Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 May 2015 17:07:51 +0200
From: Tomas Hoger <>
Cc: <>, <>,
Subject: Re: Re: CVE Request: various issues in PHP

On Wed, 20 May 2015 15:49:34 +0200 Vasyl Kaigorodov wrote:

> > >>,
> > >> - various functions allow
> > >> \0 in paths where they shouldn't. In theory, that could lead to
> > >> security failure for path-based access controls if the user
> > >> injects string with \0 in it. It's a bit theoretical, but it's a
> > >> possibility.
> CVE-2015-4025, CVE-2015-4026 respectively.

Both of these CVEs are addressed in a single commit, that also covers
few other functions not mentioned in either of the two bug reports
(dir()/opendir() and chroot()).  Which CVE do those additional fixes
fall under?  They are not 5.4 regressions, so probably not
CVE-2015-4025, but maybe not under CVE-2015-4026 either given that bug
68598 only mentions pcntl_exec().

I think there are few fixes in 5.4.40 / 5.5.24 / 5.6.8 that should have
CVEs assigned:;a=commitdiff;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80

More CVE-2015-4025 / CVE-2015-4026 / CVE-2006-7243 like issues.  More
notes on what got changed is in RHBZ:;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1

More unserialize issues.;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd

Fileinfo DoS.

Can CVEs be assigned for these?  Thank you!

Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.