Bug 34256 - php: Multiple issues (3.2)
php: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-4-errata
Assigned To: Janek Walkenhorst
Moritz Muehlenhoff
:
: 35123 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-05 14:04 CET by Moritz Muehlenhoff
Modified: 2015-01-05 11:02 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-03-05 14:04:05 CET
+++ This bug was initially created as a clone of Bug #34255 +++

Denial of service in the file classiert (CVE-2014-1943)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-03-06 10:00:18 CET
Denial of service in libmagic (CVE-2014-2270)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-06-02 08:21:19 CEST
Two additional denial of service bugs in the fileinfo classifier for CDF:
CVE-2014-0237 / CVE-2014-0238
Comment 3 Moritz Muehlenhoff univentionstaff 2014-07-08 16:29:54 CEST
Memory disclosure information leak in phpinfo() (CVE-2014-4721)
Comment 4 Moritz Muehlenhoff univentionstaff 2014-07-09 14:57:43 CEST
Buffer overflow in the function to parse DNS TXT records (CVE-2014-4049)
Buffer overflow in CDF module in the filemagic module (CVE-2014-3487, CVE-2014-3479, CVE-2014-3480, CVE-2014-0207)
Incorrect string size calculation oin the softmagic module in filemagic (CVE-2014-3478)
Comment 5 Moritz Muehlenhoff univentionstaff 2014-07-09 14:58:07 CEST
*** Bug 35123 has been marked as a duplicate of this bug. ***
Comment 6 Moritz Muehlenhoff univentionstaff 2014-07-09 15:02:07 CEST
CVE-2014-3487, CVE-2014-3478 and CVE-2014-3479 don't affect the PHP version in UCS 3.2; the code was introduced later.
Comment 7 Moritz Muehlenhoff univentionstaff 2014-07-09 15:03:48 CEST
The following issues are open:

Denial of service in the file classier (CVE-2014-1943)
Denial of service in libmagic (CVE-2014-2270)
Two additional denial of service bugs in the fileinfo classifier for CDF (CVE-2014-0237, CVE-2014-0238, CVE-2014-3480, CVE-2014-0207
Memory disclosure information leak in phpinfo() (CVE-2014-4721)
Buffer overflow in the function to parse DNS TXT records (CVE-2014-4049)
Comment 8 Moritz Muehlenhoff univentionstaff 2014-08-21 11:51:53 CEST
The fix for CVE-2014-4049 was incomplete (CVE-2014-3597)
Comment 9 Moritz Muehlenhoff univentionstaff 2014-09-08 07:55:15 CEST
Buffer overflow in the CDF parsing in the filemagic module (CVE-2014-3587)
Comment 10 Moritz Muehlenhoff univentionstaff 2014-10-22 12:36:36 CEST
Heap corruption issue in processing exif thumbnails (CVE-2014-3670)
Integer overflow in unserialize() (CVE-2014-3669)
Out of bounds read in mkgmtime() (CVE-2014-3668)
Comment 11 Moritz Muehlenhoff univentionstaff 2014-11-07 01:03:34 CET
Buffer overflow in the xmlrpc date_from_ISO8601() function (CVE-2014-8626)
Comment 12 Moritz Muehlenhoff univentionstaff 2014-11-10 13:33:05 CET
Out of bounds reads when parsing ELF section headers in the file extension (CVE-2014-3710)
Comment 13 Moritz Muehlenhoff univentionstaff 2014-11-25 13:00:29 CET
Predictable cache file when using the pear tool allows local denial of service (CVE-2014-5459)
Comment 14 Janek Walkenhorst univentionstaff 2014-11-27 17:21:38 CET
(In reply to Moritz Muehlenhoff from comment #13)
> Predictable cache file when using the pear tool allows local denial of
> service (CVE-2014-5459)Bug 37093
Comment 15 Janek Walkenhorst univentionstaff 2014-11-27 18:33:27 CET
Imported 5.3.3-7+squeeze23 from squeeze-lts.
Added 
 02_CVE-2014-0238.patch
 03_CVE-2014-0237.patch
 05_CVE-2014-2270.patch

Tests (amd64): OK
Advisory: 2014-11-27-php5.yaml
Comment 16 Moritz Muehlenhoff univentionstaff 2014-12-17 16:02:39 CET
The patches and the build are fine.

Tests with Dokuwiki and Owncloud 5 from the App center were successful.

The subsequent update to Owncloud 6 (which introduces a separate scope with PHP 5.4) worked fine as well.

YAML files ok.
Comment 17 Janek Walkenhorst univentionstaff 2014-12-19 13:57:47 CET
http://errata.univention.de/ucs/3.2/258.html
Comment 18 Moritz Muehlenhoff univentionstaff 2015-01-05 11:02:04 CET
This update also fixed CVE-2014-3538, a denial of service issue in filemagic.