Bug 1234940 (CVE-2015-4644)
Summary: | CVE-2015-4644 php: NULL pointer dereference in php_pgsql_meta_data() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | fedora, jorton, mmaslano, rcollet, webstack-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | php 5.4.42, php 5.5.26, php 5.6.10 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-21 08:39:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1234942 | ||
Bug Blocks: | 1234941 |
Description
Vasyl Kaigorodov
2015-06-23 14:31:47 UTC
Created php tracking bugs for this issue: Affects: fedora-all [bug 1234942] Unlike the CVE-2015-1352 issue, this also affected older PHP versions including PHP 5.3.3 as shipped with Red Hat Enterprise Linux. This issue was already corrected in latest Red Hat Software Collections PHP packages updates: https://rhn.redhat.com/errata/RHSA-2015-1187.html rh-php56-php https://rhn.redhat.com/errata/RHSA-2015-1186.html php55-php https://rhn.redhat.com/errata/RHSA-2015-1219.html php54-php As the impact of this issue is limited to PHP interpreter crash, and it is triggered by a crafted database table name when using pgsql extension, this issue was rated as having Low security impact and is not planned to be corrected in future php packages updated in Red Hat Enterprise Linux 6 and 7, and php53 packages in Red Hat Enterprise Linux 5. The php packages in Red Hat Enterprise Linux 5 were not affected by this issue. This bug can only be an issue if PHP application uses untrusted input from remote user as database table name. This is unlikely, and is likely to have worse impact by itself (e.g. it may lead to SQL injection attacks). It is assume that table names (but also column names) used in SQL queries are from trusted source. Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not planned to be corrected in future updates for php packages in Red Hat Enterprise Linux 6 and 7, and php53 packages in Red Hat Enterprise Linux 5. The php packages in Red Hat Enterprise Linux 5 were not affected by this issue. |