Bug 153719

Summary: lang/php5 is vulnerable
Product: Ports & Packages Reporter: Chris Tandiono <christandiono>
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Chris Tandiono 2011-01-06 08:40:09 UTC 
lang/php5 5.3.4 is vulnerable to a DoS attack involving floating point numbers (when compiled with the default CFLAGS).

Fix: 

Arch Linux has a "PHP 5.3.5" but AFAICT it's not been released yet. One workaround is to enable SSE instructions at compile-time.
How-To-Repeat: Compile php5 from ports without specifying SSE math instructions. The produced 387 instructions will cause PHP to infinite loop on certain floating point numbers.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2011-01-06 08:40:14 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->ale

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Michael Scheidell 2011-01-07 22:04:51 UTC 
php 5.3.5 is release and fixes the 5.3* branch.
php 5.2.17 is also released and fixes the php52 (5.2* branch)


<http://www.php.net/archive/2011.php#id2011-01-06-1>

and ports maintainers: I suggest upgrading this to a higher priority on 
x32 machines.
x64 boxes are not vulnerable, but x32 is.
<http://www.php.net/distributions/test_bug53632.txt>


-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
 >*| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best in Email Security,2010: Network Products Guide
    * King of Spam Filters, SC Magazine 2008


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Comment 3 Alex Dupre freebsd_committer freebsd_triage 2011-01-09 12:54:34 UTC 
State Changed
From-To: open->closed

Updated, thanks.