[arch-security] [ASA-201503-25] php: integer overflow
Christian Rebischke
chris.rebischke at gmail.com
Sat Mar 28 02:54:54 UTC 2015
Arch Linux Security Advisory ASA-201503-25
=========================================
Severity: high
Date : 2015-03-28
CVE-ID : CVE-2015-2331
Package : php
Type : integer overflow
Remote : yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
An integer overflow flaw, leading to a heap-based buffer overflow. This could
raise a crash of the application or is possible exploitable.
Resolution
==========
Upgrade to 5.6.7-1.
# pacman -Syu "php>=5.6.7-1"
The problem have been fixed upstream.
Workaround
==========
None.
Description
===========
An integer overflow flaw, leading to a heap-based buffer overflow, was found in
the way libzip, which is embedded in PHP, processed certain ZIP archives. If an
attacker were able to supply a specially crafted ZIP archive to an application
using libzip, it could cause the application to crash or, possibly, execute
arbitrary code.
Impact
======
An attacker could craft a certain ZIP archive to crash or exploit a libzip based
php application.
References
==========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-2331
https://bugs.php.net/bug.php?id=69253
https://security-tracker.debian.org/tracker/CVE-2015-2331
https://marc.info/?s=CVE-2015-2331&l=oss-security
https://www.rapid7.com/db/vulnerabilities/debian-DSA-3198
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150328/fdc632d2/attachment.asc>
More information about the arch-security
mailing list