Bugzilla – Bug 853045
VUL-1: CVE-2013-6712: php5/php53: overflow in dateinterval parser
Last modified: 2020-05-18 11:53:31 UTC
CVE-2013-6712, via cve db Name: CVE-2013-6712 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712 Assigned: 20131108 Reference: https://bugs.php.net/bug.php?id=66060 Reference: http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (853045) was mentioned in https://build.opensuse.org/request/show/209271 Factory / php5
packages submitted
openSUSE-SU-2013:1963-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 837746,853045,854880 CVE References: CVE-2013-4248,CVE-2013-6420,CVE-2013-6712 Sources used: openSUSE 13.1 (src): php5-5.4.20-4.1 openSUSE 12.3 (src): php5-5.3.17-3.8.1 openSUSE 12.2 (src): php5-5.3.15-1.20.1
openSUSE-SU-2013:1964-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 837746,853045,854880 CVE References: CVE-2013-4248,CVE-2013-6420,CVE-2013-6712 Sources used: openSUSE 11.4 (src): php5-5.3.5-359.1
Update released for: apache2-mod_php53, php53, php53-bcmath, php53-bz2, php53-calendar, php53-ctype, php53-curl, php53-dba, php53-debuginfo, php53-debugsource, php53-devel, php53-dom, php53-enchant, php53-exif, php53-fastcgi, php53-fileinfo, php53-fpm, php53-ftp, php53-gd, php53-gettext, php53-gmp, php53-iconv, php53-imap, php53-intl, php53-json, php53-ldap, php53-mbstring, php53-mcrypt, php53-mysql, php53-odbc, php53-openssl, php53-pcntl, php53-pdo, php53-pear, php53-pgsql, php53-phar, php53-posix, php53-pspell, php53-readline, php53-shmop, php53-snmp, php53-soap, php53-sockets, php53-sqlite, php53-suhosin, php53-sysvmsg, php53-sysvsem, php53-sysvshm, php53-tidy, php53-tokenizer, php53-wddx, php53-xmlreader, php53-xmlrpc, php53-xmlwriter, php53-xsl, php53-zip, php53-zlib Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
Update released for: apache2-mod_php53, php53, php53-bcmath, php53-bz2, php53-calendar, php53-ctype, php53-curl, php53-dba, php53-debuginfo, php53-debugsource, php53-devel, php53-dom, php53-enchant, php53-exif, php53-fastcgi, php53-fileinfo, php53-fpm, php53-ftp, php53-gd, php53-gettext, php53-gmp, php53-iconv, php53-imap, php53-intl, php53-json, php53-ldap, php53-mbstring, php53-mcrypt, php53-mysql, php53-odbc, php53-openssl, php53-pcntl, php53-pdo, php53-pear, php53-pgsql, php53-phar, php53-posix, php53-pspell, php53-readline, php53-shmop, php53-snmp, php53-soap, php53-sockets, php53-sqlite, php53-suhosin, php53-sysvmsg, php53-sysvsem, php53-sysvshm, php53-tidy, php53-tokenizer, php53-wddx, php53-xmlreader, php53-xmlrpc, php53-xmlwriter, php53-xsl, php53-zip, php53-zlib Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
SUSE-SU-2014:0063-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 837746,842676,853045,854880 CVE References: CVE-2013-4248,CVE-2013-6420,CVE-2013-6712 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): php53-5.3.17-0.17.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): php53-5.3.17-0.17.1 SUSE Linux Enterprise Server 11 SP3 (src): php53-5.3.17-0.17.1
done