Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1213394 - (CVE-2015-3330) CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4
CVE-2015-3330 php: pipelined request executed in deinitialized interpreter un...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20150416,repo...
: Security
Depends On: 1228070 1228071 1228072 1228073 1228074 1228075 1228076 1228077
Blocks: 1213462
  Show dependency treegraph
 
Reported: 2015-04-20 09:05 EDT by Vasyl Kaigorodov
Modified: 2015-06-25 04:45 EDT (History)
17 users (show)

See Also:
Fixed In Version: php 5.4.40, php 5.5.24, php 5.6.8
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-06-25 04:45:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1066 normal SHIPPED_LIVE Important: php54 security and bug fix update 2015-06-05 11:42:20 EDT
Red Hat Product Errata RHSA-2015:1135 normal SHIPPED_LIVE Important: php security and bug fix update 2015-06-23 08:11:40 EDT
Red Hat Product Errata RHSA-2015:1186 normal SHIPPED_LIVE Important: php55-php security update 2015-06-25 08:31:54 EDT
Red Hat Product Errata RHSA-2015:1187 normal SHIPPED_LIVE Important: rh-php56-php security update 2015-06-25 08:43:17 EDT

  None (edit)
Description Vasyl Kaigorodov 2015-04-20 09:05:18 EDT 
PHP versions 5.4.40, 5.5.24 and 5.6.8 fix a vulnerability which potentially might allow a remote code execution with apache 2.4 apache2handler.

Upstream bug:
https://bugs.php.net/bug.php?id=69218

Upstream commit:
http://git.php.net/?p=php-src.git;a=commitdiff;h=809610f5ea38a83b284e1125d1fff129bdd615e7
Comment 3 Tomas Hoger 2015-05-29 10:48:06 EDT 
This only affects PHP versions used with httpd 2.4, which changed behaviour compared to earlier 2.2 versions.  Red Hat Enterprise Linux 6 and earlier provides httpd 2.2 and is therefore not affected.  Red Hat Software Collections provide multiple PHP versions - php54 collection uses system httpd version, and hence is only affected on Red Hat Enterprise Linux 7; php55 collection uses httpd from the httpd24 collection and hence is affected regardless of the Red Hat Enterprise Linux version.

Statement:

This issue did not affect PHP packages as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 4 Tomas Hoger 2015-05-29 10:49:51 EDT 
Related php-internals mailing list discussion:

http://thread.gmane.org/gmane.comp.php.devel/97347
Comment 10 Tomas Hoger 2015-06-05 10:47:27 EDT 
The PHP packages as shipped as part of the php54 collection in Red Hat Software Collections were updated to fixed upstream version 5.4.40 via RHSA-2015:1066 released as part of Red Hat Software Collections 2.0.


This issue has been addressed in the php54-php packages in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1066 https://rhn.redhat.com/errata/RHSA-2015-1066.html
Comment 11 errata-xmlrpc 2015-06-23 04:12:54 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1135 https://rhn.redhat.com/errata/RHSA-2015-1135.html
Comment 12 errata-xmlrpc 2015-06-25 04:32:11 EDT 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS

Via RHSA-2015:1186 https://rhn.redhat.com/errata/RHSA-2015-1186.html
Comment 13 errata-xmlrpc 2015-06-25 04:43:33 EDT 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS

Via RHSA-2015:1187 https://rhn.redhat.com/errata/RHSA-2015-1187.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.