oss-sec mailing list archives
Re: CVE request: php-5.2.6 overflow issues
From: Christian Hoffmann <hoffie () gentoo org>
Date: Wed, 13 Aug 2008 12:53:04 +0200
On 2008-08-13 02:45, Steven M. Christey wrote:
Pierre from php and libgd upstream just confirmed that the vulnerable code is only present in php's copy (fork) of libgd. The independent libgd library is not vulnerable to this problem.On Fri, 8 Aug 2008, Christian Hoffmann wrote:two security issues, which might possibly allow for arbitrary code execution (afaik nobody has analyzed the details...), but at least DoS (think of FastCGI setups), were silently fixed in PHP again: * Overflow in ext/gd's imageloadfont() function [1] [2] [3]Use CVE-2008-3658, to be filled in later - I'm assuming this is a distinct component that doesn't just affect PHP.
-- Christian Hoffmann
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: php-5.2.6 overflow issues Christian Hoffmann (Aug 08)
- Re: CVE request: php-5.2.6 overflow issues Joe Orton (Aug 08)
- Re: CVE request: php-5.2.6 overflow issues Christian Hoffmann (Aug 08)
- Re: CVE request: php-5.2.6 overflow issues Joe Orton (Aug 08)
- Re: CVE request: php-5.2.6 overflow issues Christian Hoffmann (Aug 08)
- Re: CVE request: php-5.2.6 overflow issues Steven M. Christey (Aug 12)
- Re: CVE request: php-5.2.6 overflow issues Christian Hoffmann (Aug 13)
- Re: CVE request: php-5.2.6 overflow issues Joe Orton (Aug 08)