1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
PublicDateAtUSN: 2014-10-24
Candidate: CVE-2014-3710
PublicDate: 2014-11-05
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
http://www.ubuntu.com/usn/usn-2391-1
http://www.ubuntu.com/usn/usn-2494-1
Description:
The donote function in readelf.c in file through 5.20, as used in the
Fileinfo component in PHP 5.4.34, does not ensure that sufficient note
headers are present, which allows remote attackers to cause a denial of
service (out-of-bounds read and application crash) via a crafted ELF file.
Ubuntu-Description:
Notes:
Bugs:
https://bugs.php.net/bug.php?id=68283
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768806 (file)
Priority: low
Discovered-by: Francisco Alonso
Assigned-to: mdeslaur
Patches_php5:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d
upstream: http://git.php.net/?p=php-src.git;a=commit;h=5b295bf19161b14d6c81151fd89c2f17bd50525c (5.5)
upstream: http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d (5.4)
upstream_php5: needs-triage
lucid_php5: released (5.3.2-1ubuntu4.28)
precise_php5: released (5.3.10-1ubuntu3.15)
trusty_php5: released (5.5.9+dfsg-1ubuntu4.5)
utopic_php5: released (5.5.12+dfsg-2ubuntu4.1)
devel_php5: released (5.5.12+dfsg-2ubuntu5)
Patches_file:
upstream: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
upstream_file: needs-triage
lucid_file: released (5.03-5ubuntu1.5)
precise_file: released (5.09-2ubuntu0.6)
trusty_file: released (1:5.14-2ubuntu3.3)
utopic_file: released (1:5.19-1ubuntu1.2)
devel_file: released (1:5.20-1ubuntu2)
|