Bug 1175718 – CVE-2014-8142 php: use after free vulnerability in unserialize()

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1175718 - (CVE-2014-8142) CVE-2014-8142 php: use after free vulnerability in unserialize()

Summary:	CVE-2014-8142 php: use after free vulnerability in unserialize()

Status:	CLOSED ERRATA

Aliases:	CVE-2014-8142

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20141218,repor...
Keywords:	Security

Depends On:	1176156 1204765 1204766 1205733 1205734
Blocks:	1175678 1210213
	Show dependency tree / graph

Reported:	2014-12-18 08:15 EST by Tomas Hoger
Modified:	2015-07-09 17:41 EDT (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	php 5.4.36, php 5.5.20, php 5.6.4
Doc Type:	Bug Fix
Doc Text:	A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-07-09 17:41:25 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1053	normal	SHIPPED_LIVE	Moderate: php55 security and bug fix update	2015-06-04 08:06:06 EDT
Red Hat Product Errata	RHSA-2015:1066	normal	SHIPPED_LIVE	Important: php54 security and bug fix update	2015-06-05 11:42:20 EDT
Red Hat Product Errata	RHSA-2015:1135	normal	SHIPPED_LIVE	Important: php security and bug fix update	2015-06-23 08:11:40 EDT

Groups: None (edit)

Description Tomas Hoger 2014-12-18 08:15:06 EST

A use-after-free flaw was found in PHP unserialize().  An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize().

Upstream bug (currently private):

https://bugs.php.net/bug.php?id=68594

Upstream commit:

http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc

Note that unserialize() is unsafe for use on untrusted inputs, as is documented in the PHP manual for the function:

http://php.net/manual/en/function.unserialize.php

Comment 2 Vincent Danen 2014-12-19 10:02:35 EST

Statement:

This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5 and 6 or the versions of php53 as shipped with Red Hat Enterprise Linux 5.

The PHP manual documents that using unserialize() on untrusted user input is unsafe and not recommended.

Comment 3 Vincent Danen 2014-12-19 10:05:28 EST

Created php tracking bugs for this issue:

Affects: fedora-all [bug 1176156]

Comment 4 Fedora Update System 2014-12-29 04:58:46 EST

php-5.5.20-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2014-12-29 04:59:32 EST

php-5.6.4-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2014-12-29 05:03:19 EST

php-5.5.20-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Vincent Danen 2015-02-09 09:30:16 EST

Note that upstream did not properly correct this flaw, and CVE-2015-0231 was assigned to that incomplete fix (see bug #1185397) so any future updates to fix this must take this into account to ensure that this CVE is properly fixed.

Comment 11 errata-xmlrpc 2015-06-04 04:03:24 EDT

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1066 https://rhn.redhat.com/errata/RHSA-2015-1066.html

Comment 12 errata-xmlrpc 2015-06-04 04:06:45 EDT

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1053 https://rhn.redhat.com/errata/RHSA-2015-1053.html

Comment 13 errata-xmlrpc 2015-06-23 04:11:52 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1135 https://rhn.redhat.com/errata/RHSA-2015-1135.html

Note You need to log in before you can comment on or make changes to this bug.