Bug 935225 - (CVE-2015-4604) VUL-0: CVE-2015-4604 CVE-2015-4605: php5,php53: denial of service when processing a crafted file with Fileinfo
VUL-0: CVE-2015-4604 CVE-2015-4605: php5,php53: denial of service when proces...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2015-06-18 09:36 UTC by Marcus Meissner
Modified: 2019-05-01 16:48 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

testcase (8.22 KB, application/x-php)
2015-06-18 13:30 UTC, Petr Gajdos

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-06-18 09:36:52 UTC
via https://bugzilla.redhat.com/show_bug.cgi?id=1213442

PHP versions 5.4.40, 5.5.24, and 5.6.8 provide a fix for PHP Fileinfo extension which could crash PHP process when processing a crafted file, causing a denial of service.

Upstream fix:

Upstream bug:
Comment 1 Petr Gajdos 2015-06-18 13:28:39 UTC
I was not able to reproduce in 13.1 and 12 and below. Also the php bugreport says:

This appears to have been introduced in August/September. The affected versions are:

all versions of 5.6

The redhat bug is more specific, it says this was introduced by fix for CVE-2014-3538 and as long as we do not ship this fix, only 13.2 is actually affected by CVE-2015-4604.
Comment 2 Petr Gajdos 2015-06-18 13:30:49 UTC
Created attachment 638362 [details]

$ zypper in php5, php5-fileinfo
$ php test.php
Segmentation fault
Comment 3 Petr Gajdos 2015-06-18 13:56:01 UTC
The important thing is, that CVE-2015-4604 and CVE-2015-4605 was fixed with the one commit:
Comment 5 Swamp Workflow Management 2015-07-06 08:06:01 UTC
openSUSE-SU-2015:1197-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 935224,935225,935226,935227,935232,935234,935274,935275
CVE References: CVE-2015-3411,CVE-2015-3412,CVE-2015-4598,CVE-2015-4599,CVE-2015-4600,CVE-2015-4601,CVE-2015-4602,CVE-2015-4603,CVE-2015-4604,CVE-2015-4605,CVE-2015-4643,CVE-2015-4644
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-30.6
openSUSE 13.1 (src):    php5-5.4.20-61.5
Comment 6 Marcus Meissner 2015-09-10 15:47:05 UTC
released (SLE not affected)