2013-03-26 12:18:55 |
Jack |
bug |
|
|
added bug |
2013-03-26 12:32:52 |
Jack |
description |
After upgrading php to
ii libapache2-mod-php5 5.3.10-1ubuntu3.6
ii php5-cli 5.3.10-1ubuntu3.6
We noticed that we've got some temporary problems with loading wsdl by soap client, it doesn't no matter about location of wsdl, this bug includes loading wsdl from local disk and from remote using http protocol. In php logs we've got only information:
[26-Mar-2013 10:55:15 UTC] PHP Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from '/tmp/test_wsdl' : failed to load external entity "/tmp/test_wsdl"
in /var/www/http/test.php:11
Stack trace:
#0 /var/www/http/test.php(11): SoapClient->SoapClient('/tmp/test_wsdl')
#1 {main}
thrown in /var/www/http/test.php on line 11
And after restart apache instance it will works for a while, and then problem returns.
Important is, that this problem does not apply to CLI client, it applies only when you are trying to run file from apache instance.
As we can see in changelog there was some changes in soap and XML and maybe that is the reason of this problems. ( In the previous version of php we didn't have any problems with soap )
* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
- debian/patches/CVE-2013-1643.patch: disable the entity loader in
ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
- CVE-2013-1643 |
After upgrading php to
ii libapache2-mod-php5 5.3.10-1ubuntu3.6
ii php5-cli 5.3.10-1ubuntu3.6
We noticed that we've got some temporary problems with loading wsdl by soap client, it doesn't no matter about location of wsdl, this bug includes loading wsdl from local disk and from remote using http protocol. In php logs we've got only information:
[26-Mar-2013 10:55:15 UTC] PHP Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from '/tmp/test_wsdl' : failed to load external entity "/tmp/test_wsdl"
in /var/www/http/test.php:11
Stack trace:
#0 /var/www/http/test.php(11): SoapClient->SoapClient('/tmp/test_wsdl')
#1 {main}
thrown in /var/www/http/test.php on line 11
And after restart apache instance it will works for a while, and then problem returns.
Important is, that this problem does not apply to CLI client, it applies only when you are trying to run file from apache instance.
As we can see in changelog there was some changes in soap and XML and maybe that is the reason of this problems. ( In the previous version of php we didn't have any problems with soap )
* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
- debian/patches/CVE-2013-1643.patch: disable the entity loader in
ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
- CVE-2013-1643
PHP 5.3.10-1ubuntu3 with Suhosin-Patch (cli) (built: Apr 11 2012 17:25:33)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
Server version: Apache/2.2.22 (Ubuntu)
Server built: Mar 8 2013 15:53:13
Server's Module Magic Number: 20051115:30
Server loaded: APR 1.4.6, APR-Util 1.3.12
Compiled using: APR 1.4.6, APR-Util 1.3.12
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.2 LTS
Release: 12.04
Codename: precise |
|
2013-03-26 12:39:18 |
Jack |
description |
After upgrading php to
ii libapache2-mod-php5 5.3.10-1ubuntu3.6
ii php5-cli 5.3.10-1ubuntu3.6
We noticed that we've got some temporary problems with loading wsdl by soap client, it doesn't no matter about location of wsdl, this bug includes loading wsdl from local disk and from remote using http protocol. In php logs we've got only information:
[26-Mar-2013 10:55:15 UTC] PHP Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from '/tmp/test_wsdl' : failed to load external entity "/tmp/test_wsdl"
in /var/www/http/test.php:11
Stack trace:
#0 /var/www/http/test.php(11): SoapClient->SoapClient('/tmp/test_wsdl')
#1 {main}
thrown in /var/www/http/test.php on line 11
And after restart apache instance it will works for a while, and then problem returns.
Important is, that this problem does not apply to CLI client, it applies only when you are trying to run file from apache instance.
As we can see in changelog there was some changes in soap and XML and maybe that is the reason of this problems. ( In the previous version of php we didn't have any problems with soap )
* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
- debian/patches/CVE-2013-1643.patch: disable the entity loader in
ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
- CVE-2013-1643
PHP 5.3.10-1ubuntu3 with Suhosin-Patch (cli) (built: Apr 11 2012 17:25:33)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
Server version: Apache/2.2.22 (Ubuntu)
Server built: Mar 8 2013 15:53:13
Server's Module Magic Number: 20051115:30
Server loaded: APR 1.4.6, APR-Util 1.3.12
Compiled using: APR 1.4.6, APR-Util 1.3.12
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.2 LTS
Release: 12.04
Codename: precise |
After upgrading php to
ii libapache2-mod-php5 5.3.10-1ubuntu3.6
ii php5-cli 5.3.10-1ubuntu3.6
We noticed that we've got some temporary problems with loading wsdl by soap client, it doesn't no matter about location of wsdl, this bug includes loading wsdl from local disk and from remote using http protocol. In php logs we've got only information:
[26-Mar-2013 10:55:15 UTC] PHP Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from '/tmp/test_wsdl' : failed to load external entity "/tmp/test_wsdl"
in /var/www/http/test.php:11
Stack trace:
#0 /var/www/http/test.php(11): SoapClient->SoapClient('/tmp/test_wsdl')
#1 {main}
thrown in /var/www/http/test.php on line 11
And after restart apache instance it will works for a while, and then problem returns.
Important is, that this problem does not apply to CLI client, it applies only when you are trying to run file from apache instance.
As we can see in changelog there was some changes in soap and XML and maybe that is the reason of this problems. ( In the previous version of php we didn't have any problems with soap )
* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
- debian/patches/CVE-2013-1643.patch: disable the entity loader in
ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
- CVE-2013-1643
PHP 5.3.10-1ubuntu3.6 with Suhosin-Patch (cli) (built: Mar 11 2013 14:31:48)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
Server version: Apache/2.2.22 (Ubuntu)
Server built: Mar 8 2013 15:53:13
Server's Module Magic Number: 20051115:30
Server loaded: APR 1.4.6, APR-Util 1.3.12
Compiled using: APR 1.4.6, APR-Util 1.3.12
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.2 LTS
Release: 12.04
Codename: precise |
|
2013-03-27 16:38:02 |
Launchpad Janitor |
php5 (Ubuntu): status |
New |
Confirmed |
|
2013-04-04 17:17:37 |
Pieter Bos |
bug |
|
|
added subscriber Pieter Bos |
2013-09-05 20:22:04 |
Thomas Reindlmeier |
bug |
|
|
added subscriber Thomas Reindlmeier |
2013-12-23 22:51:30 |
Rowan Wookey |
bug |
|
|
added subscriber Rowan |
2014-09-18 13:50:40 |
Tomasz (Tomek) Muras |
bug |
|
|
added subscriber Tomasz (Tomek) Muras |
2015-10-19 11:47:24 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Server Team |
2015-10-19 11:52:31 |
Robie Basak |
php5 (Ubuntu): status |
Confirmed |
Incomplete |
|
2015-10-19 11:52:35 |
Robie Basak |
bug |
|
|
added subscriber Robie Basak |
2015-10-19 11:52:39 |
Robie Basak |
removed subscriber Ubuntu Server Team |
|
|
|
2015-12-22 04:17:31 |
Launchpad Janitor |
php5 (Ubuntu): status |
Incomplete |
Expired |
|
2015-12-22 08:33:49 |
Thomas Reindlmeier |
removed subscriber Thomas Reindlmeier |
|
|
|