Bug 1185900 (CVE-2015-1351) - CVE-2015-1351 php: use after free in opcache extension
Summary: CVE-2015-1351 php: use after free in opcache extension
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-1351
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1185897 1209865 1209867 1209880 1209884
Blocks: 1185412
TreeView+ depends on / blocked
 
Reported: 2015-01-26 15:18 UTC by Vasyl Kaigorodov
Modified: 2021-02-17 05:44 UTC (History)
16 users (show)

Fixed In Version: php 5.5.25, php 5.6.8
Doc Type: Bug Fix
Doc Text:
A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory.
Clone Of:
Environment:
Last Closed: 2015-06-04 11:22:41 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1053 0 normal SHIPPED_LIVE Moderate: php55 security and bug fix update 2015-06-04 12:06:06 UTC
Red Hat Product Errata RHSA-2015:1066 0 normal SHIPPED_LIVE Important: php54 security and bug fix update 2015-06-05 15:42:20 UTC

Description Vasyl Kaigorodov 2015-01-26 15:18:25 UTC 
Use after free was reported in the PHP "opcache" extension [1].
Upstream commit that fixes this:
http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115

[1]: https://bugs.php.net/bug.php?id=68677
Comment 1 Vasyl Kaigorodov 2015-01-26 15:19:43 UTC 
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1185897]
Comment 2 Remi Collet 2015-04-02 14:12:43 UTC 
opcache is part of php in 5.5+ (so RHSCL only)

opcache is a separate package (php-pecl-zendopcache) for 5.4, available in EPEL, and RHSCL (php54) not in RHEL.
Comment 3 Tomas Hoger 2015-04-08 11:22:35 UTC 
Created php-pecl-zendopcache tracking bugs for this issue:

Affects: epel-all [bug 1209865]
Comment 5 Tomas Hoger 2015-04-08 11:34:49 UTC 
Statement:

This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Comment 8 Remi Collet 2015-04-14 10:57:16 UTC 
PHP 5.5 commit (previous was for master only)
http://git.php.net/?p=php-src.git;a=commit;h=0a8f28b43212cc2ddbc1f2df710e37b1bec0addd
Comment 9 Fedora Update System 2015-04-22 22:51:43 UTC 
php-5.6.8-1.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2015-04-23 16:10:49 UTC 
php-5.6.8-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2015-04-27 08:39:15 UTC 
php-5.5.24-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2015-04-29 19:19:44 UTC 
php-pecl-zendopcache-7.0.5-1.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2015-04-29 19:20:58 UTC 
php-pecl-zendopcache-7.0.5-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 errata-xmlrpc 2015-06-04 08:03:37 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1066 https://rhn.redhat.com/errata/RHSA-2015-1066.html
Comment 15 errata-xmlrpc 2015-06-04 08:06:57 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1053 https://rhn.redhat.com/errata/RHSA-2015-1053.html
Note You need to log in before you can comment on or make changes to this bug.