Stefan Esser reported a vulnerability in the PHP openssl extension. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. Acknowledgements: Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue.
This issue has been assigned CVE-2013-6420
Created attachment 831933 [details] Proposed patch
This has been corrected upstream in git: http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1814 https://rhn.redhat.com/errata/RHSA-2013-1814.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:1813 https://rhn.redhat.com/errata/RHSA-2013-1813.html
This issue has been addressed in following products: Red Hat Software Collections for RHEL-6 Via RHSA-2013:1815 https://rhn.redhat.com/errata/RHSA-2013-1815.html
Created php tracking bugs for this issue: Affects: fedora-all [bug 1040276]
This issue has been addressed in following products: Red Hat Enterprise Linux 5.6 EUS - Server Only Red Hat Enterprise Linux 5.9 EUS - Server Only Via RHSA-2013:1825 https://rhn.redhat.com/errata/RHSA-2013-1825.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5.3 Long Life Red Hat Enterprise Linux 5.6 EUS - Server Only Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only Red Hat Enterprise Linux 5.9 EUS - Server Only Via RHSA-2013:1824 https://rhn.redhat.com/errata/RHSA-2013-1824.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Extended Lifecycle Support Red Hat Enterprise Linux 3 Extended Lifecycle Support Via RHSA-2013:1826 https://rhn.redhat.com/errata/RHSA-2013-1826.html
This has now been corrected in upstream version 5.5.7: http://www.php.net/ChangeLog-5.php#5.5.7
php-5.5.7-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Stefan's advisory: https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html Also 5.3.28 and 5.4.23 are released to fix this as well. http://www.php.net/ChangeLog-5.php#5.3.28 http://www.php.net/ChangeLog-5.php#5.4.23
php-5.4.23-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
php-5.5.7-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
HackerOne report: https://hackerone.com/reports/523