Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150901060414.GB6620@suse.de>
Date: Tue, 1 Sep 2015 08:04:14 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>, security@....net,
	cve-assign@...re.org
Subject: Re: CVE Request: more php unserializing issues

Hi,

forgot to CC Mitre and PHP

Ciao, Marcus

On Wed, Aug 19, 2015 at 11:49:45AM +0200, Marcus Meissner wrote:
> Hi,
> 
> I am not sure these have CVE ids yet:
> 
> https://bugs.php.net/bug.php?id=70068
> Dangling pointer in the unserialization of ArrayObject items
> 	impact: remote code execution
> 
> 
> https://bugs.php.net/bug.php?id=70166
> https://bugs.php.net/bug.php?id=70155 (dup)
> Use After Free Vulnerability in unserialize() with SPLArrayObject
> 
> https://bugs.php.net/bug.php?id=70168
> Use After Free Vulnerability in unserialize() with SplObjectStorage
> 
> https://bugs.php.net/bug.php?id=70169
> Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
> 
> 
> These look like they can be exploited for code execution.
> 
> 
> https://bugs.php.net/bug.php?id=70019
> Files extracted from archive may be placed outside of destination directory
> 
> (indirect reference also  https://msisac.cisecurity.org/advisories/2015/2015-091.cfm
>  and the php release notes
>  http://php.net/ChangeLog-5.php#5.4.44
>  http://php.net/ChangeLog-5.php#5.5.28
>  http://php.net/ChangeLog-5.php#5.6.12
> )
> 
> Ciao, Marcus
> 

-- 
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@...e.de>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.