Univention Bugzilla – Bug 34256
php: Multiple issues (3.2)
Last modified: 2015-01-05 11:02:04 CET
+++ This bug was initially created as a clone of Bug #34255 +++ Denial of service in the file classiert (CVE-2014-1943)
Denial of service in libmagic (CVE-2014-2270)
Two additional denial of service bugs in the fileinfo classifier for CDF: CVE-2014-0237 / CVE-2014-0238
Memory disclosure information leak in phpinfo() (CVE-2014-4721)
Buffer overflow in the function to parse DNS TXT records (CVE-2014-4049) Buffer overflow in CDF module in the filemagic module (CVE-2014-3487, CVE-2014-3479, CVE-2014-3480, CVE-2014-0207) Incorrect string size calculation oin the softmagic module in filemagic (CVE-2014-3478)
*** Bug 35123 has been marked as a duplicate of this bug. ***
CVE-2014-3487, CVE-2014-3478 and CVE-2014-3479 don't affect the PHP version in UCS 3.2; the code was introduced later.
The following issues are open: Denial of service in the file classier (CVE-2014-1943) Denial of service in libmagic (CVE-2014-2270) Two additional denial of service bugs in the fileinfo classifier for CDF (CVE-2014-0237, CVE-2014-0238, CVE-2014-3480, CVE-2014-0207 Memory disclosure information leak in phpinfo() (CVE-2014-4721) Buffer overflow in the function to parse DNS TXT records (CVE-2014-4049)
The fix for CVE-2014-4049 was incomplete (CVE-2014-3597)
Buffer overflow in the CDF parsing in the filemagic module (CVE-2014-3587)
Heap corruption issue in processing exif thumbnails (CVE-2014-3670) Integer overflow in unserialize() (CVE-2014-3669) Out of bounds read in mkgmtime() (CVE-2014-3668)
Buffer overflow in the xmlrpc date_from_ISO8601() function (CVE-2014-8626)
Out of bounds reads when parsing ELF section headers in the file extension (CVE-2014-3710)
Predictable cache file when using the pear tool allows local denial of service (CVE-2014-5459)
(In reply to Moritz Muehlenhoff from comment #13) > Predictable cache file when using the pear tool allows local denial of > service (CVE-2014-5459) → Bug 37093
Imported 5.3.3-7+squeeze23 from squeeze-lts. Added 02_CVE-2014-0238.patch 03_CVE-2014-0237.patch 05_CVE-2014-2270.patch Tests (amd64): OK Advisory: 2014-11-27-php5.yaml
The patches and the build are fine. Tests with Dokuwiki and Owncloud 5 from the App center were successful. The subsequent update to Owncloud 6 (which introduces a separate scope with PHP 5.4) worked fine as well. YAML files ok.
http://errata.univention.de/ucs/3.2/258.html
This update also fixed CVE-2014-3538, a denial of service issue in filemagic.