Debian Bug report logs -
#365311
CVE-2006-1990/CVE-2006-1991: Security vulnerabilities in php
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Sat, 29 Apr 2006 06:48:02 UTC
Severity: grave
Tags: security
Found in version php4/4:4.4.2-1
Fixed in version php4/4:4.4.2-1.1
Done: "Steinar H. Gunderson" <sesse@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
:
Bug#365311
; Package php4
.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>
:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: php4
Version: 4:4.4.2-1
Severity: grave
Three security vulnerabilites have been found in php.
See http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02
i. PHP4/PHP5 wordwrap() buffer overflow
CVE-2006-1990:
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and
5.1.2 might allow context-dependent attackers to execute arbitrary
code via certain long arguments that cause a small buffer to be
allocated, which triggers a heap-based buffer overflow in a memcpy
function call, a different vulnerability than CVE-2002-1396.
ii. PHP4/PHP5 array_fill() DoS condition
Function array_fill() fills an array with 'num' entries with the value
of the 'value' parameter keys starting at the 'start_index'
parameter. It is possible to set a large 'num' value (counter for
while() loop) that will consume whole system memory in a few seconds
and make system unusable. It is important to notice that large memory
consumption is possible only on systems that have high value
of 'memory_limit' set in php.ini.
iii. PHP5 substr_compare() DoS condition
CVE-2006-1991
The substr_compare function in string.c in PHP 4.4.2 and 5.1.2 allows
context-dependent attackers to cause a denial of service (memory
access violation) via an out-of-bounds offset argument.
Tags added: security
Request was from Stefan Fritsch <sf@sfritsch.de>
to control@bugs.debian.org
.
(full text, mbox, link).
Tags added: fixed
Request was from sesse@debian.org (Steinar H. Gunderson)
to control@bugs.debian.org
.
(full text, mbox, link).
Tags removed: fixed
Request was from "Steinar H. Gunderson" <sesse@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Bug marked as fixed in version 4:4.4.2-1.1, send any further explanations to Stefan Fritsch <sf@sfritsch.de>
Request was from "Steinar H. Gunderson" <sesse@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
:
Bug#365311
; Package php4
.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>
:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #18 received at 365311@bugs.debian.org (full text, mbox, reply):
CVE-2006-1990 is fixed by the NMU and CVE-2006-1991 is not present in
php 4.4
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 24 Jun 2007 14:38:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:06:36 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.