Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Apr 2016 13:46:49 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: oss-security@...ts.openwall.com
Cc: security@....net, Lior Kaplan <kaplan@...ian.org>,
 Ondřej Surý <ondrej@...ian.org>
Subject: Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and
 5.5.34 releases

On 2016-04-21 01:42 PM, Salvatore Bonaccorso wrote:
> Hi,
> 
> On Mon, Apr 11, 2016 at 09:41:41PM +0200, Matthias Geerdsen wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Hi,
>>
>> could you please provide CVE IDs for the following PHP issues fixed in
>> the latest releases, as I have not yet seen any IDs yet:
>>
>> - -  Buffer over-write in finfo_open with malformed magic file
>> https://bugs.php.net/bug.php?id=71527
>> http://bugs.gw.com/view.php?id=522
>>
>> - - Integer overflow in php_raw_url_encode
>> https://bugs.php.net/bug.php?id=71798
>> https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c
>> 1661db6ba2c451
>>
>>
>> - - php_snmp_error() Format String Vulnerability
>> https://bugs.php.net/bug.php?id=71704
>> https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060
>> ce9c9269bbdcf8
>>
>>
>> - - Invalid memory write in phar on filename containing \0 inside name
>> https://bugs.php.net/bug.php?id=71860
>> https://gist.github.com/smalyshev/80b5c2909832872f2ba2
>>
>>
>> - - AddressSanitizer: negative-size-param (-1) in mbfl_strcut
>> https://bugs.php.net/bug.php?id=71906
>> https://gist.github.com/smalyshev/d8355c96a657cc5dba70
> 
> Can CVE identiers be assigned for those?
> 
> The recent Ubuntu USN 2952-1 as well fixed some other issues without
> CVE identifers, cf. http://www.ubuntu.com/usn/usn-2952-1/
> 

FYI, here is information on the two issues that didn't have CVE numbers in the
Ubuntu update:

1- libxml_disable_entity_loader setting is shared between threads

https://bugs.php.net/bug.php?id=64938
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817
http://framework.zend.com/security/advisory/ZF2015-06
http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9

2- openssl_random_pseudo_bytes() is not cryptographically secure

https://bugs.php.net/bug.php?id=70014
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203
http://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827

Marc.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ