Launchpad CVE tracker

CVE 2014-4670

Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.

Related bugs and status

CVE-2014-4670 (Candidate) is related to these bugs:

Bug #1338170: PHP 5 infoleak vulnerability leading to potential SSL key disclosure

		In	Importance	Status
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu)	Undecided	Fix Released
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu Lucid)	Undecided	Fix Released
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu Trusty)	Undecided	Fix Released
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu Precise)	Undecided	Fix Released
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu Utopic)	Undecided	Fix Released
1338170	PHP 5 infoleak vulnerability leading to potential SSL key disclosure	php5 (Ubuntu Saucy)	Undecided	Fix Released

Bug #1360148: UPDATE REQUEST: php54 5.4.32 is available upstream

Summary				In	Importance	Status
	1360148	UPDATE REQUEST: php54 5.4.32 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1411811: Please update php, mysql on ubuntu 15.04

Summary				In	Importance	Status
	1411811	Please update php, mysql on ubuntu 15.04		php5 (Ubuntu)	Undecided	Fix Released
	1411811	Please update php, mysql on ubuntu 15.04		mysql-5.6 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-4670

References