Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 May 2015 17:07:51 +0200
From: Tomas Hoger <>
Cc: <>, <>,
Subject: Re: Re: CVE Request: various issues in PHP

On Wed, 20 May 2015 15:49:34 +0200 Vasyl Kaigorodov wrote:

> > >>,
> > >> - various functions allow
> > >> \0 in paths where they shouldn't. In theory, that could lead to
> > >> security failure for path-based access controls if the user
> > >> injects string with \0 in it. It's a bit theoretical, but it's a
> > >> possibility.
> CVE-2015-4025, CVE-2015-4026 respectively.

Both of these CVEs are addressed in a single commit, that also covers
few other functions not mentioned in either of the two bug reports
(dir()/opendir() and chroot()).  Which CVE do those additional fixes
fall under?  They are not 5.4 regressions, so probably not
CVE-2015-4025, but maybe not under CVE-2015-4026 either given that bug
68598 only mentions pcntl_exec().

I think there are few fixes in 5.4.40 / 5.5.24 / 5.6.8 that should have
CVEs assigned:;a=commitdiff;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80

More CVE-2015-4025 / CVE-2015-4026 / CVE-2006-7243 like issues.  More
notes on what got changed is in RHBZ:;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1

More unserialize issues.;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd

Fileinfo DoS.

Can CVEs be assigned for these?  Thank you!

Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ