[oe-commits] Yue Tao : modphp: Security Advisory - php - CVE-2014-3597
git at git.openembedded.org
git at git.openembedded.org
Thu Oct 30 08:04:00 UTC 2014
Module: meta-openembedded.git
Branch: master
Commit: 8d50adfe536f3dc94313318f834946e634441c8a
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=8d50adfe536f3dc94313318f834946e634441c8a
Author: Yue Tao <Yue.Tao at windriver.com>
Date: Thu Oct 23 16:29:15 2014 +0800
modphp: Security Advisory - php - CVE-2014-3597
Multiple buffer overflows in the php_parserr function in
ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow
remote DNS servers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted DNS record, related to the
dns_get_record function and the dn_expand function. NOTE: this issue
exists because of an incomplete fix for CVE-2014-4049.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3597
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
.../modphp/files/php-CVE-2014-3597.patch | 282 +++++++++++++++++++++
meta-webserver/recipes-php/modphp/modphp5.inc | 1 +
2 files changed, 283 insertions(+)
Diff: http://git.openembedded.org/?p=meta-openembedded.git/?a=commitdiff;h=8d50adfe536f3dc94313318f834946e634441c8a
More information about the Openembedded-commits
mailing list