Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3668

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.

Related bugs and status

CVE-2014-3668 (Candidate) is related to these bugs:

Bug #1411811: Please update php, mysql on ubuntu 15.04

Summary				In	Importance	Status
	1411811	Please update php, mysql on ubuntu 15.04		php5 (Ubuntu)	Undecided	Fix Released
	1411811	Please update php, mysql on ubuntu 15.04		mysql-5.6 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.php.net/?p=...
CONFIRM: http://php.net/ChangeL...
CONFIRM: https://bugs.php.net/b...
CONFIRM: https://bugzilla.redha...
CONFIRM: http://linux.oracle.co...
CONFIRM: http://linux.oracle.co...
DEBIAN: DSA-3064
REDHAT: RHSA-2014:1767
REDHAT: RHSA-2014:1768
SUSE: openSUSE-SU-2014:1377
UBUNTU: USN-2391-1
SECUNIA: 59967
SECUNIA: 60630
SECUNIA: 60699
SECUNIA: 61763
SECUNIA: 61970
SECUNIA: 61982
REDHAT: RHSA-2014:1765
REDHAT: RHSA-2014:1766
SUSE: openSUSE-SU-2014:1391
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-04-08-2
SUSE: openSUSE-SU-2015:0014
BID: 70666
CONFIRM: http://www.oracle.com/...