Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3669

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

Related bugs and status

CVE-2014-3669 (Candidate) is related to these bugs:

Bug #1411811: Please update php, mysql on ubuntu 15.04

Summary				In	Importance	Status
	1411811	Please update php, mysql on ubuntu 15.04		php5 (Ubuntu)	Undecided	Fix Released
	1411811	Please update php, mysql on ubuntu 15.04		mysql-5.6 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.php.net/?p=...
CONFIRM: http://php.net/ChangeL...
CONFIRM: https://bugs.php.net/b...
CONFIRM: https://bugzilla.redha...
CONFIRM: http://linux.oracle.co...
CONFIRM: http://linux.oracle.co...
DEBIAN: DSA-3064
REDHAT: RHSA-2014:1767
REDHAT: RHSA-2014:1768
SUSE: openSUSE-SU-2014:1377
UBUNTU: USN-2391-1
SECUNIA: 59967
SECUNIA: 60630
SECUNIA: 60699
SECUNIA: 61763
SECUNIA: 61970
SECUNIA: 61982
REDHAT: RHSA-2014:1765
REDHAT: RHSA-2014:1766
SUSE: openSUSE-SU-2014:1391
REDHAT: RHSA-2014:1824
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-04-08-2
SUSE: openSUSE-SU-2015:0014
CONFIRM: http://www.oracle.com/...
BID: 70611