diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-06-23 14:30:02 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-06-23 14:30:02 +0000 |
| commit | e247928fe478b2b12793939c54a70ec54aecc56d (patch) | |
| tree | eafdbe033d927a61a5c918057e3278b90b194dc5 | |
| parent | d55a9f01b6894e54eaadb528fd3c1eb058268774 (diff) | |
| download | aports-e247928fe478b2b12793939c54a70ec54aecc56d.tar.bz2 aports-e247928fe478b2b12793939c54a70ec54aecc56d.tar.xz | |
main/php: security fix for CVE-2014-4049
fixes #3063
| -rw-r--r-- | main/php/APKBUILD | 6 | ||||
| -rw-r--r-- | main/php/CVE-2014-4049.patch | 30 |
2 files changed, 34 insertions, 2 deletions
diff --git a/main/php/APKBUILD b/main/php/APKBUILD index 1e50374989..04edfb3332 100644 --- a/main/php/APKBUILD +++ b/main/php/APKBUILD @@ -3,7 +3,7 @@ pkgname=php pkgver=5.3.28 _suhosinver=5.3.9-0.9.10 -pkgrel=4 +pkgrel=5 pkgdesc="The PHP language runtime engine" url="http://www.php.net/" arch="all" @@ -82,6 +82,7 @@ source="http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2 CVE-2014-0185.patch CVE-2014-0237.patch CVE-2014-0238.patch + CVE-2014-4049.patch " _apiver="20090626" @@ -457,4 +458,5 @@ c099b3d7eac95018ababd41ded7f3066 suhosin-patch-5.3.9-0.9.10.patch.gz f2836636790a78ec058d3fe84045997a CVE-2013-7345.patch 66333db458742a20dda0b8a9be1900e5 CVE-2014-0185.patch 77a99e602cc93ec04b7c6995bba7748b CVE-2014-0237.patch -a038c00930d7021e1f485043deec65fc CVE-2014-0238.patch" +a038c00930d7021e1f485043deec65fc CVE-2014-0238.patch +bd763609e1a4cd15ba0142cb7e5bc7a4 CVE-2014-4049.patch" diff --git a/main/php/CVE-2014-4049.patch b/main/php/CVE-2014-4049.patch new file mode 100644 index 0000000000..c614d432c9 --- /dev/null +++ b/main/php/CVE-2014-4049.patch @@ -0,0 +1,30 @@ +From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001 +From: Sara Golemon <pollita@php.net> +Date: Tue, 10 Jun 2014 11:18:02 -0700 +Subject: [PATCH] Fix potential segfault in dns_get_record() + +If the remote sends us a packet with a malformed TXT record, +we could end up trying to over-consume the packet and wander +off into overruns. +--- + ext/standard/dns.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/ext/standard/dns.c b/ext/standard/dns.c +index 6a89446..214a7dc 100644 +--- a/ext/standard/dns.c ++++ b/ext/standard/dns.c +@@ -517,6 +517,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int + + while (ll < dlen) { + n = cp[ll]; ++ if ((ll + n) >= dlen) { ++ // Invalid chunk length, truncate ++ n = dlen - (ll + 1); ++ } + memcpy(tp + ll , cp + ll + 1, n); + add_next_index_stringl(entries, cp + ll + 1, n, 1); + ll = ll + n + 1; +-- +1.9.3 + |