The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of PHP: use after free via SPL Iterators

Synthesis of the vulnerability 

A local attacker can use a freed memory area in SPL Iterators of PHP, in order to trigger a denial of service, and possibly to execute code.
Vulnerable systems: Debian, BIG-IP Hardware, TMOS, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this threat: 2/4.
Creation date: 24/07/2014.
Références of this weakness: 67538, bulletinjan2015, CVE-2014-4670, DSA-3008-1, DSA-3008-2, MDVSA-2014:149, MDVSA-2015:080, openSUSE-SU-2014:0945-1, openSUSE-SU-2014:1236-1, RHSA-2014:1326-01, RHSA-2014:1327-01, RHSA-2014:1765-01, RHSA-2014:1766-01, SOL15761, SSA:2014-247-01, SUSE-SU-2014:0938-1, SUSE-SU-2016:1638-1, USN-2276-1, VIGILANCE-VUL-15098.

Description of the vulnerability 

SPL is a library for PHP that provides implementation of data structures and associated iterators.

The class SplDoublyLinkedList provides move routines for these lists. However, some sequences of moves corrupt the iterator, which leads to uses of a freed memory area.

A local attacker can therefore use a freed memory area in SPL Iterators of PHP, in order to trigger a denial of service, and possibly to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as Debian, BIG-IP Hardware, TMOS, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this threat note is medium.

The trust level is of type confirmed by the editor, with an origin of user account.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer weakness.

Solutions for this threat 

PHP: version 5.5.15.
The version 5.5.15 is fixed:
  http://fr2.php.net/get/php-5.5.15.tar.bz2/from/a/mirror

PHP: version 5.4.32.
The version 5.4.32 is fixed:
  http://fr2.php.net/get/php-5.4.32.tar.gz/from/a/mirror

Debian: new php5 packages.
New packages are available:
  Debian 7: php5 5.4.4-14+deb7u13

F5 BIG-IP: solution for PHP.
The solution is indicated in information sources.

Mandriva BS2: new php packages.
New packages are available:
  Mandriva BS2: php 5.5.23-1.mbs2

Mandriva: new php packages.
New packages are available:
  Mandriva BS1: php 5.5.15-1.2.mbs1, php-apc 3.1.15-1.9.mbs1

openSUSE 11.4: new php5 packages.
New packages are available:
  openSUSE 11.4: apache2-mod_php5 5.3.17-379.1, php5 5.3.17-379.1

openSUSE: new php5 packages.
New packages are available:
  openSUSE 13.1: php5 5.4.20-21.1
  openSUSE 12.3: php5 5.3.17-3.25.1

Red Hat Software Collections: new php54-php packages.
New packages are available:
  RHEL 6: php54-php 5.4.16-22.el6
  RHEL 7: php54-php 5.4.16-22.el7

Red Hat Software Collections: new php55-php packages.
New packages are available:
  RHEL 6: php55-php 5.5.6-13.el6
  RHEL 7: php55-php 5.5.6-13.el7

RHEL 7.0: new php packages (30/09/2014).
New packages are available:
  RHEL 7: php 5.4.16-23.el7_0.1

RHEL: new php packages.
New packages are available:
  RHEL 5: php53 5.3.3-24.el5
  RHEL 6: php 5.3.3-27.el6_5.2

Slackware: new php packages.
New packages are available:
  Slackware 13.0: php 5.3.29-i486-1_slack13.0
  Slackware 13.1: php 5.3.29-i486-1_slack13.1
  Slackware 13.37: php 5.3.29-i486-1_slack13.37
  Slackware 14.0: php 5.4.32-i486-1_slack14.0
  Slackware 14.1: php 5.4.32-i486-1_slack14.1

Solaris: patch for Third Party (24/03/2015).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE 11: new php53 packages.
New packages are available:
  SUSE LE 11: php53 5.3.17-0.27.1

SUSE LE 11 SP2: new php53 packages (21/06/2016).
New packages are available:
  SUSE LE 11 SP2: apache2-mod_php53 5.3.17-47.1, php53 5.3.17-47.1

Ubuntu: new php5 packages (09/07/2014).
New packages are available:
  Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.3, php5-cgi 5.5.9+dfsg-1ubuntu4.3, php5-cli 5.5.9+dfsg-1ubuntu4.3, php5-fpm 5.5.9+dfsg-1ubuntu4.3
  Ubuntu 13.10: libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.6, php5-cgi 5.5.3+dfsg-1ubuntu2.6, php5-cli 5.5.3+dfsg-1ubuntu2.6, php5-fpm 5.5.3+dfsg-1ubuntu2.6
  Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.13, php5-cgi 5.3.10-1ubuntu3.13, php5-cli 5.3.10-1ubuntu3.13, php5-fpm 5.3.10-1ubuntu3.13
  Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.26, php5-cgi 5.3.2-1ubuntu4.26, php5-cli 5.3.2-1ubuntu4.26
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides system vulnerability patches. The technology watch team tracks security threats targeting the computer system.