Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3981

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.

Related bugs and status

CVE-2014-3981 (Candidate) is related to these bugs:

Bug #1335028: UPDATE REQUEST: php54 5.4.30 is available upstream

Summary				In	Importance	Status
	1335028	UPDATE REQUEST: php54 5.4.30 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1335030: UPDATE REQUEST: php55u 5.5.14 is available upstream

Summary				In	Importance	Status
	1335030	UPDATE REQUEST: php55u 5.5.14 is available upstream		IUS Community Project	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

FULLDISC: 20140604 More /tmp fun...
MLIST: [oss-security] 2014060...
CONFIRM: http://git.php.net/?p=...
CONFIRM: https://bugs.php.net/b...
CONFIRM: https://bugzilla.redha...
CONFIRM: http://support.apple.c...
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-04-08-2
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www-01.ibm.com/...
HP: HPSBUX03150
HP: HPSBUX03102
HP: SSRT101681