oss-sec mailing list archives
Re: Fwd: CVE for PHP 5.5.38 issues
From: cve-assign () mitre org
Date: Sun, 24 Jul 2016 11:40:19 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://bugs.php.net/70480 (php_url_parse_ex() buffer overflow read). (Stas) http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31
Use CVE-2016-6288.
https://bugs.php.net/72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (loianhtuan at gmail dot com) http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87
Use CVE-2016-6289.
https://bugs.php.net/72562 (Use After Free in unserialize() with Unexpected Session Deserialization). (taoguangchen at icloud dot com) http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
Use CVE-2016-6290.
https://bugs.php.net/72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (Stas) http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
Use CVE-2016-6291.
https://bugs.php.net/72618 (NULL Pointer Dereference in exif_process_user_comment). (Stas) http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
Use CVE-2016-6292.
https://bugs.php.net/72533 (locale_accept_from_http out-of-bounds access). (Stas) This bug is inside libicu
http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
The related upstream code can be found in the http://source.icu-project.org/repos/icu/icu/trunk/source/common/uloc.cpp file. What we will do for now is assign one CVE ID for the "ICU for C/C++" product and a separate CVE ID for PHP. In other words, the bug #72533 discoverer has indicated that it is a bug in that ICU product. However, it is a bug at a different level within the PHP distribution, because aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 implies that PHP is intended to operate safely even with an unpatched copy of the ICU library. Use CVE-2016-6293 for ICU for C/C++. Use CVE-2016-6294 for PHP. (If there happens to be further information indicating that uloc_acceptLanguageFromHTTP was supposed to be using the tmp array as originally written, then we can reject CVE-2016-6293.)
https://bugs.php.net/72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (taoguangchen at icloud dot com) http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
Use CVE-2016-6295.
https://bugs.php.net/72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (Stas) This code seems to be part of libxmlrpc ... http://xmlrpc-epi.sourceforge.net/
Specifically, the problematic upstream code can be found at https://sourceforge.net/projects/xmlrpc-epi/files/xmlrpc-epi-base/0.54.2/xmlrpc-epi-0.54.2.tar.bz2/download in the xmlrpc-epi-0.54.2/src directory.
http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa
Use CVE-2016-6296 for this vulnerability in the xmlrpc-epi product. (The same CVE ID applies to the copy of the code that is shipped in the PHP distribution.) (Incidentally, although MITRE cannot be a vulnerability coordinator for this issue, we noticed that "[2016-07-18 00:16 UTC]" comment in 72606 seems to refer to a different product. The mentioned http://gggeek.github.io/phpxmlrpc/ page says "This is also not the library which can be compiled as a php extension and has been bundled with php since version 4.1.0" and links to http://xmlrpc-epi.sourceforge.net/ to point out that it is NOT that codebase. See also the https://sourceforge.net/p/xmlrpc-epi/git/ci/master/tree/AUTHORS page.)
https://bugs.php.net/72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (loianhtuan at gmail dot com) http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
Use CVE-2016-6297. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXlODkAAoJEHb/MwWLVhi2PLcP/1/ENMBAz8i3UQ6I46x+6bMB zQMSUWE4uJphTLiQU5Ley1iGLb6cqluJ/xKZh5Lx/kbfunUSIE7NTpY6S9xO9yV4 tbEYgT3/rE2QSYHkmEAPy1NNRwQMnim1DYeG4erTjFTAf7slEncqz8uphPasz2ws R4BlyPxw/NYDjcS5lXyevpLyFnuS+4uJ5kpNTXJ8xgsVJpisxW8FyhzNrnFIRSyE akyoDTBllvrJpbavMBHBthydGsiwX+lfUb985eWrQnzz8V+wSpNM/y+W4kRAFpd1 0eLujLnxbpoiGfZ145qxIlPTFmH40KL1yfqPHudg+U/1WwCVZ6Hhi2pYSfOs2q3w RKmyUTrD502UXlhZiC6yQIKVzqFsjKrS7a4F39UCuI1X+Goyav7PUWvC7aPbme8B utfEbhT0EB9W1qnSN8ULIXABJdq00HGbW/qiFSjU+fexSl4H0+xMD4o6GPAboy6a K8uHTgIMKdnlf8khEGTryMg7+iy4IuM+c29wo+9CXS5ULPt/ISDQKGCvVPOt7ry8 4zjnoKhmMkRGWy1Id/4YxVVBkLb+xp38/CEO8u2QJnCyvQvbN36fX3dAlvEs70ft w9GKmP70SS/H08E+iSAZTfeWVZZSA8PfAT4O1RLEp9QFzWw7Xl8GQHfoErtySxgj Q55iDuHdNurMnz8RJY7T =v2Jy -----END PGP SIGNATURE-----
Current thread:
- Fwd: CVE for PHP 5.5.38 issues Lior Kaplan (Jul 24)
- Re: Fwd: CVE for PHP 5.5.38 issues cve-assign (Jul 24)