/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2014-3710.patch
ViewVC logotype

Contents of /rpms/php/sme8/php-5.3.3-CVE-2014-3710.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Sat Nov 1 13:01:52 2014 UTC (10 years, 1 month ago) by vip-ire
Branch: MAIN
CVS Tags: php-5_3_3-17_el5_sme, HEAD
* Sat Nov 1 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-17.sme
- Resync with upstream php53, which include (see [SME: 8633])
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670

1 From 1803228597e82218a8c105e67975bc50e6f5bf0d Mon Sep 17 00:00:00 2001
2 From: Remi Collet <remi@php.net>
3 Date: Wed, 22 Oct 2014 15:37:04 +0200
4 Subject: [PATCH] Fix bug #68283: fileinfo: out-of-bounds read in elf note
5 headers
6
7 Upstream commit
8 https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
9
10 CVE -2014-3710
11 ---
12 ext/fileinfo/libmagic/readelf.c | 7 +++++++
13 1 file changed, 7 insertions(+)
14
15 diff --git a/ext/fileinfo/libmagic/readelf.c b/ext/fileinfo/libmagic/readelf.c
16 index 1c3845f..bb6f70f 100644
17 --- a/ext/fileinfo/libmagic/readelf.c
18 +++ b/ext/fileinfo/libmagic/readelf.c
19 @@ -372,6 +372,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
20 #endif
21 uint32_t namesz, descsz;
22
23 + if (xnh_sizeof + offset > size) {
24 + /*
25 + * We're out of note headers.
26 + */
27 + return xnh_sizeof + offset;
28 + }
29 +
30 (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
31 offset += xnh_sizeof;
32
33 --
34 2.1.0
35

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed