/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2014-3480.patch
ViewVC logotype

Contents of /rpms/php/sme8/php-5.3.3-CVE-2014-3480.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Thu Aug 7 07:05:52 2014 UTC (10 years, 3 months ago) by vip-ire
Branch: MAIN
CVS Tags: php-5_3_3-17_el5_sme, php-5_3_3-15_el5_sme, php-5_3_3-16_el5_sme, HEAD
Error occurred while calculating annotation data.
* Thu Aug 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-15.sme
- Resync with upstream php53, which include (see [SME: 8515])
- core: type confusion issue in phpinfo(). CVE-2014-4721
- date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712
- core: fix heap-based buffer overflow in DNS TXT record parsing.
  CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage type
  confusion flaw. CVE-2014-3515
- fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270
- fileinfo: unrestricted recursion in handling of indirect type
  rules. CVE-2014-1943
- fileinfo: out of bounds read in CDF parser. CVE-2012-1571
- fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480
- fileinfo: cdf_unpack_summary_info() excessive looping
  DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
  loop. CVE-2014-0238

1 From 40bade80cbe2af1d0b2cd0420cebd5d5905a2382 Mon Sep 17 00:00:00 2001
2 From: Christos Zoulas <christos@zoulas.com>
3 Date: Wed, 4 Jun 2014 17:23:19 +0000
4 Subject: [PATCH] Fix incorrect bounds check for sector count. (Francisco
5 Alonso and Jan Kaluza at RedHat)
6
7 ---
8 src/cdf.c | 9 +++++----
9 1 file changed, 5 insertions(+), 4 deletions(-)
10
11 diff --git a/src/cdf.c b/src/cdf.c
12 index 375406c..6652581 100644
13 --- a/ext/fileinfo/libmagic/cdf.c
14 +++ b/ext/fileinfo/libmagic/cdf.c
15 @@ -455,7 +455,8 @@ size_t
16 cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size)
17 {
18 size_t i, j;
19 - cdf_secid_t maxsector = (cdf_secid_t)(sat->sat_len * size);
20 + cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size)
21 + / sizeof(maxsector));
22
23 DPRINTF(("Chain:"));
24 for (j = i = 0; sid >= 0; i++, j++) {
25 @@ -465,8 +466,8 @@ cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size)
26 errno = EFTYPE;
27 return (size_t)-1;
28 }
29 - if (sid > maxsector) {
30 - DPRINTF(("Sector %d > %d\n", sid, maxsector));
31 + if (sid >= maxsector) {
32 + DPRINTF(("Sector %d >= %d\n", sid, maxsector));
33 errno = EFTYPE;
34 return (size_t)-1;
35 }
36 --
37 1.9.3
38

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed