[v3.0] php: Segfault, Buffer overflow and stack smashing (CVE-2015-5589, CVE-2015-5590)
Segfault in Phar::convertToData on invalid file
https://bugs.php.net/bug.php?id=69958
http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
- php_stream_close(phar->fp);
- if (phar->fp) {
- php_stream_close(phar->fp);
- }
Use CVE-2015-5589.
Buffer overflow and stack smashing error in phar_fix_filepath
https://bugs.php.net/bug.php?id=69923
http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
there is no check if `newpath_len` will exceed MAXPATHLEN, which is
the size of `newpath` on the stack.
Use CVE-2015-5590.
Reference:
http://seclists.org/oss-sec/2015/q3/147
http://seclists.org/oss-sec/2015/q3/161
(from redmine: issue id 4486, created on 2015-07-27, closed on 2015-07-31)
- Relations:
- parent #4485 (closed)
- Changesets:
- Revision 203c60e9 by Natanael Copa on 2015-07-30T14:23:50Z:
main/php: security upgrade to 5.5.27 (CVE-2015-3152,CVE-2015-5589,CVE-2015-5590)
fixes #4486