Zend Server 6.3 - 9.0 CVE Log

Avatar
Zvika Dror
Follow

Applies to: Zend Server 6.3 - 9.0 (including 9.0.2)

Product Info: http://www.zend.com/en/products/server

Downloads: http://www.zend.com/en/products/server/downloads

This document contains security information about Zend Server based on published CVE identifiers.

For PHP itself we refer to PHP.net changelogs.

PHP Information

http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

Zend Server Version Jump

ZendServer 9.0

ZendServer 8.5

ZendServer 8.0

ZendServer 7.0

ZendServer 6.3

 

ZendServer 9.0 GA

Has PHP 7.0.6 (See http://www.php.net/ChangeLog-7.php#7.0.6)

ZendServer 9.0.1 GA

Has PHP 7.0.11 (See http://www.php.net/ChangeLog-7.php#7.0.11)

ZendServer 9.0.2 GA

Has PHP 7.0.15 (See http://www.php.net/ChangeLog-7.php#7.0.15)

 

ZendServer 8.5 GA

Has PHP 5.5.26 (See http://php.net/ChangeLog-5.php#5.5.26)

Includes the following fixes from PHP 5.5.27:

- Mysqlnd:

. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)

Has PHP 5.6.10 (See http://php.net/ChangeLog-5.php#5.6.10)

Includes the following fixes from PHP 5.6.11:

- Mysqlnd:

. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)

ZendServer 8.5.1

Includes the following fixes from PHP 5.5.27:

- Phar:

. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)

. Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)

Includes the following fixes from PHP 5.6.11:

- Phar:

. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)

. Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)

ZendServer 8.5.2

Has PHP 5.5.30 (See http://php.net/ChangeLog-5.php#5.5.30)

Has PHP 5.6.14 (See http://php.net/ChangeLog-5.php#5.6.14)

ZendServer 8.5.2 hotfix 3

Has PHP 5.5.31 (See http://php.net/ChangeLog-5.php#5.5.31)

Has PHP 5.6.17 (See http://php.net/ChangeLog-5.php#5.6.17)

ZendServer 8.5.3 hotfix 4

Has PHP 5.5.32 (See http://php.net/ChangeLog-5.php#5.5.32)

Has PHP 5.6.18 (See http://php.net/ChangeLog-5.php#5.6.18)

ZendServer 8.5.4 hotfix 5

Has PHP 5.5.36 (See http://php.net/ChangeLog-5.php#5.5.36)

Has PHP 5.6.22 (See http://php.net/ChangeLog-5.php#5.6.22)

ZendServer 8.5.5 hotfix 6

Has PHP 5.5.37 (See http://php.net/ChangeLog-5.php#5.5.37)

Has PHP 5.6.23 (See http://php.net/ChangeLog-5.php#5.6.23)

 

ZendServer 8.0 GA

Has PHP 5.5.19 (See http://php.net/ChangeLog-5.php#5.5.19)

Has PHP 5.6.3 (See http://php.net/ChangeLog-5.php#5.6.3)

ZendServer 8.0.1

Has PHP 5.5.20 (See http://php.net/ChangeLog-5.php#5.5.20)

Has PHP 5.6.4 (See http://php.net/ChangeLog-5.php#5.6.4)

ZendServer 8.0.2

Has PHP 5.5.21 (See http://php.net/ChangeLog-5.php#5.5.21)

Has PHP 5.6.5 (See http://php.net/ChangeLog-5.php#5.6.5)

ZendServer 8.0.3

Has PHP 5.5.23 (See http://php.net/ChangeLog-5.php#5.5.23)

Has PHP 5.6.7 (See http://php.net/ChangeLog-5.php#5.6.7)

 

ZendServer 7.0 GA

Has PHP 5.4.29 (See http://php.net/ChangeLog-5.php#5.4.29)

Includes the following fixes from PHP 5.4.30:

- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)

- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049).

Has PHP 5.5.13 (See http://php.net/ChangeLog-5.php#5.5.13)

Includes the following fixes from PHP 5.5.14:

- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049).

Has OpenSSL 0.9.8za (See https://www.openssl.org/news/secadv_20140605.txt)

ZendServer 7.0 hotfix 1

Has fixes from PHP 5.4.30:

- SPL:
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).

Has fixes from PHP 5.4.32:

- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120)
- Network:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)

Has fixes from PHP 5.5.14:

- SPL:
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).

Has fixes from PHP 5.5.15:

- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)

Has fixes from PHP 5.5.16:

- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120)
- Network:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)

Has OpenSSL 0.9.8zb (See https://www.openssl.org/news/secadv_20140806.txt):

  • Information leak in pretty printing functions (CVE-2014-3508)
  • Double Free when processing DTLS packets (CVE-2014-3505)
  • DTLS memory exhaustion (CVE-2014-3506)
  • DTLS memory leak from zero-length fragments (CVE-2014-3507)
  • OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)

ZendServer 7.0 hotfix 2

Has PHP 5.4.34 (See http://php.net/ChangeLog-5.php#5.4.34)

Has fixes from PHP 5.4.35:

- Fileinfo:

. Fixed bug #68283: fileinfo: out-of-bounds read in elf note headers (CVE-2014-371)

Has fixes from PHP 5.5.18:

- Core:

. Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)

- cURL:

. Fixed bug #68089 (NULL byte injection - cURL lib).

- Exif:

. Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)

- XMLRPC:

. Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)

ZendServer 7.0 hotfix 3

Has PHP 5.4.36 (See http://php.net/ChangeLog-5.php#5.4.36)

ZendServer 7.0 hotfix 4

Has PHP 5.4.37 (See http://php.net/ChangeLog-5.php#5.4.37)

ZendServer 7.0 hotfix 5

Has PHP 5.4.39 (See http://php.net/ChangeLog-5.php#5.4.39)

ZendServer 7.0 hotfix 6

Has PHP 5.4.43 (See http://php.net/ChangeLog-5.php#5.4.43)

ZendServer 7.0 hotfix 7

Has PHP 5.4.45 (See http://php.net/ChangeLog-5.php#5.4.45)

 

ZendServer 6.3 GA

Has PHP 5.3.28 (See http://php.net/ChangeLog-5.php#5.3.28)

Has PHP 5.4.23 (See http://php.net/ChangeLog-5.php#5.4.23)

Has PHP 5.5.7 (See http://php.net/ChangeLog-5.php#5.5.7)

Has OpenSSL 0.9.8y (see https://www.openssl.org/news/secadv_20130205.txt)

ZendServer 6.3 hotfix 1

Has fixes from PHP 5.4.26:

Fileinfo:

  • Fixed bug #66731 (file: infinite recursion) (CVE-2014-1943).

Has fixes from PHP 5.5.9:

GD:

  • Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop(), CVE-2013-7226).

Has fixes from PHP 5.5.10:

Fileinfo:

  • Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)).

ZendServer 6.3 hotfix 2

Has fixes from PHP 5.4.26:

Fileinfo:

  • Fixed bug #66820 (out-of-bounds memory access in fileinfo) (CVE-2014-2270).

Has fixes from PHP 5.4.27:

Fileinfo:

  • Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression (CVE-2013-7345))

Has fixes from PHP 5.5.10:

Fileinfo:

  • Fixed bug #66820 (out-of-bounds memory access in fileinfo) (CVE-2014-2270).

GD:

  • Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer (CVE-2013-7327)).

Has fixes from PHP 5.5.11:

Fileinfo:

  • Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression (CVE-2013-7345))

ZendServer 6.3 hotfix 3

Has PHP 5.3.29 (See http://php.net/ChangeLog-5.php#5.3.29)

Has fixes from PHP 5.4.30:

- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049).
- SPL:
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).

Has fixes from PHP 5.4.32:

- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120)
- Network:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)

Has OpenSSL 0.9.8zb (See https://www.openssl.org/news/secadv_20140806.txt):

  • Information leak in pretty printing functions (CVE-2014-3508)
  • Double Free when processing DTLS packets (CVE-2014-3505)
  • DTLS memory exhaustion (CVE-2014-3506)
  • DTLS memory leak from zero-length fragments (CVE-2014-3507)
  • OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)

ZendServer 6.3 hotfix 4

Fixes backported from PHP 5.4 branch to PHP 5.3:

From PHP 5.4.32:

- Core:

. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)

- Fileinfo:

. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)

- GD:

. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497).

- SPL:

. Fixed bug #67539 (ArrayIterator use-after-free due to object change during

sorting). (CVE-2014-4698)

. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)

From PHP 5.4.34:

- Core:

. Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)

- EXIF:

. Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)

- XMLRPC:

. Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)

From PHP 5.4.35:

- Fileinfo:

. Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)

From PHP 5.4.36:

. Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)

From PHP 5.4.37:

- Core:

. Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231)

- EXIF:

. Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232)

 

Comments