a crafted file with Fileinfo > * CVE-2014-0238 > The cdf_read_property_info function in cdf.c in the Fileinfo > component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows > remote attackers to cause a denial of service (infinite loop > or out-of-bounds memory access) via a vector that (1) has zero > length or (2) is too long. > * CVE-2014-0237 > The cdf_unpack_summary_info function in cdf.c in the Fileinfo > component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows > remote attackers to cause a denial of service (performance > degradation) by triggering many file_printf calls. > * CVE-2014-2270 > softmagic.c in file before 5.17 and libmagic allows context > dependent attackers to cause a denial of service (out-of-bounds > memory access and crash) via crafted offsets in the softmagic > of a PE executable. > * CVE-2014-8117 > Stop reporting bad capabilities after the first few. > limit the number of program and section header number of sections > limit recursion level > * CVE-2014-3668 > Fix bug #68027 - fix date parsing in XMLRPC lib > * CVE-2014-3669 > Fixed bug #68044: Integer overflow in unserialize() (32-bits only) > * CVE-2014-3670 > Fix bug #68113 (Heap corruption in exif_thumbnail()) > * CVE-2014-3710 > Fix bug #68283: fileinfo: out-of-bounds read in elf note headers > * CVE-2014-3538 > extensive backtracking in rule regular expression > * CVE-2014-3597 > Segfault in dns_get_record (PHP#67717) > * CVE-2014-3587 > Segfault in cdf.c (PHP#67716) > * CVE-2014-3515 > fix unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion > * CVE-2014-0207 > fileinfo: cdf_read_short_sector insufficient boundary check > * CVE-2014-3480 > fileinfo: cdf_count_chain insufficient boundary check > * CVE-2014-4721 > The phpinfo implementation in ext/standard/info.c in PHP before > 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string > data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and > PHP_SELF variables, which might allow context-dependent attackers > to obtain sensitive information from process memory by using the > integer data type with crafted values, related to a "type > confusion" vulnerability, as demonstrated by reading a private SSL > key in an Apache HTTP Server web-hosting environment with mod_ssl > and a PHP 5.3.x mod_php. > * CVE-2014-4029 > * CVE-2014-1943 > Fix segmentation fault in libmagic (Closes: #739012) > >- -- >Univention GmbH >be open. >Mary-Somerville-Str.1 >28359 Bremen >Tel. : +49 421 22232-0 >Fax : +49 421 22232-99 > ><info@univention.de> >http://www.univention.de/ > >Geschäftsführer: Peter H. Ganten >HRB 20755 Amtsgericht Bremen >Steuer-Nr.: 71-597-02876 >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v2 > >iQIcBAEBCAAGBQJVXwPpAAoJEC07aMN37ihbUPYP/1WaBUK9uHjzyhKylZR92QLc >Z9KLV5Gd8wlowgMLGEVlU8A8gG/RniN9mvDU4dXf7TXZWA7NCGDGsXJDmg1jMH9w >ssm1Kmacl4+kf8hxzN0cfKJAfVd1eVHwYXPVJD94JRsGk7Cz68WQ3tIkjdlBcdKI >VAnFT/OE52FNFpk/pOn9fEA9Pz4yqASBIiimRaEdLDO8aUKeN9UpA9v36j4gWvVV >WgOW5lb7sMSHaFJCwvgfoUVLvjjd3hS2cUUlg7PQOFQxY433SazHYFeML5C9owL+ >ik4J3jp3LCRiBcL0FsHCB3lJDpnI9tJJy5ZTvd5S9GVwV9X8Ckgl8zZ7MQSILbtA >0K0TByGUSwwBLPP9Z3FRoqQkGOCphzuAhfZPoOZnK77QOoY5R9yRYvYcJsLwNcpE >QxMzBv/kXM8PeimK5M7fY4nstpsDCmtGVOvLD6XvXOYc8rn+4jkXL2DgT/HM6/UL >QabmRHOMuxuyIGVBpjWghw63svpC0rzIViUiLkDg//yxQXcFGbj+ZdjOnyPEmJi4 >75FQ6gknmwRK+q4Alm5zYkOml/HZ8y8BQDuqYkij/vpcrUqnNHzl1vvKt8rUCJvQ >I3yvLgxpLLsyCdzD1rSDc7ix9927vYH/fgxwfmY+wJa4zeWCauJOpxJIs9nBsfWc >i5BKJVqKtMJKnYGDlgTz >=IV6h >-----END PGP SIGNATURE-----
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
Attachments on
bug 37666
:
6918
| 6919