Bugzilla – Bug 902368
VUL-0: CVE-2014-3668 php5: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
Last modified: 2016-06-21 11:11:33 UTC
CVE-2014-3668 An out-of-bounds read flaw was found in PHP's mkgmtime() function. This could possibly cause the PHP interpreter to crash. This issue has been fixed in upstream versions 5.4.34, 5.5.18, and 5.6.2. References: http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e https://bugs.php.net/bug.php?id=68027 http://php.net/ChangeLog-5.php https://bugzilla.redhat.com/show_bug.cgi?id=1154503 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3668 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (902368) was mentioned in https://build.opensuse.org/request/show/258495 13.2 / php5
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2014-11-10. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/59489
Thanks for the submits, Petr. Is SLE also affected and if so which distros (same for the other 2 issues)?
12: sr#45633 11sp3: sr#45629 11: sr#45627 10sp3: sr#45628 12.3, 13.1: mr#258523 I don't exactly now how to submit against 13.2, I'll try later.
openSUSE-SU-2014:1377-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 902357,902360,902368 CVE References: CVE-2014-3668,CVE-2014-3669,CVE-2014-3670 Sources used: openSUSE 13.1 (src): php5-5.4.20-34.3 openSUSE 12.3 (src): php5-5.3.17-3.38.2
openSUSE-SU-2014:1391-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 902357,902360,902368 CVE References: CVE-2014-3668,CVE-2014-3669,CVE-2014-3670 Sources used: openSUSE 13.2 (src): php5-5.6.1-4.1
SUSE-SU-2014:1441-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 902357,902360,902368 CVE References: CVE-2014-3668,CVE-2014-3669,CVE-2014-3670 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): php53-5.3.17-0.31.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): php53-5.3.17-0.31.1 SUSE Linux Enterprise Server 11 SP3 (src): php53-5.3.17-0.31.1
SUSE-SU-2014:1497-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 902357,902360,902368 CVE References: CVE-2014-3668,CVE-2014-3669,CVE-2014-3670 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): php5-5.5.14-7.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-7.1
update released
openSUSE-SU-2014:1733-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 902357,902360,902368 CVE References: CVE-2014-3668,CVE-2014-3669,CVE-2014-3670 Sources used: openSUSE Evergreen 11.4 (src): php5-5.3.17-387.1
openSUSE-SU-2015:0014-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 902357,902360,902368 CVE References: CVE-2014-3668,CVE-2014-3669,CVE-2014-3670 Sources used: openSUSE Evergreen 11.4 (src): php5-5.3.17-387.2
SUSE-SU-2016:1638-1: An update that fixes 85 vulnerabilities is now available. Category: security (important) Bug References: 884986,884987,884989,884990,884991,884992,885961,886059,886060,893849,893853,902357,902360,902368,910659,914690,917150,918768,919080,921950,922451,922452,923945,924972,925109,928506,928511,931421,931769,931772,931776,933227,935074,935224,935226,935227,935229,935232,935234,935274,935275,938719,938721,942291,942296,945412,945428,949961,968284,969821,971611,971612,971912,973351,973792,976996,976997,977003,977005,977991,977994,978827,978828,978829,978830,980366,980373,980375,981050,982010,982011,982012,982013,982162 CVE References: CVE-2004-1019,CVE-2006-7243,CVE-2014-0207,CVE-2014-3478,CVE-2014-3479,CVE-2014-3480,CVE-2014-3487,CVE-2014-3515,CVE-2014-3597,CVE-2014-3668,CVE-2014-3669,CVE-2014-3670,CVE-2014-4049,CVE-2014-4670,CVE-2014-4698,CVE-2014-4721,CVE-2014-5459,CVE-2014-8142,CVE-2014-9652,CVE-2014-9705,CVE-2014-9709,CVE-2014-9767,CVE-2015-0231,CVE-2015-0232,CVE-2015-0273,CVE-2015-1352,CVE-2015-2301,CVE-2015-2305,CVE-2015-2783,CVE-2015-2787,CVE-2015-3152,CVE-2015-3329,CVE-2015-3411,CVE-2015-3412,CVE-2015-4021,CVE-2015-4022,CVE-2015-4024,CVE-2015-4026,CVE-2015-4116,CVE-2015-4148,CVE-2015-4598,CVE-2015-4599,CVE-2015-4600,CVE-2015-4601,CVE-2015-4602,CVE-2015-4603,CVE-2015-4643,CVE-2015-4644,CVE-2015-5161,CVE-2015-5589,CVE-2015-5590,CVE-2015-6831,CVE-2015-6833,CVE-2015-6836,CVE-2015-6837,CVE-2015-6838,CVE-2015-7803,CVE-2015-8835,CVE-2015-8838,CVE-2015-8866,CVE-2015-8867,CVE-2015-8873,CVE-2015-8874,CVE-2015-8879,CVE-2016-2554,CVE-2016-3141,CVE-2016-3142,CVE-2016-3185,CVE-2016-4070,CVE-2016-4073,CVE-2016-4342,CVE-2016-4346,CVE-2016-4537,CVE-2016-4538,CVE-2016-4539,CVE-2016-4540,CVE-2016-4541,CVE-2016-4542,CVE-2016-4543,CVE-2016-4544,CVE-2016-5093,CVE-2016-5094,CVE-2016-5095,CVE-2016-5096,CVE-2016-5114 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): php53-5.3.17-47.1