| Errata ID | 341 |
|---|---|
| Date | 2018-04-18 |
| Source package | php5 |
| Fixed in version | 5.6.33+dfsg-0+deb8u1 |
| Description | This update addresses the following issues: * The openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. (CVE-2017-11144) * An invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. (CVE-2017-11143) * An error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist. (CVE-2017-11145) * A stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. (CVE-2017-11628) * The finish_nested_data function in ext/standard/var_unserializer.re is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. (CVE-2017-12933) * Remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. (CVE-2017-11142) * An error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. (CVE-2017-16642) |
| Additional notes | |
| CVE ID | CVE-2017-11144 CVE-2017-11143 CVE-2017-11145 CVE-2017-11628 CVE-2017-12933 CVE-2017-11142 CVE-2017-16642 |
| UCS Bug number | #46154 |
