Bugzilla – Bug 935225
VUL-0: CVE-2015-4604 CVE-2015-4605: php5,php53: denial of service when processing a crafted file with Fileinfo
Last modified: 2019-05-01 16:48:23 UTC
via https://bugzilla.redhat.com/show_bug.cgi?id=1213442 PHP versions 5.4.40, 5.5.24, and 5.6.8 provide a fix for PHP Fileinfo extension which could crash PHP process when processing a crafted file, causing a denial of service. Upstream fix: http://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd Upstream bug: https://bugs.php.net/bug.php?id=68819
I was not able to reproduce in 13.1 and 12 and below. Also the php bugreport says: -------------- This appears to have been introduced in August/September. The affected versions are: 5.4.32+ 5.5.16+ all versions of 5.6 7@20140901 [...] ------------ The redhat bug is more specific, it says this was introduced by fix for CVE-2014-3538 and as long as we do not ship this fix, only 13.2 is actually affected by CVE-2015-4604.
Created attachment 638362 [details] testcase $ zypper in php5, php5-fileinfo $ php test.php Segmentation fault $
The important thing is, that CVE-2015-4604 and CVE-2015-4605 was fixed with the one commit: http://seclists.org/oss-sec/2015/q2/727
openSUSE-SU-2015:1197-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 935224,935225,935226,935227,935232,935234,935274,935275 CVE References: CVE-2015-3411,CVE-2015-3412,CVE-2015-4598,CVE-2015-4599,CVE-2015-4600,CVE-2015-4601,CVE-2015-4602,CVE-2015-4603,CVE-2015-4604,CVE-2015-4605,CVE-2015-4643,CVE-2015-4644 Sources used: openSUSE 13.2 (src): php5-5.6.1-30.6 openSUSE 13.1 (src): php5-5.4.20-61.5
released (SLE not affected)