ports/130603: vuxml submission for php[45]-mbstring

Mark Foster mark at foster.cc
Fri Jan 16 05:50:06 UTC 2009 

>Number:         130603
>Category:       ports
>Synopsis:       vuxml submission for php[45]-mbstring
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 16 05:50:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Mark Foster
>Release:        7.1
>Organization:
Credentia
>Environment:
FreeBSD frau.foster.cc 7.1-RELEASE-p1 FreeBSD 7.1-RELEASE-p1 #4: Sat Jan 10 20:04:30 PST 2009     root at frau.foster.cc:/usr/obj/usr/src/sys/GENERIC  i386

>Description:

>How-To-Repeat:

>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
   <vuln vid="69005cc4-9e60-4f0c-ad48-536a604127e3">
     <topic>php-mbstring -- PHP mbstring Extension Buffer Overflow Vulnerability</topic>
     <affects>
       <package>
         <name>php5-mbstring</name>
         <range><le>5.2.6</le></range>
       </package>
       <package>
         <name>php4-mbstring</name>
         <range><ge>4.3.0</ge></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>SecurityFocus reports:</p>
         <blockquote cite="http://www.securityfocus.com/bid/32948">
           <p>PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the mbstring extension included in the standard distribution.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver denying service to legitimate users.

PHP 4.3.0 up to and including 5.2.6 are vulnerable. </p>
         </blockquote>
       </body>
     </description>
     <references>
      <bid>32948</bid>
      <url>http://www.securityfocus.com/bid/32948</url>
      <cvename>CVE-2008-5557</cvename>
     </references>
     <dates>
       <discovery>2008-12-21</discovery>
       <entry>2009-01-15</entry>
     </dates>
   </vuln>



>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list