Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Jun 2016 10:58:34 +0300
From: Lior Kaplan <kaplanlior@...il.com>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: CVE for PHP 5.5.37 issues

Hi,

PHP 5.5.37 is near its release, please review these following issues for
CVE:

GD:
  . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
    heap overflow). (Pierre)

https://bugs.php.net/bug.php?id=72339
http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac


GD:
  . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor()
resulting
    in heap overflow). (Pierre)

https://bugs.php.net/bug.php?id=72446
http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6


- mbstring:
   . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free).
(Stas)

https://bugs.php.net/bug.php?id=72402
http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62


- mcrypt:
   . Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)

https://bugs.php.net/bug.php?id=72455
http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0


- SPL:
  . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)

https://bugs.php.net/bug.php?id=72262
http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba


- SPL:
  . Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
    unserialize). (Dmitry)

https://bugs.php.net/bug.php?id=72433
http://git.php.net/?p=php-src.git;a=commitdiff;h=3f627e580acfdaf0595ae3b115b8bec677f203ee


- WDDX:
  . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)

https://bugs.php.net/bug.php?id=72340
http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c


- zip:
  . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in
PHP's GC
    algorithm and unserialize). (Dmitry)

https://bugs.php.net/bug.php?id=72434
http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6

Kaplan

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ