[v3.0] php: issues fixed in 5.6.6 (CVE-2014-9705, CVE-2015-2301)
CVE-2014-9705:
Heap-based buffer overflow in the enchant_broker_request_dict
function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before
5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute
arbitrary code via vectors that trigger creation of multiple
dictionaries.
http://openwall.com/lists/oss-security/2015/03/15/6
MISC: https://www.htbridge.com/advisory/HTB23252
CONFIRM: http://php.net/ChangeLog-5.php
CONFIRM: https://bugs.php.net/bug.php?id=68552
CONFIRM:
http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
http://www.debian.org/security/2015/dsa-3195
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
http://www.ubuntu.com/usn/USN-2535-1
http://www.securitytracker.com/id/1031948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
CVE-2015-2301:
Use-after-free vulnerability in the phar_rename_archive function in
phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors that trigger an attempted renaming of a Phar
archive to the name of an existing file.
http://openwall.com/lists/oss-security/2015/03/15/6
CONFIRM:
http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b
CONFIRM: http://php.net/ChangeLog-5.php
CONFIRM: https://bugs.php.net/bug.php?id=68901
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1194747
http://www.debian.org/security/2015/dsa-3198
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
http://www.ubuntu.com/usn/USN-2535-1
http://www.securitytracker.com/id/1031949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
(from redmine: issue id 4113, created on 2015-04-27, closed on 2015-05-06)
- Relations:
- parent #4110 (closed)
- Changesets:
- Revision e4539845 by Natanael Copa on 2015-05-05T08:06:44Z:
main/php: security upgrade to 5.5.24
5.5.24:
- CVE-2015-1351
- CVE-2015-1352
- CVE-2015-2783
- CVE-2015-3329
- CVE-2015-3330
5.5.23:
- CVE-2015-2305
- CVE-2015-2331
- CVE-2015-2348
- CVE-2015-2787
5.5.22:
- CVE-2014-9705
- CVE-2015-0235 (migitation)
- CVE-2015-0273
- CVE-2015-2301
5.5.21:
- CVE-2014-9425
- CVE-2014-9427
- CVE-2014-9652
- CVE-2014-9709
- CVE-2015-0231
- CVE-2015-0232
5.5.20:
- CVE-2014-8142
5.5.19:
- CVE-2014-3710
5.5.18:
- CVE-2014-3669
- CVE-2014-3670
- CVE-2014-3668
5.5.17:
- no CVE
fixes #3712
fixes #4113