An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash. Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
Created php tracking bugs for this issue: Affects: fedora-all [bug 1155465]
Created file tracking bugs for this issue: Affects: fedora-all [bug 1155464]
PHP upstream bug: https://bugs.php.net/bug.php?id=68283 PHP upstream commit (PHP 5.4 branch for now): http://git.php.net/?p=php-src.git;a=commitdiff;h=1803228
file-5.19-7.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Acknowledgment: Name: Francisco Alonso (Red Hat Product Security)
IssueDescription: An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file.
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1768 https://rhn.redhat.com/errata/RHSA-2014-1768.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2014:1767 https://rhn.redhat.com/errata/RHSA-2014-1767.html
file-5.19-7.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2155 https://rhn.redhat.com/errata/RHSA-2015-2155.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0760 https://rhn.redhat.com/errata/RHSA-2016-0760.html