1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Candidate: CVE-2015-8879
PublicDate: 2016-05-21
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8879
http://www.php.net/ChangeLog-5.php
Description:
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12
mishandles driver behavior for SQL_WVARCHAR columns, which allows remote
attackers to cause a denial of service (application crash) in opportunistic
circumstances by leveraging use of the odbc_fetch_array function to access
a certain type of Microsoft SQL Server table.
Ubuntu-Description:
Notes:
tyhicks> This issue is specific to php5 being used with the Microsoft SQL ODBC
driver
mdeslaur> this will not be fixed in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Bugs:
https://bugs.php.net/bug.php?id=69975
Priority: negligible
Discovered-by:
Assigned-to:
Patches_php5:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=16db4d1462bf3eacb93c0cd940f799160a284b24
upstream: http://git.php.net/?p=php-src.git;a=commit;h=344ff5dd4c538eaebea075f7705321f8b86d0b47
upstream_php5: released (5.6.12)
precise_php5: ignored
trusty_php5: ignored
vivid/stable-phone-overlay_php5: DNE
vivid/ubuntu-core_php5: DNE
wily_php5: ignored
xenial_php5: DNE
devel_php5: DNE
|