several security fixes for php5
This patch fixes the following issues:
- cdf_read_short_sector insufficient boundary check
- mconvert incorrect handling of truncated pascal string size
- cdf_check_stream_offset insufficient boundary check
- cdf_count_chain insufficient boundary check
- cdf_read_property_info insufficient boundary check
- unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
- type confusion issue in phpinfo() leading to information leak
- SPL Iterators use-after-free
- ArrayIterator use-after-free due to object change during sorting
-
Submitted by
Christian Wittmer (computersalat)
Fixed bugs
bnc#884986
VUL-0: CVE-2014-0207: file: php5: cdf_read_short_sector insufficient boundary check
bnc#884987
VUL-0: CVE-2014-3478: file: mconvert incorrect handling of truncated pascal string size
bnc#884989
VUL-0: CVE-2014-3479: php53: file: cdf_check_stream_offset insufficient boundary check
bnc#884990
VUL-0: CVE-2014-3480: php53: file: cdf_count_chain insufficient boundary check
bnc#884991
VUL-0: CVE-2014-3487: php53: file: cdf_read_property_info insufficient boundary check
bnc#884992
VUL-0: php5: CVE-2014-3515: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
bnc#885961
VUL-0: CVE-2014-4721: php5,php53: type confusion issue in phpinfo() leading to information leak
bnc#886059
VUL-0: CVE-2014-4670: php5,php53: SPL Iterators use-after-free
bnc#886060
VUL-0: CVE-2014-4698: php5,php53: ArrayIterator use-after-free due to object change during sorting
