Bugzilla – Bug 837746
VUL-1: CVE-2013-4248: php5: attackers can perform man-in-the-middle attacks by specially crafting certificates
Last modified: 2014-07-07 17:04:51 UTC
mweckbecker@s3gfault:~$ cvedump.pl CVE-2013-4248 ====================================================== Name: CVE-2013-4248 The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Reference: CONFIRM: http://www.php.net/ChangeLog-5.php Reference: CONFIRM: http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897
bugbot adjusting priority
Original fix have an issue: https://bugzilla.redhat.com/show_bug.cgi?id=997097#c11
Ok. Might be fixed together with bnc#854880 ?
Testcase from http://git.php.net/?p=php-src.git;a=commitdiff;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755 fails for 5.3.17 and 5.2.14. Factory and 13.1 are not affected.
packages submitted
openSUSE-SU-2013:1963-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 837746,853045,854880 CVE References: CVE-2013-4248,CVE-2013-6420,CVE-2013-6712 Sources used: openSUSE 13.1 (src): php5-5.4.20-4.1 openSUSE 12.3 (src): php5-5.3.17-3.8.1 openSUSE 12.2 (src): php5-5.3.15-1.20.1
openSUSE-SU-2013:1964-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 837746,853045,854880 CVE References: CVE-2013-4248,CVE-2013-6420,CVE-2013-6712 Sources used: openSUSE 11.4 (src): php5-5.3.5-359.1
Update released for: apache2-mod_php5, php5, php5-bcmath, php5-bz2, php5-calendar, php5-ctype, php5-curl, php5-dba, php5-dbase, php5-debuginfo, php5-devel, php5-dom, php5-exif, php5-fastcgi, php5-ftp, php5-gd, php5-gettext, php5-gmp, php5-hash, php5-iconv, php5-imap, php5-json, php5-ldap, php5-mbstring, php5-mcrypt, php5-mhash, php5-mysql, php5-ncurses, php5-odbc, php5-openssl, php5-pcntl, php5-pdo, php5-pear, php5-pgsql, php5-posix, php5-pspell, php5-readline, php5-shmop, php5-snmp, php5-soap, php5-sockets, php5-sqlite, php5-suhosin, php5-sysvmsg, php5-sysvsem, php5-sysvshm, php5-tidy, php5-tokenizer, php5-wddx, php5-xmlreader, php5-xmlrpc, php5-xmlwriter, php5-xsl, php5-zip, php5-zlib Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: apache2-mod_php5, php5, php5-bcmath, php5-bz2, php5-calendar, php5-ctype, php5-curl, php5-dba, php5-dbase, php5-debuginfo, php5-debugsource, php5-devel, php5-dom, php5-exif, php5-fastcgi, php5-ftp, php5-gd, php5-gettext, php5-gmp, php5-hash, php5-iconv, php5-imap, php5-json, php5-ldap, php5-mbstring, php5-mcrypt, php5-mysql, php5-ncurses, php5-odbc, php5-openssl, php5-pcntl, php5-pdo, php5-pear, php5-pgsql, php5-posix, php5-pspell, php5-readline, php5-shmop, php5-snmp, php5-soap, php5-sockets, php5-sqlite, php5-suhosin, php5-sysvmsg, php5-sysvsem, php5-sysvshm, php5-tidy, php5-tokenizer, php5-wddx, php5-xmlreader, php5-xmlrpc, php5-xmlwriter, php5-xsl, php5-zip, php5-zlib Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
.
Update released for: apache2-mod_php53, php53, php53-bcmath, php53-bz2, php53-calendar, php53-ctype, php53-curl, php53-dba, php53-debuginfo, php53-debugsource, php53-devel, php53-dom, php53-enchant, php53-exif, php53-fastcgi, php53-fileinfo, php53-fpm, php53-ftp, php53-gd, php53-gettext, php53-gmp, php53-iconv, php53-imap, php53-intl, php53-json, php53-ldap, php53-mbstring, php53-mcrypt, php53-mysql, php53-odbc, php53-openssl, php53-pcntl, php53-pdo, php53-pear, php53-pgsql, php53-phar, php53-posix, php53-pspell, php53-readline, php53-shmop, php53-snmp, php53-soap, php53-sockets, php53-sqlite, php53-suhosin, php53-sysvmsg, php53-sysvsem, php53-sysvshm, php53-tidy, php53-tokenizer, php53-wddx, php53-xmlreader, php53-xmlrpc, php53-xmlwriter, php53-xsl, php53-zip, php53-zlib Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
Update released for: apache2-mod_php5, php5, php5-bcmath, php5-bz2, php5-calendar, php5-ctype, php5-curl, php5-dba, php5-dbase, php5-debuginfo, php5-debugsource, php5-devel, php5-dom, php5-exif, php5-fastcgi, php5-ftp, php5-gd, php5-gettext, php5-gmp, php5-hash, php5-iconv, php5-imap, php5-json, php5-ldap, php5-mbstring, php5-mcrypt, php5-mysql, php5-ncurses, php5-odbc, php5-openssl, php5-pcntl, php5-pdo, php5-pear, php5-pgsql, php5-posix, php5-pspell, php5-readline, php5-shmop, php5-snmp, php5-soap, php5-sockets, php5-sqlite, php5-suhosin, php5-sysvmsg, php5-sysvsem, php5-sysvshm, php5-tidy, php5-tokenizer, php5-wddx, php5-xmlreader, php5-xmlrpc, php5-xmlwriter, php5-xsl, php5-zip, php5-zlib Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: apache2-mod_php53, php53, php53-bcmath, php53-bz2, php53-calendar, php53-ctype, php53-curl, php53-dba, php53-debuginfo, php53-debugsource, php53-devel, php53-dom, php53-enchant, php53-exif, php53-fastcgi, php53-fileinfo, php53-fpm, php53-ftp, php53-gd, php53-gettext, php53-gmp, php53-iconv, php53-imap, php53-intl, php53-json, php53-ldap, php53-mbstring, php53-mcrypt, php53-mysql, php53-odbc, php53-openssl, php53-pcntl, php53-pdo, php53-pear, php53-pgsql, php53-phar, php53-posix, php53-pspell, php53-readline, php53-shmop, php53-snmp, php53-soap, php53-sockets, php53-sqlite, php53-suhosin, php53-sysvmsg, php53-sysvsem, php53-sysvshm, php53-tidy, php53-tokenizer, php53-wddx, php53-xmlreader, php53-xmlrpc, php53-xmlwriter, php53-xsl, php53-zip, php53-zlib Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
SUSE-SU-2014:0062-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 837746,854880 CVE References: CVE-2013-4248,CVE-2013-6420 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP2 (src): php5-5.2.14-0.7.30.50.1 SUSE Linux Enterprise Server 11 SP2 for VMware (src): php5-5.2.14-0.7.30.50.1 SUSE Linux Enterprise Server 11 SP2 (src): php5-5.2.14-0.7.30.50.1
SUSE-SU-2014:0063-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 837746,842676,853045,854880 CVE References: CVE-2013-4248,CVE-2013-6420,CVE-2013-6712 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): php53-5.3.17-0.17.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): php53-5.3.17-0.17.1 SUSE Linux Enterprise Server 11 SP3 (src): php53-5.3.17-0.17.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2014-06-26. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57809
Update released for: apache2-mod_php5, php5, php5-bcmath, php5-bz2, php5-calendar, php5-ctype, php5-curl, php5-dba, php5-dbase, php5-debuginfo, php5-devel, php5-dom, php5-exif, php5-fastcgi, php5-ftp, php5-gd, php5-gettext, php5-gmp, php5-hash, php5-iconv, php5-imap, php5-json, php5-ldap, php5-mbstring, php5-mcrypt, php5-mhash, php5-mysql, php5-ncurses, php5-odbc, php5-openssl, php5-pcntl, php5-pdo, php5-pear, php5-pgsql, php5-posix, php5-pspell, php5-readline, php5-shmop, php5-snmp, php5-soap, php5-sockets, php5-sqlite, php5-suhosin, php5-sysvmsg, php5-sysvsem, php5-sysvshm, php5-tidy, php5-tokenizer, php5-wddx, php5-xmlreader, php5-xmlrpc, php5-xmlwriter, php5-xsl, php5-zip, php5-zlib Products: SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64) SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Update released for: apache2-mod_php5, php5, php5-bcmath, php5-bz2, php5-calendar, php5-ctype, php5-curl, php5-dba, php5-dbase, php5-debuginfo, php5-devel, php5-dom, php5-exif, php5-fastcgi, php5-ftp, php5-gd, php5-gettext, php5-gmp, php5-hash, php5-iconv, php5-imap, php5-json, php5-ldap, php5-mbstring, php5-mcrypt, php5-mhash, php5-mysql, php5-ncurses, php5-odbc, php5-openssl, php5-pcntl, php5-pdo, php5-pear, php5-pgsql, php5-posix, php5-pspell, php5-readline, php5-shmop, php5-snmp, php5-soap, php5-sockets, php5-sqlite, php5-suhosin, php5-sysvmsg, php5-sysvsem, php5-sysvshm, php5-tidy, php5-tokenizer, php5-wddx, php5-xmlreader, php5-xmlrpc, php5-xmlwriter, php5-xsl, php5-zip, php5-zlib Products: SLE-DEBUGINFO 10-SP4 (i386, s390x, x86_64) SLE-SERVER 10-SP4-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0873-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 837746,854880,868624,882992 CVE References: CVE-2013-4248,CVE-2013-6420,CVE-2014-2497,CVE-2014-4049 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): php5-5.2.14-0.48.1 SUSE Linux Enterprise Server 10 SP3 LTSS (src): php5-5.2.14-0.48.1
Update released for: apache2-mod_php5, php5, php5-bcmath, php5-bz2, php5-calendar, php5-ctype, php5-curl, php5-dba, php5-dbase, php5-debuginfo, php5-debugsource, php5-devel, php5-dom, php5-exif, php5-fastcgi, php5-ftp, php5-gd, php5-gettext, php5-gmp, php5-hash, php5-iconv, php5-imap, php5-json, php5-ldap, php5-mbstring, php5-mcrypt, php5-mysql, php5-ncurses, php5-odbc, php5-openssl, php5-pcntl, php5-pdo, php5-pear, php5-pgsql, php5-posix, php5-pspell, php5-readline, php5-shmop, php5-snmp, php5-soap, php5-sockets, php5-sqlite, php5-suhosin, php5-sysvmsg, php5-sysvsem, php5-sysvshm, php5-tidy, php5-tokenizer, php5-wddx, php5-xmlreader, php5-xmlrpc, php5-xmlwriter, php5-xsl, php5-zip, php5-zlib Products: SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64) SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0873-2: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 837746,854880,868624,882992 CVE References: CVE-2013-4248,CVE-2013-6420,CVE-2014-2497,CVE-2014-4049 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): php5-5.2.14-0.7.30.54.1