Bug 782943 (CVE-2011-4153)
Summary: | CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | fedora, jorton, robertbogdon, rpm |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-27 17:16:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 819855, 819856, 830727, 830728, 830729, 830730 | ||
Bug Blocks: | 782956, 835958, 835959, 835960 |
Description
Vincent Danen
2012-01-18 22:21:29 UTC
I don't see in the 5.3.9 changelog that this has been corrected, so Fedora may indeed be affected by this. The upstream bug is here: https://bugs.php.net/bug.php?id=55748 And the upstream commit for the 5.3 branch is here: http://svn.php.net/viewvc/?view=revision&revision=319457 Also this commit is relevant, the above is just for oci8.c. http://svn.php.net/viewvc?view=revision&revision=319442 Looks like the fix from r319457 made it into 5.3.x, but the fix from r319442 did not, or did not fully, looking at: http://svn.php.net/viewvc/php/php-src/tags/php_5_3_9/ext/com_dotnet/com_typeinfo.c?view=log oci8 (Oracle) and com_dotnet (Windows) extensions are not available in fedora This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1047 https://rhn.redhat.com/errata/RHSA-2012-1047.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1046 https://rhn.redhat.com/errata/RHSA-2012-1046.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1045 https://rhn.redhat.com/errata/RHSA-2012-1045.html |