Bug 1222538 (CVE-2015-4599, CVE-2015-4600, CVE-2015-4601)
Summary: | CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bleanhar, ccoleman, dmcphers, fedora, jdetiber, jialiu, jkeck, jliggitt, jokerman, jorton, kseifried, lmeyer, mmaslano, mmccomas, rcollet, webstack-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | php 5.4.40, php 5.5.24, php 5.6.8 | Doc Type: | Bug Fix |
Doc Text: |
Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-09 21:36:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1228052, 1228053, 1228070, 1228071, 1228072, 1228073 | ||
Bug Blocks: | 1213462 |
Description
Vasyl Kaigorodov
2015-05-18 13:14:42 UTC
In addition to commits mentioned in comment 0, there is additional commit: http://git.php.net/?p=php-src.git;a=commitdiff;h=a894a8155fab068d68a04bf181dbaddfa01ccbb0 to address the issue mentioned in the following comment of the upstream bug: https://bugs.php.net/bug.php?id=69152#1427277435 Multiple CVEs were assigned for the fixes mentioned in the bug, see: http://seclists.org/oss-sec/2015/q2/727 CVE-2015-4599 was assigned for the original SoapFault::__toString issue reported in the upstream bug: https://bugs.php.net/bug.php?id=69152#1425215948 and corrected in: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4 CVE-2015-4600 was assigned for the SoapClient::__getLastRequest, SoapClient::__getLastResponse, SoapClient::__getLastRequestHeaders, SoapClient::__getLastResponseHeaders, SoapClient::__getCookies, and SoapClient::__setCookie issue described in the following comments of the upstream bug: https://bugs.php.net/bug.php?id=69152#1425271419 https://bugs.php.net/bug.php?id=69152#1425271913 and corrected in: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 CVE-2015-4601 was assigned for the other fixes applied as part of upstream commit 0c136a2a. CVE-2015-4602 was assigned for the incomplete class type confusion issue reported in: https://bugs.php.net/bug.php?id=69152#1426863482 and corrected in: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1 CVE-2015-4603 was assigned for the exception::getTraceAsString() issue reported in: https://bugs.php.net/bug.php?id=69152#1425357025 and corrected in: http://git.php.net/?p=php-src.git;a=commitdiff;h=a894a8155fab068d68a04bf181dbaddfa01ccbb0 CVE-2015-4599, CVE-2015-4600, and CVE-2015-4601 issues were already corrected in Red Hat Software Collections updates in 2.0: php54: https://rhn.redhat.com/errata/RHSA-2015-1066.html php55: https://rhn.redhat.com/errata/RHSA-2015-1053.html as part of the fixes for CVE-2015-4147 (bug 1204868) / CVE-2015-4148 (bug 1226916). The rh-php56 collection packages introduced via RHEA-2015:1057 had these issues corrected since the initial release: rh-php56: https://rhn.redhat.com/errata/RHEA-2015-1057.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1135 https://rhn.redhat.com/errata/RHSA-2015-1135.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1218 https://rhn.redhat.com/errata/RHSA-2015-1218.html |