[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
This bug was fixed in the package php5 - 5.2.6.dfsg.1-3ubuntu4.4 --- php5 (5.2.6.dfsg.1-3ubuntu4.4) jaunty-security; urgency=low * SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313) - debian/patches/CVE-2009-3291.patch: validate certificate's CN length in ext/openssl/openssl.c. - CVE-2009-3291 * SECURITY UPDATE: denial of service via malformed exif images (LP: #446313) - debian/patches/CVE-2009-3292.patch: check length, return codes, and nesting level in ext/exif/exif.c. - CVE-2009-3292 * SECURITY UPDATE: safe_mode bypass via tempam function - debian/patches/CVE-2009-3557.patch: check for safe_mode in ext/standard/file.c. - CVE-2009-3557 * SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo - debian/patches/CVE-2009-3558.patch: check for open_basedir in ext/posix/posix.c. - CVE-2009-3558 * SECURITY UPDATE: denial of service via large number of files in form-data POST request. - debian/patches/CVE-2009-4017.patch: introduce new max_file_uploads directive and enforce in main/main.c, main/rfc1867.c. - ATTENTION: this update changes previous php5 behaviour by limiting the number of files in a POST request to 50. This may be increased by adding a max_file_uploads directive to the php.ini configuration file. - CVE-2009-4017 * SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open() - debian/patches/CVE-2009-4018.patch: add safe_mode check in ext/standard/proc_open.c - CVE-2009-4018 * debian/patches/fix-xmlrpc-datetime.diff - Prevent stack smashing when using xmlrpc and datetime. (LP: #239513) -- Marc Deslauriers marc.deslauri...@ubuntu.com Thu, 26 Nov 2009 08:05:57 -0500 ** Changed in: php5 (Ubuntu Jaunty) Status: Triaged = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3291 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3292 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3557 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3558 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-4017 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-4018 ** Changed in: php5 (Ubuntu Intrepid) Status: Confirmed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-7068 -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
This bug was fixed in the package php5 - 5.2.6-2ubuntu4.5 --- php5 (5.2.6-2ubuntu4.5) intrepid-security; urgency=low * SECURITY UPDATE: file truncation via key with null byte - debian/patches/CVE-2008-7068.patch: make sure key and value are sane in ext/dba/libinifile/inifile.c. - CVE-2008-7068 * SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313) - debian/patches/CVE-2009-3291.patch: validate certificate's CN length in ext/openssl/openssl.c. - CVE-2009-3291 * SECURITY UPDATE: denial of service via malformed exif images (LP: #446313) - debian/patches/CVE-2009-3292.patch: check length, return codes, and nesting level in ext/exif/exif.c. - CVE-2009-3292 * SECURITY UPDATE: safe_mode bypass via tempam function - debian/patches/CVE-2009-3557.patch: check for safe_mode in ext/standard/file.c. - CVE-2009-3557 * SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo - debian/patches/CVE-2009-3558.patch: check for open_basedir in ext/posix/posix.c. - CVE-2009-3558 * SECURITY UPDATE: denial of service via large number of files in form-data POST request. - debian/patches/CVE-2009-4017.patch: introduce new max_file_uploads directive and enforce in main/main.c, main/rfc1867.c. - ATTENTION: this update changes previous php5 behaviour by limiting the number of files in a POST request to 50. This may be increased by adding a max_file_uploads directive to the php.ini configuration file. - CVE-2009-4017 * SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open() - debian/patches/CVE-2009-4018.patch: add safe_mode check in ext/standard/proc_open.c - CVE-2009-4018 * debian/patches/fix-xmlrpc-datetime.diff - Prevent stack smashing when using xmlrpc and datetime. (LP: #239513) -- Marc Deslauriers marc.deslauri...@ubuntu.com Thu, 26 Nov 2009 08:06:47 -0500 -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
** Branch linked: lp:ubuntu/intrepid-security/php5 ** Branch linked: lp:ubuntu/jaunty-security/php5 -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
** Changed in: php5 (Ubuntu Intrepid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: php5 (Ubuntu Jaunty) Assignee: Chuck Short (zulcss) = Marc Deslauriers (mdeslaur) -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
This is still an issue in Intrepid also. ** Changed in: php5 (Ubuntu Intrepid) Status: New = Confirmed -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
Per mdeslaurs (and confirmed by myself), this is still an issue in jaunty; re-opening. ** Changed in: php5 (Ubuntu Jaunty) Status: Fix Released = Triaged -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
This should already be fixed. ** Changed in: php5 (Ubuntu Jaunty) Status: In Progress = Fix Released -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
This bug was fixed in the package php5 - 5.2.4-2ubuntu5.4 --- php5 (5.2.4-2ubuntu5.4) hardy-proposed; urgency=low * debian/rules: - Use system tzdata. * debian/patches/use_embedded_timezonedb.patch - Patch taken from intrepid, allows us to default to using the system provided timezone database insteam of the one bundled with PHP. (LP: #279980) * debian/patches/fix-xmlrpc-datetime.diff - Patch taken from php CVS, prevents stack smashing when using xmlrpc and datetime. (LP: #239513) -- Chuck Short [EMAIL PROTECTED] Wed, 22 Oct 2008 13:08:33 + ** Changed in: php5 (Ubuntu Hardy) Status: Fix Committed = Fix Released -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
Chuck, please fix this in Jaunty ASAP. ** Changed in: php5 (Ubuntu Jaunty) Assignee: (unassigned) = Chuck Short (zulcss) -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
I am able to reproduce this error with php5-xmlrpc 5.2.4-2ubuntu5.3 from hardy-updates on i386, and can confirm that php5-xmlrpc 5.2.4-2ubuntu5.4 in hardy-proposed address the issue. It also passes the security team's regression tests (I've added the above to their testsuite). More checks for regressions would be useful, though. ** Tags added: verification-done ** Tags removed: verification-needed -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
One last comment: I rebuilt the php package (on i386) using the sources in hardy-proposed; as part of its build, php runs a fairly extensive set of regression tests. There are a couple of new failures versus the results (recorded in the security team's qa-regression-testing bzr tree) from 5.2.4-2ubuntu5.3: Bug #20382 [2] (strtotime (Monday, $date) produces wrong result on DST changeover) [ext/date/tests/bug20382-2.phpt] Bug #41567 (json_encode() double conversion is inconsistent with PHP) [ext/json/tests/bug41567.phpt] microtime() function [ext/standard/tests/time/001.phpt] (warn: system dependent) None of these looks very serious, but might be worth double-checking. Thanks. -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
Accepted into hardy-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: php5 (Ubuntu Hardy) Status: New = Fix Committed ** Tags added: verification-needed -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
I rejected the 5.2.4-2ubuntu5.4 upload. Its changelog referred to the fix for this bug, but the upload didn't actually include it. Please upload a new version with this patch actually applied. While you are at it, please clean up use_embedded_timezonedb.patch to not contain the .orig file. Thanks! -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
This bug has been fixed for jaunty. With the following patch attached this does not happen anymore. I have included the patch for your review. Steps to Reproduce: 1. On i386 install php5-cgi php5-libxml. 2. Run the script in the above bug-report. 3. Expected result is that it doesnt cause PHP to have a stack smashing. If you have any questions please let me know. Regards chuck ** Summary changed: - stack smashing detected when calling xmlrpc_set_type + [SRU] stack smashing detected when calling xmlrpc_set_type -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type
** Attachment added: fix-xmlrpc-datetime.diff http://launchpadlibrarian.net/19835274/fix-xmlrpc-datetime.diff -- [SRU] stack smashing detected when calling xmlrpc_set_type https://bugs.launchpad.net/bugs/239513 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
