diff options
-rw-r--r-- | bug78599.patch | 33 | ||||
-rw-r--r-- | php.spec | 10 |
2 files changed, 41 insertions, 2 deletions
diff --git a/bug78599.patch b/bug78599.patch new file mode 100644 index 0000000..6ce8f02 --- /dev/null +++ b/bug78599.patch @@ -0,0 +1,33 @@ +Backported for 5.5 from: + + + +From c69bcb212b37900fd61daaf38762e4974cb4dcc9 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka <bukka@php.net> +Date: Sat, 12 Oct 2019 15:56:16 +0100 +Subject: [PATCH 1/2] Fix bug #78599 (env_path_info underflow can lead to RCE) + (CVE-2019-11043) + +cheery-picked from ab061f95ca966731b1c84cf5b7b20155c0a1c06a +without the test as tester not available +--- + sapi/fpm/fpm/fpm_main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c +index d12ac01859..22b889c167 100644 +--- a/sapi/fpm/fpm/fpm_main.c ++++ b/sapi/fpm/fpm/fpm_main.c +@@ -1214,8 +1214,8 @@ static void init_request_info(TSRMLS_D) + path_info = script_path_translated + ptlen; + tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0)); + } else { +- path_info = env_path_info ? env_path_info + pilen - slen : NULL; +- tflag = (orig_path_info != path_info); ++ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL; ++ tflag = path_info && (orig_path_info != path_info); + } + + if (tflag) { + + @@ -140,7 +140,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: 5.5.38 -Release: 11%{?dist} +Release: 12%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -255,6 +255,7 @@ Patch159: bug77020.patch Patch160: bug77231.patch Patch161: bug77242.patch Patch162: bug77380.patch +Patch163: bug78599.patch # Security fixes (200+) @@ -1010,6 +1011,7 @@ support for using the enchant library to PHP. %patch160 -p1 -b .bug77231 %patch161 -p1 -b .bug77242 %patch162 -p1 -b .bug77380 +%patch163 -p1 -b .bug78599 : ------------------------ @@ -1748,7 +1750,7 @@ cat << EOF Even, if this package includes some security fix, backported from 5.6, The UPGRADE to a maintained version is very strongly RECOMMENDED. -%if %{?fedora}%{!?fedora:99} < 26 +%if %{?fedora}%{!?fedora:99} < 28 WARNING : Fedora %{fedora} is now EOL : You should consider upgrading to a supported release %endif @@ -1922,6 +1924,10 @@ EOF %changelog +* Tue Oct 22 2019 Remi Collet <remi@remirepo.net> - 5.5.38-12 +- FPM: + Fix CVE-2019-11043 env_path_info underflow in fpm_main.c + * Fri Jan 11 2019 Remi Collet <remi@remirepo.net> - 5.5.38-11 - Fix #77242 heap out of bounds read in xmlrpc_decode - Fix #77380 Global out of bounds read in xmlrpc base64 code |