Date: Fri, 3 Feb 2012 08:21:51 GMT From: Andrei Lavreniyuk <andy.lavr@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/164730: [SECURITY] Critical PHP Remote Vulnerability (PHP 5.3.9) lang/php5 Message-ID: <201202030821.q138LpiA081084@red.freebsd.org> Resent-Message-ID: <201202030830.q138UCOC012417@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 164730 >Category: ports >Synopsis: [SECURITY] Critical PHP Remote Vulnerability (PHP 5.3.9) lang/php5 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Feb 03 08:30:12 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Andrei Lavreniyuk >Release: FreeBSD 9.0-STABLE >Organization: Technica-03, Inc. >Environment: FreeBSD datacenter.technica-03.local 9.0-STABLE FreeBSD 9.0-STABLE #0: Thu Feb 2 11:11:50 EET 2012 root@datacenter.technica-03.local:/usr/obj/usr/src/sys/SMP64 amd64 >Description: http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ >How-To-Repeat: >Fix: Patch attached with submission follows: --- main/php_variables.c.orig 2012-01-01 15:15:04.000000000 +0200 +++ main/php_variables.c 2012-02-03 09:39:44.692970733 +0200 @@ -198,6 +198,9 @@ MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + } else { + efree(var_orig); + return; } } if (index != escaped_index) { >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202030821.q138LpiA081084>