Bug 880905 - (CVE-2014-0237) VUL-1: CVE-2014-0237: php53: Performance degradation by too many file_printf calls
(CVE-2014-0237)
VUL-1: CVE-2014-0237: php53: Performance degradation by too many file_printf ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/99226/
maint:running:57886:important maint:r...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-02 09:16 UTC by Johannes Segitz
Modified: 2014-07-07 15:26 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2014-06-02 09:16:04 UTC
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP
before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial
of service (performance degradation) by triggering many file_printf calls.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1098193
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0237
http://www.debian.org/security/2014/dsa-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
https://bugs.php.net/bug.php?id=67328
https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
Comment 1 Petr Gajdos 2014-06-02 09:53:28 UTC
Commit in
https://bugzilla.redhat.com/show_bug.cgi?id=1098193#c4
Comment 2 Petr Gajdos 2014-06-02 11:39:29 UTC
php 5.5.13 submitted into factory. devel:languages:php:php54/php5 updated to 5.4.29.
Comment 3 Petr Gajdos 2014-06-02 12:14:31 UTC
For php 5.2, fileinfo extension doesn't exist.
Comment 4 Petr Gajdos 2014-06-03 09:45:24 UTC
Packages submitted into php53/11sp2, php53/11sp3, php5/12.3, php5/13.1, php5/sle12.
Comment 6 Swamp Workflow Management 2014-06-03 12:05:51 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-06-17.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57647
Comment 8 Swamp Workflow Management 2014-06-12 15:06:09 UTC
openSUSE-SU-2014:0784-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 868624,875826,880904,880905
CVE References: CVE-2014-0185,CVE-2014-0237,CVE-2014-0238,CVE-2014-2497
Sources used:
openSUSE 13.1 (src):    php5-5.4.20-8.2
openSUSE 12.3 (src):    php5-5.3.17-3.12.2
openSUSE 12.2 (src):    php5-5.3.15-1.25.1
Comment 9 Swamp Workflow Management 2014-06-12 19:04:54 UTC
openSUSE-SU-2014:0786-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 868624,875826,880904,880905
CVE References: CVE-2014-0185,CVE-2014-0237,CVE-2014-0238,CVE-2014-2497
Sources used:
openSUSE 11.4 (src):    php5-5.3.5-363.2
Comment 11 Johannes Segitz 2014-06-20 12:42:10 UTC
Handled in MaintenanceTracker-57886
Comment 12 Swamp Workflow Management 2014-07-03 18:51:21 UTC
Update released for: apache2-mod_php53, php53, php53-bcmath, php53-bz2, php53-calendar, php53-ctype, php53-curl, php53-dba, php53-debuginfo, php53-debugsource, php53-devel, php53-dom, php53-enchant, php53-exif, php53-fastcgi, php53-fileinfo, php53-fpm, php53-ftp, php53-gd, php53-gettext, php53-gmp, php53-iconv, php53-imap, php53-intl, php53-json, php53-ldap, php53-mbstring, php53-mcrypt, php53-mysql, php53-odbc, php53-openssl, php53-pcntl, php53-pdo, php53-pear, php53-pgsql, php53-phar, php53-posix, php53-pspell, php53-readline, php53-shmop, php53-snmp, php53-soap, php53-sockets, php53-sqlite, php53-suhosin, php53-sysvmsg, php53-sysvsem, php53-sysvshm, php53-tidy, php53-tokenizer, php53-wddx, php53-xmlreader, php53-xmlrpc, php53-xmlwriter, php53-xsl, php53-zip, php53-zlib
Products:
SLE-DEBUGINFO 11-SP2 (i386, s390x, x86_64)
SLE-SERVER 11-SP2-LTSS (i386, s390x, x86_64)
Comment 13 Swamp Workflow Management 2014-07-03 19:58:12 UTC
Update released for: apache2-mod_php53, php53, php53-bcmath, php53-bz2, php53-calendar, php53-ctype, php53-curl, php53-dba, php53-debuginfo, php53-debugsource, php53-devel, php53-dom, php53-enchant, php53-exif, php53-fastcgi, php53-fileinfo, php53-fpm, php53-ftp, php53-gd, php53-gettext, php53-gmp, php53-iconv, php53-imap, php53-intl, php53-json, php53-ldap, php53-mbstring, php53-mcrypt, php53-mysql, php53-odbc, php53-openssl, php53-pcntl, php53-pdo, php53-pear, php53-pgsql, php53-phar, php53-posix, php53-pspell, php53-readline, php53-shmop, php53-snmp, php53-soap, php53-sockets, php53-sqlite, php53-suhosin, php53-sysvmsg, php53-sysvsem, php53-sysvshm, php53-tidy, php53-tokenizer, php53-wddx, php53-xmlreader, php53-xmlrpc, php53-xmlwriter, php53-xsl, php53-zip, php53-zlib
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 14 Swamp Workflow Management 2014-07-03 23:04:53 UTC
SUSE-SU-2014:0869-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 868624,880904,880905,882992
CVE References: CVE-2014-0237,CVE-2014-0238,CVE-2014-2497,CVE-2014-4049
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    php53-5.3.17-0.23.5
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    php53-5.3.17-0.23.5
SUSE Linux Enterprise Server 11 SP3 (src):    php53-5.3.17-0.23.5
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    php53-5.3.8-0.45.1
Comment 15 Marcus Meissner 2014-07-07 15:26:34 UTC
released