On 2016-08-23 19:56, Thorsten Alteholz wrote:
Hi Jan,
Hi Thorsten,
do you know whether there has been a CVE assigned for these bugs
already? As far as I can see there is none yet.
Nope, not a clue. All I have to go by is PHP's security announcement
(http://php.net/releases/5_6_25.php)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: libgcrypt11
Version: 1.5.0-5+deb7u5
CVE ID : CVE-2016-6313
The crypto library libgcrypt11 has a weakness in the random number
generator.
CVE-2016-6313
Felix Dörre and Vladimir Klebanov from the Karlsruhe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 18 Aug 2016 18:32:50 +
Source: libgcrypt11
Binary: libgcrypt11-doc libgcrypt11-dev libgcrypt11-dbg libgcrypt11
libgcrypt11-udeb
Architecture: source all amd64
Version: 1.5.0-5+deb7u5
Distribution: wheezy-security
Urgency:
Hi Jan,
On Tue, 23 Aug 2016, Jan Ingvoldstad wrote:
It looks as if the patches for unserializing and session handling are
relevant, possibly others:
https://bugs.php.net/bug.php?id=70436
https://bugs.php.net/bug.php?id=72681
do you know whether there has been a CVE assigned for these bugs
On Tue, Aug 23, 2016 at 03:19:39PM +0200, Jan Ingvoldstad wrote:
> Hi,
>
> PHP 5.6.25 was released a few days ago, and it seems as if some of the
> issues are relevant to PHP 5.4 as well.
>
> It looks as if the patches for unserializing and session handling are
> relevant, possibly others:
>
>
Hi,
PHP 5.6.25 was released a few days ago, and it seems as if some of the
issues are relevant to PHP 5.4 as well.
It looks as if the patches for unserializing and session handling are
relevant, possibly others:
https://bugs.php.net/bug.php?id=70436
https://bugs.php.net/bug.php?id=72681
Hi Guido
Brian wrote in his mail that he had not tried to reproduce the crash.
Quote:
"...although I don't have any exploits test it with."
Best regards
// Ola
On Tue, Aug 23, 2016 at 7:22 AM, Guido Günther wrote:
> On Mon, Aug 22, 2016 at 06:15:33PM +1000, Brian May wrote: