Bug 880904 - (CVE-2014-0238) VUL-0: CVE-2014-0238: php53: DoS in Fileinfo component
(CVE-2014-0238)
VUL-0: CVE-2014-0238: php53: DoS in Fileinfo component
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/99227/
maint:running:57886:important maint:r...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-02 09:12 UTC by Johannes Segitz
Modified: 2014-07-07 15:26 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2014-06-02 09:12:02 UTC
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP
before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial
of service (infinite loop or out-of-bounds memory access) via a vector that (1)
has zero length or (2) is too long.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1098155
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0238
http://www.debian.org/security/2014/dsa-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
https://bugs.php.net/bug.php?id=67327
https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0
Comment 1 Petr Gajdos 2014-06-02 09:57:24 UTC
Commit in
https://bugzilla.redhat.com/show_bug.cgi?id=1098155#c5
Comment 2 Petr Gajdos 2014-06-02 11:39:33 UTC
php 5.5.13 submitted into factory. devel:languages:php:php54/php5 updated to 5.4.29.
Comment 3 Petr Gajdos 2014-06-02 12:14:38 UTC
For php 5.2, fileinfo extension doesn't exist.
Comment 4 Petr Gajdos 2014-06-03 09:44:51 UTC
Packages submitted into php53/11sp2, php53/11sp3, php5/12.3, php5/13.1, php5/sle12.
Comment 6 SMASH SMASH 2014-06-03 12:05:14 UTC
Affected packages:

SLE-11-SP3: php53
Comment 7 Swamp Workflow Management 2014-06-03 12:06:01 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-06-17.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57647
Comment 9 Swamp Workflow Management 2014-06-12 15:05:54 UTC
openSUSE-SU-2014:0784-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 868624,875826,880904,880905
CVE References: CVE-2014-0185,CVE-2014-0237,CVE-2014-0238,CVE-2014-2497
Sources used:
openSUSE 13.1 (src):    php5-5.4.20-8.2
openSUSE 12.3 (src):    php5-5.3.17-3.12.2
openSUSE 12.2 (src):    php5-5.3.15-1.25.1
Comment 10 Swamp Workflow Management 2014-06-12 19:04:44 UTC
openSUSE-SU-2014:0786-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 868624,875826,880904,880905
CVE References: CVE-2014-0185,CVE-2014-0237,CVE-2014-0238,CVE-2014-2497
Sources used:
openSUSE 11.4 (src):    php5-5.3.5-363.2
Comment 12 Johannes Segitz 2014-06-20 12:43:05 UTC
Handled in MaintenanceTracker-57886
Comment 13 Swamp Workflow Management 2014-07-03 18:51:10 UTC
Update released for: apache2-mod_php53, php53, php53-bcmath, php53-bz2, php53-calendar, php53-ctype, php53-curl, php53-dba, php53-debuginfo, php53-debugsource, php53-devel, php53-dom, php53-enchant, php53-exif, php53-fastcgi, php53-fileinfo, php53-fpm, php53-ftp, php53-gd, php53-gettext, php53-gmp, php53-iconv, php53-imap, php53-intl, php53-json, php53-ldap, php53-mbstring, php53-mcrypt, php53-mysql, php53-odbc, php53-openssl, php53-pcntl, php53-pdo, php53-pear, php53-pgsql, php53-phar, php53-posix, php53-pspell, php53-readline, php53-shmop, php53-snmp, php53-soap, php53-sockets, php53-sqlite, php53-suhosin, php53-sysvmsg, php53-sysvsem, php53-sysvshm, php53-tidy, php53-tokenizer, php53-wddx, php53-xmlreader, php53-xmlrpc, php53-xmlwriter, php53-xsl, php53-zip, php53-zlib
Products:
SLE-DEBUGINFO 11-SP2 (i386, s390x, x86_64)
SLE-SERVER 11-SP2-LTSS (i386, s390x, x86_64)
Comment 14 Swamp Workflow Management 2014-07-03 19:58:02 UTC
Update released for: apache2-mod_php53, php53, php53-bcmath, php53-bz2, php53-calendar, php53-ctype, php53-curl, php53-dba, php53-debuginfo, php53-debugsource, php53-devel, php53-dom, php53-enchant, php53-exif, php53-fastcgi, php53-fileinfo, php53-fpm, php53-ftp, php53-gd, php53-gettext, php53-gmp, php53-iconv, php53-imap, php53-intl, php53-json, php53-ldap, php53-mbstring, php53-mcrypt, php53-mysql, php53-odbc, php53-openssl, php53-pcntl, php53-pdo, php53-pear, php53-pgsql, php53-phar, php53-posix, php53-pspell, php53-readline, php53-shmop, php53-snmp, php53-soap, php53-sockets, php53-sqlite, php53-suhosin, php53-sysvmsg, php53-sysvsem, php53-sysvshm, php53-tidy, php53-tokenizer, php53-wddx, php53-xmlreader, php53-xmlrpc, php53-xmlwriter, php53-xsl, php53-zip, php53-zlib
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 15 Swamp Workflow Management 2014-07-03 23:04:42 UTC
SUSE-SU-2014:0869-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 868624,880904,880905,882992
CVE References: CVE-2014-0237,CVE-2014-0238,CVE-2014-2497,CVE-2014-4049
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    php53-5.3.17-0.23.5
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    php53-5.3.17-0.23.5
SUSE Linux Enterprise Server 11 SP3 (src):    php53-5.3.17-0.23.5
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    php53-5.3.8-0.45.1
Comment 16 Marcus Meissner 2014-07-07 15:26:44 UTC
released