Launchpad.net

CVE 2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Related bugs and status

CVE-2014-3710 (Candidate) is related to these bugs:

Bug #1411811: Please update php, mysql on ubuntu 15.04

Summary				In	Importance	Status
	1411811	Please update php, mysql on ubuntu 15.04		php5 (Ubuntu)	Undecided	Fix Released
	1411811	Please update php, mysql on ubuntu 15.04		mysql-5.6 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.php.net/?p=...
CONFIRM: https://bugs.php.net/b...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://github.com/fil...
CONFIRM: http://linux.oracle.co...
CONFIRM: http://linux.oracle.co...
REDHAT: RHSA-2014:1767
REDHAT: RHSA-2014:1768
UBUNTU: USN-2391-1
SECUNIA: 60630
SECUNIA: 60699
SECUNIA: 61763
SECUNIA: 61970
SECUNIA: 61982
REDHAT: RHSA-2014:1765
REDHAT: RHSA-2014:1766
DEBIAN: DSA-3072
SUSE: openSUSE-SU-2014:1516
FREEBSD: FreeBSD-SA-14:28
SECTRACK: 1031344
SECUNIA: 62347
SECUNIA: 62559
UBUNTU: USN-2494-1
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-04-08-2
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 70807
GENTOO: GLSA-201503-03
GENTOO: GLSA-201701-42
REDHAT: RHSA-2016:0760