Univention Bugzilla – Attachment 6918 Details for
Bug 37666
php5: Multiple issues (ES 3.1)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
php5-extsec3.1.txt
php5-extsec3.1.txt (text/plain), 5.06 KB, created by
Arvid Requate
on 2015-05-22 10:56 CEST
(
hide
)
Description:
php5-extsec3.1.txt
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2015-05-22 10:56 CEST
Size:
5.06 KB
patch
obsolete
>Things from the php5 Debian changelog which changed between >5.3.3-7+squeeze18 and 5.3.3-7+squeeze26: > > * CVE-2014-9705.patch > Heap-based buffer overflow in the enchant_broker_request_dict > function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x > before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers > to execute arbitrary code via vectors that trigger creation of > multiple dictionaries. > * CVE-2015-0232.patch > The exif_process_unicode function in ext/exif/exif.c in PHP > before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 > allows remote attackers to execute arbitrary code or cause a > denial of service (uninitialized pointer free and application > crash) via crafted EXIF data in a JPEG image. > * CVE-2015-2301.patch > Use-after-free vulnerability in the phar_rename_archive function > in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 > allows remote attackers to cause a denial of service or possibly > have unspecified other impact via vectors that trigger an attempted > renaming of a Phar archive to the name of an existing file. > * CVE-2015-2331.patch > Integer overflow in the _zip_cdir_new function in zip_dirent.c > in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP > before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and > other products, allows remote attackers to cause a denial of > service (application crash) or possibly execute arbitrary code > via a ZIP archive that contains many entries, leading to a > heap-based buffer overflow. > * CVE-2015-2783.patch > Buffer Over-read in unserialize when parsing Phar > * CVE-2015-2787.patch > Use-after-free vulnerability in the process_nested_data function > in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x > before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to > execute arbitrary code via a crafted unserialize call that > leverages use of the unset function within an __wakeup function, > a related issue to CVE-2015-0231. > * CVE-2015-3329.patch > Buffer Overflow when parsing tar/zip/phar in phar_set_inode) > * CVE-2015-3330.patch > PHP potential remote code execution with apache 2.4 apache2handler > * CVE-2015-temp-68819.patch > denial of service when processing a crafted file with Fileinfo > > * add patches provided by Univention (Janek Walkenhorst) for: > CVE-2014-0238: > The cdf_read_property_info function in cdf.c in the Fileinfo > component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows > remote attackers to cause a denial of service (infinite loop > or out-of-bounds memory access) via a vector that (1) has zero > length or (2) is too long. > CVE-2014-0237: > The cdf_unpack_summary_info function in cdf.c in the Fileinfo > component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows > remote attackers to cause a denial of service (performance > degradation) by triggering many file_printf calls. > CVE-2014-2270: > softmagic.c in file before 5.17 and libmagic allows context > dependent attackers to cause a denial of service (out-of-bounds > memory access and crash) via crafted offsets in the softmagic > of a PE executable. > * add patches for CVE-2014-8117 > - Stop reporting bad capabilities after the first few. > - limit the number of program and section header number of sections > - limit recursion level > > * [CVE-2014-3668]: Fix bug #68027 - fix date parsing in XMLRPC lib > * [CVE-2014-3669]: Fixed bug #68044: Integer overflow in unserialize() > (32-bits only) > * [CVE-2014-3670]: Fix bug #68113 (Heap corruption in exif_thumbnail()) > * [CVE-2014-3710]: Fix bug #68283: fileinfo: out-of-bounds read in > elf note headers > > * [CVE-2014-3538]: extensive backtracking in rule regular expression > * [CVE-2014-3597]: Segfault in dns_get_record (PHP#67717) > * [CVE-2014-3587]: Segfault in cdf.c (PHP#67716) > > * [CVE-2014-3515]: fix unserialize() SPL ArrayObject / SPLObjectStorage > Type Confusion > * [CVE-2014-0207]: fileinfo: cdf_read_short_sector insufficient > boundary check > * [CVE-2014-3480]: fileinfo: cdf_count_chain insufficient boundary check > * [CVE-2014-4721]: The phpinfo implementation in ext/standard/info.c in > PHP before 5.4.30 and 5.5.x before 5.5.14 does not > ensure use of the string data type for the PHP_AUTH_PW, > PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, > which might allow context-dependent attackers to obtain > sensitive information from process memory by using the > integer data type with crafted values, related to a > "type confusion" vulnerability, as demonstrated by > reading a private SSL key in an Apache HTTP Server > web-hosting environment with mod_ssl and a > PHP 5.3.x mod_php. > > * CVE-2014-4029 > > * [CVE-2014-1943]: Fix segmentation fault in libmagic (Closes: #739012)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
Attachments on
bug 37666
:
6918
|
6919