/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2014-3710.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2014-3710.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sat Nov 1 13:01:52 2014 UTC (10 years ago) by vip-ire
Branch: MAIN
CVS Tags: php-5_3_3-17_el5_sme, HEAD
* Sat Nov 1 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-17.sme
- Resync with upstream php53, which include (see [SME: 8633])
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670

1 vip-ire 1.1 From 1803228597e82218a8c105e67975bc50e6f5bf0d Mon Sep 17 00:00:00 2001
2     From: Remi Collet <remi@php.net>
3     Date: Wed, 22 Oct 2014 15:37:04 +0200
4     Subject: [PATCH] Fix bug #68283: fileinfo: out-of-bounds read in elf note
5     headers
6    
7     Upstream commit
8     https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
9    
10     CVE -2014-3710
11     ---
12     ext/fileinfo/libmagic/readelf.c | 7 +++++++
13     1 file changed, 7 insertions(+)
14    
15     diff --git a/ext/fileinfo/libmagic/readelf.c b/ext/fileinfo/libmagic/readelf.c
16     index 1c3845f..bb6f70f 100644
17     --- a/ext/fileinfo/libmagic/readelf.c
18     +++ b/ext/fileinfo/libmagic/readelf.c
19     @@ -372,6 +372,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
20     #endif
21     uint32_t namesz, descsz;
22    
23     + if (xnh_sizeof + offset > size) {
24     + /*
25     + * We're out of note headers.
26     + */
27     + return xnh_sizeof + offset;
28     + }
29     +
30     (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
31     offset += xnh_sizeof;
32    
33     --
34     2.1.0
35    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed