SB2016091409 - Out-of-bounds read in phpmyadmin (Alpine package)
Published: September 14, 2016
Security Bulletin ID
SB2016091409
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2016-6293)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to the uloc_acceptLanguageFromHTTP function in common/uloc.cpp for C/C++ does not ensure that there is a '' character at the end of a certain temporary array. A remote unauthenticated attacker can supply a call with a long httpAcceptLanguage argument, trigger out-of-bounds read and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=248b3fa9ef3ac2d1eecc6514fa4e1e9368fa4d86
- https://git.alpinelinux.org/aports/commit/?id=58ac6db44de5ffbf3c0dbaced14ef44ca397b863
- https://git.alpinelinux.org/aports/commit/?id=3e72f91bb20ef89058467b81ddaf2c5793af3ec9
- https://git.alpinelinux.org/aports/commit/?id=517afce6b9a2a1a80adab744a77278db53d919f7
- https://git.alpinelinux.org/aports/commit/?id=a35fc5fa306c1b74cf13f5f8a6624b47b0409a82
- https://git.alpinelinux.org/aports/commit/?id=717cf36fa33c72a0bbda4351e4f948e0747380ed
- https://git.alpinelinux.org/aports/commit/?id=40d6cc47af907fd5002149498c93d91f6a143c63
- https://git.alpinelinux.org/aports/commit/?id=383064a721ebafed7c65d9e32dc4c6606e95bbd3
- https://git.alpinelinux.org/aports/commit/?id=a1c3c770dba922f9b971534d089eed7ff53412d2