Bug 34256 – php: Multiple issues (3.2)

Bug 34256 - php: Multiple issues (3.2)


Summary:	php: Multiple issues (3.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 3.2-4-errata
Assigned To:	Janek Walkenhorst
QA Contact:	Moritz Muehlenhoff

URL:
Keywords:

Duplicates:	35123 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-03-05 14:04 CET by Moritz Muehlenhoff
Modified:	2015-01-05 11:02 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Moritz Muehlenhoff

2014-03-05 14:04:05 CET

+++ This bug was initially created as a clone of Bug #34255 +++

Denial of service in the file classiert (CVE-2014-1943)

Comment 1 Moritz Muehlenhoff

2014-03-06 10:00:18 CET

Denial of service in libmagic (CVE-2014-2270)

Comment 2 Moritz Muehlenhoff

2014-06-02 08:21:19 CEST

Two additional denial of service bugs in the fileinfo classifier for CDF:
CVE-2014-0237 / CVE-2014-0238

Comment 3 Moritz Muehlenhoff

2014-07-08 16:29:54 CEST

Memory disclosure information leak in phpinfo() (CVE-2014-4721)

Comment 4 Moritz Muehlenhoff

2014-07-09 14:57:43 CEST

Buffer overflow in the function to parse DNS TXT records (CVE-2014-4049)
Buffer overflow in CDF module in the filemagic module (CVE-2014-3487, CVE-2014-3479, CVE-2014-3480, CVE-2014-0207)
Incorrect string size calculation oin the softmagic module in filemagic (CVE-2014-3478)

Comment 5 Moritz Muehlenhoff

2014-07-09 14:58:07 CEST

*** Bug 35123 has been marked as a duplicate of this bug. ***

Comment 6 Moritz Muehlenhoff

2014-07-09 15:02:07 CEST

CVE-2014-3487, CVE-2014-3478 and CVE-2014-3479 don't affect the PHP version in UCS 3.2; the code was introduced later.

Comment 7 Moritz Muehlenhoff

2014-07-09 15:03:48 CEST

The following issues are open:

Denial of service in the file classier (CVE-2014-1943)
Denial of service in libmagic (CVE-2014-2270)
Two additional denial of service bugs in the fileinfo classifier for CDF (CVE-2014-0237, CVE-2014-0238, CVE-2014-3480, CVE-2014-0207
Memory disclosure information leak in phpinfo() (CVE-2014-4721)
Buffer overflow in the function to parse DNS TXT records (CVE-2014-4049)

Comment 8 Moritz Muehlenhoff

2014-08-21 11:51:53 CEST

The fix for CVE-2014-4049 was incomplete (CVE-2014-3597)

Comment 9 Moritz Muehlenhoff

2014-09-08 07:55:15 CEST

Buffer overflow in the CDF parsing in the filemagic module (CVE-2014-3587)

Comment 10 Moritz Muehlenhoff

2014-10-22 12:36:36 CEST

Heap corruption issue in processing exif thumbnails (CVE-2014-3670)
Integer overflow in unserialize() (CVE-2014-3669)
Out of bounds read in mkgmtime() (CVE-2014-3668)

Comment 11 Moritz Muehlenhoff

2014-11-07 01:03:34 CET

Buffer overflow in the xmlrpc date_from_ISO8601() function (CVE-2014-8626)

Comment 12 Moritz Muehlenhoff

2014-11-10 13:33:05 CET

Out of bounds reads when parsing ELF section headers in the file extension (CVE-2014-3710)

Comment 13 Moritz Muehlenhoff

2014-11-25 13:00:29 CET

Predictable cache file when using the pear tool allows local denial of service (CVE-2014-5459)

Comment 14 Janek Walkenhorst

2014-11-27 17:21:38 CET

(In reply to Moritz Muehlenhoff from comment #13)
> Predictable cache file when using the pear tool allows local denial of
> service (CVE-2014-5459)
→ Bug 37093

Comment 15 Janek Walkenhorst

2014-11-27 18:33:27 CET

Imported 5.3.3-7+squeeze23 from squeeze-lts.
Added 
 02_CVE-2014-0238.patch
 03_CVE-2014-0237.patch
 05_CVE-2014-2270.patch

Tests (amd64): OK
Advisory: 2014-11-27-php5.yaml

Comment 16 Moritz Muehlenhoff

2014-12-17 16:02:39 CET

The patches and the build are fine.

Tests with Dokuwiki and Owncloud 5 from the App center were successful.

The subsequent update to Owncloud 6 (which introduces a separate scope with PHP 5.4) worked fine as well.

YAML files ok.

Comment 17 Janek Walkenhorst

2014-12-19 13:57:47 CET

http://errata.univention.de/ucs/3.2/258.html

Comment 18 Moritz Muehlenhoff

2015-01-05 11:02:04 CET

This update also fixed CVE-2014-3538, a denial of service issue in filemagic.