Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 5 May 2016 16:50:31 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: CVE Request: PHP: several issues fixed with 7.0.6, 5.6.21 and 5.5.35

Hi,

With the 7.0.6, 5.6.21 and 5.5.35 PHP releases several issues were
fixed, of those at least those four were as well commited to 5.5.35
(only in security-fixes mode) and might warrant a CVE:

1/ bcpowmod accepts negative scale and corrupts _one_ definition
   - https://bugs.php.net/bug.php?id=72093
   - https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd

2/ xml_parse_into_struct segmentation fault
   - https://bugs.php.net/bug.php?id=72099
   - https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc

3/ Out-of-bounds reads in zif_grapheme_stripos with negative offset
   - https://bugs.php.net/bug.php?id=72061
   - https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb

4/ Out of bounds heap read access in exif header processing
   - https://bugs.php.net/bug.php?id=72094
   - https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92

I merely only have checked the php changelogs, but cannot give
background on the impact of those.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.