oss-sec mailing list archives
Re: Re: CVE Request: PHP last release security issues
From: Tyler Hicks <tyhicks () canonical com>
Date: Tue, 22 Mar 2016 17:05:54 -0500
On 2016-03-16 16:42:30, cve-assign () mitre org wrote:
https://bugs.php.net/bug.php?id=71610Type Confusion Vulnerability - SOAP / make_http_soap_request()Due to an insufficient validation of the cookies field when making SOAP http requesthttps://github.com/php/php-src/blob/master/ext/soap/php_http.cThere is lack of validation of 2nd/3rd elements in cookies array. and a type confusion occurs when they are no longer string.[2016-02-22 07:48 UTC] stas () php net Fix added to security repo as eaf4e77190d402ea014207e9a7d5da1a4f3727bahttps://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba+ Z_TYPE_P(tmp) != IS_STRING ||+ Z_TYPE_P(tmp) != IS_STRING ||Use CVE-2016-3185.
I see a similar bug and fix in the PHP 5.x branch: https://bugs.php.net/bug.php?id=70081 https://git.php.net/?p=php-src.git;a=commitdiff;h=c96d08b27226193dd51f2b50e84272235c6aaa69 Note that the bug was filed in 2015. It was fixed in 5.6.12: https://secure.php.net/ChangeLog-5.php#5.6.12 Does CVE-2016-3185 cover the issue in 5.x, as well? Tyler
Attachment:
signature.asc
Description:
Current thread:
- CVE Request: PHP last release security issues Marcus Meissner (Mar 10)
- Re: CVE Request: PHP last release security issues cve-assign (Mar 16)
- Re: Re: CVE Request: PHP last release security issues Tyler Hicks (Mar 22)
- Re: CVE Request: PHP last release security issues cve-assign (Mar 25)
- Re: Re: CVE Request: PHP last release security issues Tyler Hicks (Mar 22)
- Re: CVE Request: PHP last release security issues cve-assign (Mar 16)