Bug 315511
Summary: | incorrect values from GMP functions in PHP | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Tom Swiss <tms> |
Component: | php | Assignee: | Joe Orton <jorton> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | low | ||
Version: | 4.5 | CC: | mkoci, security-response-team |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-05-18 20:32:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tom Swiss
2007-10-02 15:40:54 UTC
This bug results in errors in GMP calcuations; since GMP is sometimes used to implement RSA and other crytpographic schemes (for example, the Crypt_RSA package from PEAR), it does have some security relevance. Joe, can you add a comment on this? What's causing this flaw. Is it something we need to worry about from a security perspective? This looks like upstream #32773, where passing zero as a second parameter to various gmp_ functions cause them to fail. I can't see any security implications from such usage. You can work around it by switching the order of the arguments to gmp_add in the test case. Thanks for the quick response, Joe. Annoying that my search on bugs.php.net for "GMP" didn't find this. Any chance of the fix for this getting backported to RHEL 4.5? This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?". This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1013.html |