Resolved Bugs
1221178 – wpa_supplicant and hostapd: integer underflow in AP mode WMM Action frame processing
1221553 – wpa_supplicant and hostapd: integer underflow in AP mode WMM Action frame processing [fedora-all]<br
Security update for integer underflow in AP mode WMM Action frame processing.
Monthly Archives: May 2015
Fedora 21 Security Update: libinfinity-0.6.6-1.fc21
Fedora 20 Security Update: php-5.5.25-1.fc20
Resolved Bugs
1223402 – CVE-2015-4024 php: PHP Multipart/form-data remote dos Vulnerability [fedora-all]
1223408 – CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
1223422 – CVE-2015-4026 php: pcntl_exec() does not check path validity
1223425 – CVE-2015-4021 php: memory corruption in phar_parse_tarfile when entry filename starts with NULL
1222485 – CVE-2015-4024 PHP Multipart/form-data remote dos Vulnerability
1223447 – CVE-2015-4021 CVE-2015-4025 CVE-2015-4026 php: various flaws [fedora-all]
1223412 – CVE-2015-4022 php: integer overflow on reading FTP server data leading to heap overflow<br
14 May 2015, **PHP 5.5.25**
**Core:**
* Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
* Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)
* Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
* Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
* Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)
* Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
* Fixed bug #60022 (“use statement […] has no effect” depends on leading backslash). (Nikita)
* Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)
* Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
* Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)
* Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)
**FTP:**
* Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)
**ODBC:**
* Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)
* Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)
**OpenSSL:**
* Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)
**PCNTL:**
* Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)
**Phar:**
* Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)
Fedora 21 Security Update: php-5.6.9-1.fc21
Resolved Bugs
1222485 – CVE-2015-4024 PHP Multipart/form-data remote dos Vulnerability
1223402 – CVE-2015-4024 php: PHP Multipart/form-data remote dos Vulnerability [fedora-all]
1223447 – CVE-2015-4021 CVE-2015-4025 CVE-2015-4026 php: various flaws [fedora-all]
1223408 – CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
1223412 – CVE-2015-4022 php: integer overflow on reading FTP server data leading to heap overflow
1223422 – CVE-2015-4026 php: pcntl_exec() does not check path validity
1223425 – CVE-2015-4021 php: memory corruption in phar_parse_tarfile when entry filename starts with NULL<br
14 May 2015, **PHP 5.6.9**
Core:
* Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)
* Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
* Fixed bug #60022 (“use statement […] has no effect” depends on leading backslash). (Nikita)
* Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)
* Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
* Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)
* Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)
* Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
* Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)
* Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
* Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
FTP:
* Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)
ODBC:
* Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). (Anatol)
* Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)
* Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)
OpenSSL:
* Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)
PCNTL:
* Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)
PCRE:
* Upgraded pcrelib to 8.37.
Phar:
* Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)
Fedora 21 Security Update: hostapd-2.4-2.fc21
Fedora 20 Security Update: libinfinity-0.6.6-1.fc20
Red Hat Security Advisory 2015-1011-01
Red Hat Security Advisory 2015-1011-01 – The rhev-hypervisor packages provide a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An out-of-bounds memory access flaw was found in the way QEMU’s virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host’s QEMU process corresponding to the guest.