Bug 1154503 (CVE-2014-3668) - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
Summary: CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in m...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-3668
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20141014,repor...
Depends On: 1154638 1154639 1155020 1155021 1155022 1155023 1155024
Blocks: 1149858 1154506
TreeView+ depends on / blocked
 
Reported: 2014-10-20 04:19 UTC by Murray McAllister
Modified: 2019-06-08 20:14 UTC (History)
8 users (show)

Fixed In Version: php 5.4.34, php 5.5.18, php 5.6.2
Doc Type: Bug Fix
Doc Text:
An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.
Clone Of:
Environment:
Last Closed: 2014-10-31 09:01:48 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:1765 normal SHIPPED_LIVE Important: php54-php security update 2014-10-30 23:45:24 UTC
PHP Bug Tracker 68027 None None None Never
Red Hat Product Errata RHSA-2014:1766 normal SHIPPED_LIVE Important: php55-php security update 2014-10-30 23:45:12 UTC
Red Hat Product Errata RHSA-2014:1767 normal SHIPPED_LIVE Important: php security update 2014-10-31 00:16:02 UTC
Red Hat Product Errata RHSA-2014:1768 normal SHIPPED_LIVE Important: php53 security update 2014-10-30 23:44:46 UTC

Description Murray McAllister 2014-10-20 04:19:46 UTC
An out-of-bounds read flaw was found in PHP's mkgmtime() function. This could possibly cause the PHP interpreter to crash.

This issue has been fixed in upstream versions 5.4.34, 5.5.18, and 5.6.2.

References:
http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e
https://bugs.php.net/bug.php?id=68027
http://php.net/ChangeLog-5.php

Comment 15 Martin Prpič 2014-10-30 11:11:17 UTC
IssueDescription:

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.

Comment 16 errata-xmlrpc 2014-10-30 19:45:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1768 https://rhn.redhat.com/errata/RHSA-2014-1768.html

Comment 17 errata-xmlrpc 2014-10-30 19:47:06 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html

Comment 18 errata-xmlrpc 2014-10-30 19:49:36 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html

Comment 19 errata-xmlrpc 2014-10-30 20:16:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2014:1767 https://rhn.redhat.com/errata/RHSA-2014-1767.html

Comment 20 Tomas Hoger 2014-10-31 09:01:48 UTC
Statement:

This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5.


Note You need to log in before you can comment on or make changes to this bug.