Ubuntu
php5 package

PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability

Bug #852871 reported by Greg Skafte on 2011-09-17

260

This bug affects 1 person

	Status	Importance	Assigned to
php5 (Ubuntu)	Fix Released	Undecided	Steve Beattie
Hardy	Won't Fix	Low	Unassigned
Lucid	Fix Released	Low	Steve Beattie

Bug Description

PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability
http://www.php-security.org/2010/05/08/mops-2010-014-php-zend_bw_xor-opcode-interruption-address-information-leak-vulnerability/index.html

php5 5.3.2-1ubuntu4.9

Related branches

lp:ubuntu/lucid-security/php5

CVE References

Jamie Strandboge (jdstrand) on 2011-09-23

visibility:

private → public

Jamie Strandboge (jdstrand) on 2011-09-23

Changed in php5 (Ubuntu):
status:	New → Confirmed
assignee:	nobody → Steve Beattie (sbeattie)

Revision history for this message

Steve Beattie (sbeattie) wrote on 2011-10-17:

Thanks for reporting this issue. It has been addressed in Ubuntu 10.10 (maverick) and newer. For Ubuntu 10.04 LTS (lucid), I'll be applying the upstream fix for it. For Ubuntu 8.04 LTS (hardy), upstream never fixed this issue in the php 5.2 branch, and backporting the fix is non-trivial and thus has a non-trivial amount of risk to it, while the issue in question is of relatively low risk; it requires a malicious php script in place on the server. Thus this will not be fixed for 8.04.

Steve Beattie (sbeattie) on 2011-10-17

Changed in php5 (Ubuntu):
status:	Confirmed → Fix Released
Changed in php5 (Ubuntu Hardy):
status:	New → Won't Fix
importance:	Undecided → Low
Changed in php5 (Ubuntu Lucid):
status:	New → In Progress
importance:	Undecided → Low
assignee:	nobody → Steve Beattie (sbeattie)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-10-17:

This bug was fixed in the package php5 - 5.3.2-1ubuntu4.10

---------------
php5 (5.3.2-1ubuntu4.10) lucid-security; urgency=low

  [ Angel Abad ]
  * SECURITY UPDATE: File path injection vulnerability in RFC1867 File
    upload filename (LP: #813115)
    - debian/patches/php5-CVE-2011-2202.patch:
    - CVE-2011-2202
  * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
    (LP: #813110)
    - debian/patches/php5-CVE-2011-1938.patch:
    - CVE-2011-1938

  [ Steve Beattie ]
  * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
    on invalid flags
    - debian/patches/php5-CVE-2011-1657.patch: check for valid flags
    - CVE-2011-1657
  * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
    (non-ascii) passwords leading to a smaller collision space
    - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish
      to 1.2 to correct handling of passwords containing 8-bit
      (non-ascii) characters.
      CVE-2011-2483
  * SECURITY UPDATE: DoS due to failure to check for memory allocation errors
    - debian/patches/php5-CVE-2011-3182.patch: check the return values
      of the malloc, calloc, and realloc functions
    - CVE-2011-3182
  * SECURITY UPDATE: DoS in errorlog() when passed NULL
    - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in
      errorlog()
    - CVE-2011-3267
  * SECURITY UPDATE: information leak via handler interrupt (LP: #852871)
    - debian/patches/php5-CVE-2010-1914.patch: grab references before
      calling zendi_convert_to_long()
    - CVE-2010-1914
-- Steve Beattie <email address hidden> Fri, 14 Oct 2011 14:24:59 -0700

Changed in php5 (Ubuntu Lucid):
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuphp5 package