Attachment 6918 Details for Bug 37666

php5-extsec3.1.txt

php5-extsec3.1.txt (text/plain), 5.06 KB, created by Arvid Requate on 2015-05-22 10:56 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Arvid Requate

Created: 2015-05-22 10:56 CEST

Size: 5.06 KB

patch

obsolete

>Things from the php5 Debian changelog which changed between
>5.3.3-7+squeeze18 and 5.3.3-7+squeeze26:
>
>  * CVE-2014-9705.patch
>    Heap-based buffer overflow in the enchant_broker_request_dict 
>    function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x 
>    before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers 
>    to execute arbitrary code via vectors that trigger creation of 
>    multiple dictionaries.
>  * CVE-2015-0232.patch
>    The exif_process_unicode function in ext/exif/exif.c in PHP 
>    before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 
>    allows remote attackers to execute arbitrary code or cause a 
>    denial of service (uninitialized pointer free and application 
>    crash) via crafted EXIF data in a JPEG image.
>  * CVE-2015-2301.patch
>    Use-after-free vulnerability in the phar_rename_archive function  
>    in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6
>    allows remote attackers to cause a denial of service or possibly
>    have unspecified other impact via vectors that trigger an attempted
>    renaming of a Phar archive to the name of an existing file.
>  * CVE-2015-2331.patch
>    Integer overflow in the _zip_cdir_new function in zip_dirent.c 
>    in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP 
>    before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and 
>    other products, allows remote attackers to cause a denial of 
>    service (application crash) or possibly execute arbitrary code 
>    via a ZIP archive that contains many entries, leading to a 
>    heap-based buffer overflow.
>  * CVE-2015-2783.patch
>    Buffer Over-read in unserialize when parsing Phar
>  * CVE-2015-2787.patch
>    Use-after-free vulnerability in the process_nested_data function 
>    in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x 
>    before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to 
>    execute arbitrary code via a crafted unserialize call that 
>    leverages use of the unset function within an __wakeup function, 
>    a related issue to CVE-2015-0231.
>  * CVE-2015-3329.patch
>    Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
>  * CVE-2015-3330.patch
>    PHP potential remote code execution with apache 2.4 apache2handler
>  * CVE-2015-temp-68819.patch
>    denial of service when processing a crafted file with Fileinfo
>
>  * add patches provided by Univention (Janek Walkenhorst) for:
>    CVE-2014-0238:
>       The cdf_read_property_info function in cdf.c in the Fileinfo 
>       component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows 
>       remote attackers to cause a denial of service (infinite loop 
>       or out-of-bounds memory access) via a vector that (1) has zero 
>       length or (2) is too long.
>    CVE-2014-0237:
>       The cdf_unpack_summary_info function in cdf.c in the Fileinfo 
>       component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows 
>       remote attackers to cause a denial of service (performance 
>       degradation) by triggering many file_printf calls.
>    CVE-2014-2270:
>       softmagic.c in file before 5.17 and libmagic allows context
>       dependent attackers to cause a denial of service (out-of-bounds 
>       memory access and crash) via crafted offsets in the softmagic 
>       of a PE executable.
>  * add patches for CVE-2014-8117
>    - Stop reporting bad capabilities after the first few. 
>    - limit the number of program and section header number of sections
>    - limit recursion level
>
>  * [CVE-2014-3668]: Fix bug #68027 - fix date parsing in XMLRPC lib
>  * [CVE-2014-3669]: Fixed bug #68044: Integer overflow in unserialize() 
>                     (32-bits only)
>  * [CVE-2014-3670]: Fix bug #68113 (Heap corruption in exif_thumbnail())
>  * [CVE-2014-3710]: Fix bug #68283: fileinfo: out-of-bounds read in 
>                     elf note headers
>
>  * [CVE-2014-3538]: extensive backtracking in rule regular expression  
>  * [CVE-2014-3597]: Segfault in dns_get_record (PHP#67717)
>  * [CVE-2014-3587]: Segfault in cdf.c (PHP#67716)
>
>  * [CVE-2014-3515]: fix unserialize() SPL ArrayObject / SPLObjectStorage
>                     Type Confusion
>  * [CVE-2014-0207]: fileinfo: cdf_read_short_sector insufficient
>                     boundary check
>  * [CVE-2014-3480]: fileinfo: cdf_count_chain insufficient boundary check
>  * [CVE-2014-4721]: The phpinfo implementation in ext/standard/info.c in
>                     PHP before 5.4.30 and 5.5.x before 5.5.14 does not
>                     ensure use of the string data type for the PHP_AUTH_PW,
>                     PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables,
>                     which might allow context-dependent attackers to obtain
>                     sensitive information from process memory by using the
>                     integer data type with crafted values, related to a
>                     "type confusion" vulnerability, as demonstrated by
>                     reading a private SSL key in an Apache HTTP Server
>                     web-hosting environment with mod_ssl and a
>                     PHP 5.3.x mod_php.
>
>  * CVE-2014-4029
>
>  * [CVE-2014-1943]: Fix segmentation fault in libmagic (Closes: #739012)

Actions: View

Attachments on bug 37666: 6918 | 6919