ELSA-2015-1135

Описание

[5.4.16-36]

• fix more functions accept paths with NUL character #1213407

[5.4.16-35]

• core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024
• fix various functions accept paths with NUL character CVE-2015-4025, CVE-2015-4026, #1213407
• fileinfo: fix denial of service when processing a crafted file #1213442
• ftp: fix integer overflow leading to heap overflow when reading FTP file listing CVE-2015-4022
• phar: fix buffer over-read in metadata parsing CVE-2015-2783
• phar: invalid pointer free() in phar_tar_process_metadata() CVE-2015-3307
• phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
• phar: fix memory corruption in phar_parse_tarfile caused by empty entry file name CVE-2015-4021
• soap: fix type confusion through unserialize #1222538
• apache2handler: fix pipelined request executed in deinitialized interpreter under httpd 2.4 CVE-2015-3330

[5.4.16-34]

• fix memory corruption in fileinfo module on big endian machines #1082624
• fix segfault in pdo_odbc on x86_64 #1159892
• fix segfault in gmp allocator #1154760

[5.4.16-33]

• core: use after free vulnerability in unserialize() CVE-2014-8142 and CVE-2015-0231
• core: fix use-after-free in unserialize CVE-2015-2787
• core: fix NUL byte injection in file name argument of move_uploaded_file() CVE-2015-2348
• date: use after free vulnerability in unserialize CVE-2015-0273
• enchant: fix heap buffer overflow in enchant_broker_request_dict CVE-2014-9705
• exif: free called on unitialized pointer CVE-2015-0232
• fileinfo: fix out of bounds read in mconvert CVE-2014-9652
• gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709
• phar: use after free in phar_object.c CVE-2015-2301
• soap: fix type confusion through unserialize

[5.4.16-31]

• fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710

[5.4.16-29]

• xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
• core: fix integer overflow in unserialize() CVE-2014-3669
• exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670

[5.4.16-27]

• gd: fix NULL pointer dereference in gdImageCreateFromXpm(). CVE-2014-2497
• gd: fix NUL byte injection in file names. CVE-2014-5120
• fileinfo: fix extensive backtracking in regular expression (incomplete fix for CVE-2013-7345). CVE-2014-3538
• fileinfo: fix mconvert incorrect handling of truncated pascal string size. CVE-2014-3478
• fileinfo: fix cdf_read_property_info (incomplete fix for CVE-2012-1571). CVE-2014-3587
• spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698
• spl: fix use-after-free in SPL Iterators. CVE-2014-4670
• network: fix segfault in dns_get_record (incomplete fix for CVE-2014-4049). CVE-2014-3597

[5.4.16-25]

• fix segfault after startup on aarch64 (#1107567)
• compile php with -O3 on ppc64le (#1123499)