Bug 1213394 (CVE-2015-3330) - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4
Summary: CVE-2015-3330 php: pipelined request executed in deinitialized interpreter un...
Status: CLOSED ERRATA
Alias: CVE-2015-3330
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20150416,repo...
Keywords: Security
Depends On: 1228070 1228071 1228072 1228073 1228074 1228075 1228076 1228077
Blocks: 1213462
TreeView+ depends on / blocked
 
Reported: 2015-04-20 13:05 UTC by Vasyl Kaigorodov
Modified: 2015-06-25 08:45 UTC (History)
17 users (show)

Fixed In Version: php 5.4.40, php 5.5.24, php 5.6.8
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-06-25 08:45:52 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1066 normal SHIPPED_LIVE Important: php54 security and bug fix update 2015-06-05 15:42:20 UTC
Red Hat Product Errata RHSA-2015:1135 normal SHIPPED_LIVE Important: php security and bug fix update 2015-06-23 12:11:40 UTC
Red Hat Product Errata RHSA-2015:1186 normal SHIPPED_LIVE Important: php55-php security update 2015-06-25 12:31:54 UTC
Red Hat Product Errata RHSA-2015:1187 normal SHIPPED_LIVE Important: rh-php56-php security update 2015-06-25 12:43:17 UTC

Description Vasyl Kaigorodov 2015-04-20 13:05:18 UTC
PHP versions 5.4.40, 5.5.24 and 5.6.8 fix a vulnerability which potentially might allow a remote code execution with apache 2.4 apache2handler.

Upstream bug:
https://bugs.php.net/bug.php?id=69218

Upstream commit:
http://git.php.net/?p=php-src.git;a=commitdiff;h=809610f5ea38a83b284e1125d1fff129bdd615e7

Comment 3 Tomas Hoger 2015-05-29 14:48:06 UTC
This only affects PHP versions used with httpd 2.4, which changed behaviour compared to earlier 2.2 versions.  Red Hat Enterprise Linux 6 and earlier provides httpd 2.2 and is therefore not affected.  Red Hat Software Collections provide multiple PHP versions - php54 collection uses system httpd version, and hence is only affected on Red Hat Enterprise Linux 7; php55 collection uses httpd from the httpd24 collection and hence is affected regardless of the Red Hat Enterprise Linux version.

Statement:

This issue did not affect PHP packages as shipped with Red Hat Enterprise Linux 5 and 6.

Comment 4 Tomas Hoger 2015-05-29 14:49:51 UTC
Related php-internals mailing list discussion:

http://thread.gmane.org/gmane.comp.php.devel/97347

Comment 10 Tomas Hoger 2015-06-05 14:47:27 UTC
The PHP packages as shipped as part of the php54 collection in Red Hat Software Collections were updated to fixed upstream version 5.4.40 via RHSA-2015:1066 released as part of Red Hat Software Collections 2.0.


This issue has been addressed in the php54-php packages in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1066 https://rhn.redhat.com/errata/RHSA-2015-1066.html

Comment 11 errata-xmlrpc 2015-06-23 08:12:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1135 https://rhn.redhat.com/errata/RHSA-2015-1135.html

Comment 12 errata-xmlrpc 2015-06-25 08:32:11 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS

Via RHSA-2015:1186 https://rhn.redhat.com/errata/RHSA-2015-1186.html

Comment 13 errata-xmlrpc 2015-06-25 08:43:33 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS

Via RHSA-2015:1187 https://rhn.redhat.com/errata/RHSA-2015-1187.html


Note You need to log in before you can comment on or make changes to this bug.