1213394 – (CVE-2015-3330) CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4

Bug 1213394 (CVE-2015-3330) - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4

Summary: CVE-2015-3330 php: pipelined request executed in deinitialized interpreter un...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-3330
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1228070 1228071 1228072 1228073 1228074 1228075 1228076 1228077
Blocks:	1213462
TreeView+	depends on / blocked

Reported:	2015-04-20 13:05 UTC by Vasyl Kaigorodov
Modified:	2021-02-17 05:22 UTC (History)
CC List:	17 users (show)
Fixed In Version:	php 5.4.40, php 5.5.24, php 5.6.8
Doc Type:	Bug Fix
Doc Text:	A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code.
Clone Of:
Environment:
Last Closed:	2015-06-25 08:45:52 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1066	normal	SHIPPED_LIVE	Important: php54 security and bug fix update	2015-06-05 15:42:20 UTC
Red Hat Product Errata	RHSA-2015:1135	normal	SHIPPED_LIVE	Important: php security and bug fix update	2015-06-23 12:11:40 UTC
Red Hat Product Errata	RHSA-2015:1186	normal	SHIPPED_LIVE	Important: php55-php security update	2015-06-25 12:31:54 UTC
Red Hat Product Errata	RHSA-2015:1187	normal	SHIPPED_LIVE	Important: rh-php56-php security update	2015-06-25 12:43:17 UTC

Description Vasyl Kaigorodov 2015-04-20 13:05:18 UTC

PHP versions 5.4.40, 5.5.24 and 5.6.8 fix a vulnerability which potentially might allow a remote code execution with apache 2.4 apache2handler.

Upstream bug:
https://bugs.php.net/bug.php?id=69218

Upstream commit:
http://git.php.net/?p=php-src.git;a=commitdiff;h=809610f5ea38a83b284e1125d1fff129bdd615e7

Comment 3 Tomas Hoger 2015-05-29 14:48:06 UTC

This only affects PHP versions used with httpd 2.4, which changed behaviour compared to earlier 2.2 versions.  Red Hat Enterprise Linux 6 and earlier provides httpd 2.2 and is therefore not affected.  Red Hat Software Collections provide multiple PHP versions - php54 collection uses system httpd version, and hence is only affected on Red Hat Enterprise Linux 7; php55 collection uses httpd from the httpd24 collection and hence is affected regardless of the Red Hat Enterprise Linux version.

Statement:

This issue did not affect PHP packages as shipped with Red Hat Enterprise Linux 5 and 6.

Comment 4 Tomas Hoger 2015-05-29 14:49:51 UTC

Related php-internals mailing list discussion:

http://thread.gmane.org/gmane.comp.php.devel/97347

Comment 10 Tomas Hoger 2015-06-05 14:47:27 UTC

The PHP packages as shipped as part of the php54 collection in Red Hat Software Collections were updated to fixed upstream version 5.4.40 via RHSA-2015:1066 released as part of Red Hat Software Collections 2.0.


This issue has been addressed in the php54-php packages in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1066 https://rhn.redhat.com/errata/RHSA-2015-1066.html

Comment 11 errata-xmlrpc 2015-06-23 08:12:54 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1135 https://rhn.redhat.com/errata/RHSA-2015-1135.html

Comment 12 errata-xmlrpc 2015-06-25 08:32:11 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS

Via RHSA-2015:1186 https://rhn.redhat.com/errata/RHSA-2015-1186.html

Comment 13 errata-xmlrpc 2015-06-25 08:43:33 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS

Via RHSA-2015:1187 https://rhn.redhat.com/errata/RHSA-2015-1187.html

Note You need to log in before you can comment on or make changes to this bug.