Date: Tue, 22 Mar 2016 17:05:54 -0500 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: meissner@...e.de, cve-assign@...re.org, security@....net Subject: Re: Re: CVE Request: PHP last release security issues On 2016-03-16 16:42:30, cve-assign@...re.org wrote: > > https://bugs.php.net/bug.php?id=71610 > > >> Type Confusion Vulnerability - SOAP / make_http_soap_request() > > >> Due to an insufficient validation of the cookies field when making SOAP http request > > >> https://github.com/php/php-src/blob/master/ext/soap/php_http.c > > >> There is lack of validation of 2nd/3rd elements in cookies array. > >> > >> and a type confusion occurs when they are no longer string. > > >> [2016-02-22 07:48 UTC] stas@....net > >> Fix added to security repo as eaf4e77190d402ea014207e9a7d5da1a4f3727ba > > > https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba > > >> + Z_TYPE_P(tmp) != IS_STRING || > > >> + Z_TYPE_P(tmp) != IS_STRING || > > Use CVE-2016-3185. I see a similar bug and fix in the PHP 5.x branch: https://bugs.php.net/bug.php?id=70081 https://git.php.net/?p=php-src.git;a=commitdiff;h=c96d08b27226193dd51f2b50e84272235c6aaa69 Note that the bug was filed in 2015. It was fixed in 5.6.12: https://secure.php.net/ChangeLog-5.php#5.6.12 Does CVE-2016-3185 cover the issue in 5.x, as well? Tyler [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ