Bug 1185900 (CVE-2015-1351)
| Summary: | CVE-2015-1351 php: use after free in opcache extension | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | bleanhar, bressers, ccoleman, dmcphers, fedora, jdetiber, jialiu, jkeck, jokerman, jorton, kseifried, lmeyer, mmaslano, mmccomas, rcollet, webstack-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | php 5.5.25, php 5.6.8 | Doc Type: | Bug Fix |
| Doc Text: |
A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-06-04 11:22:41 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1185897, 1209865, 1209867, 1209880, 1209884 | ||
| Bug Blocks: | 1185412 | ||
|
Description
Vasyl Kaigorodov
2015-01-26 15:18:25 UTC
Created php tracking bugs for this issue: Affects: fedora-all [bug 1185897] opcache is part of php in 5.5+ (so RHSCL only) opcache is a separate package (php-pecl-zendopcache) for 5.4, available in EPEL, and RHSCL (php54) not in RHEL. Created php-pecl-zendopcache tracking bugs for this issue: Affects: epel-all [bug 1209865] Statement: This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 5, 6 and 7. PHP 5.5 commit (previous was for master only) http://git.php.net/?p=php-src.git;a=commit;h=0a8f28b43212cc2ddbc1f2df710e37b1bec0addd php-5.6.8-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. php-5.6.8-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. php-5.5.24-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. php-pecl-zendopcache-7.0.5-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. php-pecl-zendopcache-7.0.5-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Via RHSA-2015:1066 https://rhn.redhat.com/errata/RHSA-2015-1066.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Via RHSA-2015:1053 https://rhn.redhat.com/errata/RHSA-2015-1053.html |