| Summary: | CVE-2014-3710 file: out-of-bounds read in elf note headers | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Francisco Alonso <falonso> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bressers, carnil, fedora, jkaluza, jorton, mmaslano, rcollet, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | php 5.4.35, php 5.5.19, php 5.6.3, file 5.22 | Doc Type: | Bug Fix |
| Doc Text: |
An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-05-11 06:49:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1155464, 1155465, 1155930, 1155931, 1155937, 1155939, 1155940, 1155941, 1155943, 1238984, 1238985, 1284826 | ||
| Bug Blocks: | 1149858, 1155074, 1210268, 1278736 | ||
|
Description
Francisco Alonso
2014-10-21 10:51:30 UTC
Created php tracking bugs for this issue: Affects: fedora-all [bug 1155465] Created file tracking bugs for this issue: Affects: fedora-all [bug 1155464] PHP upstream bug: https://bugs.php.net/bug.php?id=68283 PHP upstream commit (PHP 5.4 branch for now): http://git.php.net/?p=php-src.git;a=commitdiff;h=1803228 file-5.19-7.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. Acknowledgment: Name: Francisco Alonso (Red Hat Product Security) IssueDescription: An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1768 https://rhn.redhat.com/errata/RHSA-2014-1768.html This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2014:1767 https://rhn.redhat.com/errata/RHSA-2014-1767.html file-5.19-7.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2155 https://rhn.redhat.com/errata/RHSA-2015-2155.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0760 https://rhn.redhat.com/errata/RHSA-2016-0760.html |