Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 24 Jul 2016 11:40:19 -0400 (EDT)
From: cve-assign@...re.org
To: kaplanlior@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, security@....net
Subject: Re: Fwd: CVE for PHP 5.5.38 issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://bugs.php.net/70480 (php_url_parse_ex() buffer overflow read). (Stas)
> http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31

Use CVE-2016-6288.


> https://bugs.php.net/72513 (Stack-based buffer overflow vulnerability in
> virtual_file_ex). (loianhtuan at gmail dot com)
> http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87

Use CVE-2016-6289.


> https://bugs.php.net/72562 (Use After Free in unserialize() with Unexpected Session
> Deserialization). (taoguangchen at icloud dot com)
> http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32

Use CVE-2016-6290.


> https://bugs.php.net/72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
> (Stas)
> http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519

Use CVE-2016-6291.


> https://bugs.php.net/72618 (NULL Pointer Dereference in exif_process_user_comment).
> (Stas)
> http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4

Use CVE-2016-6292.


> https://bugs.php.net/72533 (locale_accept_from_http out-of-bounds access). (Stas)
> This bug is inside libicu

> http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4

The related upstream code can be found in the
http://source.icu-project.org/repos/icu/icu/trunk/source/common/uloc.cpp
file.

What we will do for now is assign one CVE ID for the "ICU for C/C++"
product and a separate CVE ID for PHP. In other words, the bug #72533
discoverer has indicated that it is a bug in that ICU product.
However, it is a bug at a different level within the PHP distribution,
because aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 implies that PHP is
intended to operate safely even with an unpatched copy of the ICU
library.

Use CVE-2016-6293 for ICU for C/C++.

Use CVE-2016-6294 for PHP.

(If there happens to be further information indicating that
uloc_acceptLanguageFromHTTP was supposed to be using the tmp array as
originally written, then we can reject CVE-2016-6293.)


> https://bugs.php.net/72479 (Use After Free Vulnerability in SNMP with GC and
> unserialize()). (taoguangchen at icloud dot com)
> http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3

Use CVE-2016-6295.


> https://bugs.php.net/72606 (heap-buffer-overflow (write) simplestring_addn
> simplestring.c). (Stas)
> This code seems to be part of libxmlrpc ... http://xmlrpc-epi.sourceforge.net/

Specifically, the problematic upstream code can be found at
https://sourceforge.net/projects/xmlrpc-epi/files/xmlrpc-epi-base/0.54.2/xmlrpc-epi-0.54.2.tar.bz2/download
in the xmlrpc-epi-0.54.2/src directory.

> http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa

Use CVE-2016-6296 for this vulnerability in the xmlrpc-epi product.
(The same CVE ID applies to the copy of the code that is shipped in
the PHP distribution.)

(Incidentally, although MITRE cannot be a vulnerability coordinator
for this issue, we noticed that "[2016-07-18 00:16 UTC]" comment in
72606 seems to refer to a different product. The mentioned
http://gggeek.github.io/phpxmlrpc/ page says "This is also not the
library which can be compiled as a php extension and has been bundled
with php since version 4.1.0" and links to
http://xmlrpc-epi.sourceforge.net/ to point out that it is NOT that
codebase. See also the
https://sourceforge.net/p/xmlrpc-epi/git/ci/master/tree/AUTHORS page.)


> https://bugs.php.net/72520 (Stack-based buffer overflow vulnerability in
> php_stream_zip_opener). (loianhtuan at gmail dot com)
> http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9

Use CVE-2016-6297.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXlODkAAoJEHb/MwWLVhi2PLcP/1/ENMBAz8i3UQ6I46x+6bMB
zQMSUWE4uJphTLiQU5Ley1iGLb6cqluJ/xKZh5Lx/kbfunUSIE7NTpY6S9xO9yV4
tbEYgT3/rE2QSYHkmEAPy1NNRwQMnim1DYeG4erTjFTAf7slEncqz8uphPasz2ws
R4BlyPxw/NYDjcS5lXyevpLyFnuS+4uJ5kpNTXJ8xgsVJpisxW8FyhzNrnFIRSyE
akyoDTBllvrJpbavMBHBthydGsiwX+lfUb985eWrQnzz8V+wSpNM/y+W4kRAFpd1
0eLujLnxbpoiGfZ145qxIlPTFmH40KL1yfqPHudg+U/1WwCVZ6Hhi2pYSfOs2q3w
RKmyUTrD502UXlhZiC6yQIKVzqFsjKrS7a4F39UCuI1X+Goyav7PUWvC7aPbme8B
utfEbhT0EB9W1qnSN8ULIXABJdq00HGbW/qiFSjU+fexSl4H0+xMD4o6GPAboy6a
K8uHTgIMKdnlf8khEGTryMg7+iy4IuM+c29wo+9CXS5ULPt/ISDQKGCvVPOt7ry8
4zjnoKhmMkRGWy1Id/4YxVVBkLb+xp38/CEO8u2QJnCyvQvbN36fX3dAlvEs70ft
w9GKmP70SS/H08E+iSAZTfeWVZZSA8PfAT4O1RLEp9QFzWw7Xl8GQHfoErtySxgj
Q55iDuHdNurMnz8RJY7T
=v2Jy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ