PublicDateAtUSN: 2014-08-22
Candidate: CVE-2014-3597
PublicDate: 2014-08-23 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
 https://bugs.php.net/bug.php?id=67717
 https://ubuntu.com/security/notices/USN-2344-1
Description:
 Multiple buffer overflows in the php_parserr function in ext/standard/dns.c
 in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to
 cause a denial of service (application crash) or possibly execute arbitrary
 code via a crafted DNS record, related to the dns_get_record function and
 the dn_expand function.  NOTE: this issue exists because of an incomplete
 fix for CVE-2014-4049.
Ubuntu-Description:
Notes:
 jdstrand> incomplete fix for CVE-2014-4049
Bugs:
Priority: medium
Discovered-by:
Assigned-to: sarnold
CVSS: 

Patches_php5:
 other: https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05#diff-d41d8cd98f00b204e9800998ecf8427e
upstream_php5: needs-triage
lucid_php5: released (5.3.2-1ubuntu4.27)
precise_php5: released (5.3.10-1ubuntu3.14)
trusty_php5: released (5.5.9+dfsg-1ubuntu4.4)
trusty/esm_php5: released (5.5.9+dfsg-1ubuntu4.4)
devel_php5: released (5.5.12+dfsg-2ubuntu4)