From 3e63839af8d1ec354d3c8cb634ce74f083b19063 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 06 2018 18:38:14 +0000 Subject: import php-5.4.16-43.el7_4.1 --- diff --git a/SOURCES/php-5.4.16-CVE-2017-7890.patch b/SOURCES/php-5.4.16-CVE-2017-7890.patch new file mode 100644 index 0000000..968078c --- /dev/null +++ b/SOURCES/php-5.4.16-CVE-2017-7890.patch @@ -0,0 +1,35 @@ +Adapted for 5.4.13 +With test removed (binary patch not handled) + +From 018092125538782b25d3ab6b036f0c8d5968f757 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" +Date: Tue, 20 Jun 2017 16:45:42 +0200 +Subject: [PATCH] Fix #74435: Buffer over-read into uninitialized memory + +The stack allocated color map buffers were not zeroed before usage, and +so undefined palette indexes could cause information leakage. +--- + ext/gd/libgd/gd_gif_in.c | 3 +++ + ext/gd/tests/bug74435.gif | Bin 0 -> 11464 bytes + ext/gd/tests/bug74435.phpt | 27 +++++++++++++++++++++++++++ + 3 files changed, 30 insertions(+) + create mode 100644 ext/gd/tests/bug74435.gif + create mode 100644 ext/gd/tests/bug74435.phpt + +diff --git a/ext/gd/libgd/gd_gif_in.c b/ext/gd/libgd/gd_gif_in.c +index 74b7493..76ba152 100644 +--- a/ext/gd/libgd/gd_gif_in.c ++++ b/ext/gd/libgd/gd_gif_in.c +@@ -147,6 +147,9 @@ gdImagePtr gdImageCreateFromGifCtx(gdIOCtxPtr fd) /* {{{ */ + int haveGlobalColormap; + gdImagePtr im = 0; + ++ memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE); ++ memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE); ++ + /*1.4//imageNumber = 1; */ + if (! ReadOK(fd,buf,6)) { + return 0; +-- +2.1.4 + diff --git a/SPECS/php.spec b/SPECS/php.spec index 78d0082..ed42742 100644 --- a/SPECS/php.spec +++ b/SPECS/php.spec @@ -69,7 +69,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: 5.4.16 -Release: 43%{?dist} +Release: 43%{?dist}.1 # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -206,6 +206,7 @@ Patch158: php-5.4.16-CVE-2016-5768.patch Patch159: php-5.4.16-CVE-2016-5399.patch Patch160: php-5.4.16-CVE-2016-10167.patch Patch161: php-5.4.16-CVE-2016-10168.patch +Patch162: php-5.4.16-CVE-2017-7890.patch BuildRequires: bzip2-devel, curl-devel >= 7.9, gmp-devel @@ -781,6 +782,7 @@ support for using the enchant library to PHP. %patch159 -p1 -b .cve5399 %patch160 -p1 -b .cve10167 %patch161 -p1 -b .cve10168 +%patch162 -p1 -b .cve7890 # Prevent %%doc confusion over LICENSE files @@ -1552,6 +1554,9 @@ fi %changelog +* Tue Jan 23 2018 Remi Collet - 5.4.16-43.1 +- gd: fix buffer over-read into uninitialized memory CVE-2017-7890 + * Wed Oct 4 2017 Remi Collet - 5.4.16-43 - gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 - gd: Signed Integer Overflow gd_io.c CVE-2016-10168