Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-145-1 php5

Debian Security Advisory

DLA-145-1 php5 -- LTS security update

Date Reported:

31 Jan 2015

Affected Packages:

php5

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-0237, CVE-2014-0238, CVE-2014-2270, CVE-2014-8117.

More information:

Brief introduction

• CVE-2014-0237

  The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

• CVE-2014-0238

  The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

• CVE-2014-2270

  softmagic.c in file before 5.17 and libmagic allows context dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

• CVE-2014-8117
  • Stop reporting bad capabilities after the first few.
  • limit the number of program and section header number of sections
  • limit recursion level
• CVE-2015-TEMP (no official CVE number available yet)
  • null pointer deference (PHP bugs: 68739 68740)
  • out-of-bounds memory access (file bug: 398) additional patches from CVE-2014-3478 added

For Debian 6 Squeeze, these issues have been fixed in php5 version 5.3.3-7+squeeze24