All the vulnerabilites related to The PHP Group - PHP
var-202004-2062
Vulnerability from variot

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. PHP Exists in an out-of-bounds read vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A buffer error vulnerability exists in the 'urldecode()' function in PHP 7.2.x prior to 7.2.30, 7.3.x prior to 7.3.17, and 7.4.x prior to 7.4.5. An attacker could exploit this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


Debian Security Advisory DSA-4719-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 06, 2020 https://www.debian.org/security/faq


Package : php7.3 CVE ID : CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 CVE-2020-7067

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or potentially the execution of arbitrary code.

For the stable distribution (buster), these problems have been fixed in version 7.3.19-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8DlcBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TPrg/+O/2SmuM/9AdyHAnRu7SJ0dlkEkF+FIR8SI2O7orDVLMYuNMdzN6oW9e4 oe+hhFE2iIOcl5lskxXLcnmd30izBxJXq+xJ000k6O0AfRZgVul+OTl5zDUJRKod Y1BuoVt2wUw0BT8V2FjYfu8XTGvDVqQVxc/GuZFExI6OkNcj0WFgdMP0wGu1VRxw FExRyZVHlATSVdH04gMI9BK1B4BVNZh05Qwb8bDD5sO16eamXIR6peuES1OJ4jUn YOfUMP2UgVLBywvHe+5VuXIW2AFj02Aw3Zl9Dgw2QTdylJs+ttf30NKWZP44/VFK wuyZa4y7tq2H31w9LBIvWIogYWe6CZYQeCvpVgSkLQwptRXqFSRC9OPTSKCKqnhN x8DXvLj6MzSO3jokZOLxxO473RGnV+WE1jgZ6LWK5LY8h5HjH5xPkef9v4UBpDQ/ UlEtEwMwceZK2jh3aI3yPoWQ2LIXASBe4+u1bG7Iln31MpTWJ/AdZ0sxWgGX1VqT JevU0IqRdKTX5kY8dE6mlje5G15AG1dNFigeWLHMZ1rJ/VSb2kiM4vrqL1lNBZwe jvsbpnyII4OeL/Zc7fEBnnKtzdDdu6PSv8aI1gSnFQCflMx8/nUbbWxu4J4HxGcW EZg1p2IaCW0hVTMhCwFTDH2EgseAS23XwloXp0i49FM23eJwuMM= =CeOY -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-2062",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.30"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.17"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.0"
      },
      {
        "model": "tenable.sc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.19.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4.0.5"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.5"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.2.30 \u306e 7.2.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.3.17 \u306e 7.3.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.4.5 \u306e 7.4.x"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.5",
                "versionStartIncluding": "7.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.17",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.30",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.4.0.5",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "db": "PACKETSTORM",
        "id": "168881"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2020-7067",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004899",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-185192",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-7067",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004899",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-7067",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "security@php.net",
            "id": "CVE-2020-7067",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004899",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-1407",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-185192",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-7067",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. PHP Exists in an out-of-bounds read vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A buffer error vulnerability exists in the \u0027urldecode()\u0027 function in PHP 7.2.x prior to 7.2.30, 7.3.x prior to 7.3.17, and 7.4.x prior to 7.4.5. An attacker could exploit this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4719-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nJuly 06, 2020                         https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : php7.3\nCVE ID         : CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064\n                 CVE-2020-7065 CVE-2020-7066 CVE-2020-7067\n\nMultiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language which could result in information\ndisclosure, denial of service or potentially the execution of arbitrary\ncode. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.19-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8DlcBfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0TPrg/+O/2SmuM/9AdyHAnRu7SJ0dlkEkF+FIR8SI2O7orDVLMYuNMdzN6oW9e4\noe+hhFE2iIOcl5lskxXLcnmd30izBxJXq+xJ000k6O0AfRZgVul+OTl5zDUJRKod\nY1BuoVt2wUw0BT8V2FjYfu8XTGvDVqQVxc/GuZFExI6OkNcj0WFgdMP0wGu1VRxw\nFExRyZVHlATSVdH04gMI9BK1B4BVNZh05Qwb8bDD5sO16eamXIR6peuES1OJ4jUn\nYOfUMP2UgVLBywvHe+5VuXIW2AFj02Aw3Zl9Dgw2QTdylJs+ttf30NKWZP44/VFK\nwuyZa4y7tq2H31w9LBIvWIogYWe6CZYQeCvpVgSkLQwptRXqFSRC9OPTSKCKqnhN\nx8DXvLj6MzSO3jokZOLxxO473RGnV+WE1jgZ6LWK5LY8h5HjH5xPkef9v4UBpDQ/\nUlEtEwMwceZK2jh3aI3yPoWQ2LIXASBe4+u1bG7Iln31MpTWJ/AdZ0sxWgGX1VqT\nJevU0IqRdKTX5kY8dE6mlje5G15AG1dNFigeWLHMZ1rJ/VSb2kiM4vrqL1lNBZwe\njvsbpnyII4OeL/Zc7fEBnnKtzdDdu6PSv8aI1gSnFQCflMx8/nUbbWxu4J4HxGcW\nEZg1p2IaCW0hVTMhCwFTDH2EgseAS23XwloXp0i49FM23eJwuMM=\n=CeOY\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "db": "PACKETSTORM",
        "id": "168881"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-7067",
        "trust": 2.8
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-14",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1446",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4296",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2307",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2515",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2296",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072292",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-185192",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168864",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168881",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "db": "PACKETSTORM",
        "id": "168881"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "id": "VAR-202004-2062",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:44:04.210000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Sec Bug #79465",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=79465"
      },
      {
        "title": "PHP Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116907"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1367",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1367"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1368",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1368"
      },
      {
        "title": "Debian Security Advisories: DSA-4717-1 php7.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a27709c513fb18e7ddf6a588532d9735"
      },
      {
        "title": "Debian Security Advisories: DSA-4719-1 php7.3 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=cf2756dc65762c0fef76f47a73a2324a"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-14"
      },
      {
        "title": "php7-internals",
        "trust": 0.1,
        "url": "https://github.com/0xbigshaq/php7-internals "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2021-14"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=79465"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2020/dsa-4717"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2020/dsa-4719"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7067"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7067"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1446/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vulnerable-to-sensitive-information-leak-php-cve-2020-7067/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-32047"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2307/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2296/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4296/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7064"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7066"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7062"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11048"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7063"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/0xbigshaq/php7-internals"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/alas-2020-1367.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7065"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.3"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.0"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "db": "PACKETSTORM",
        "id": "168881"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "db": "PACKETSTORM",
        "id": "168881"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "date": "2020-04-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "date": "2020-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "date": "2020-07-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "date": "2020-07-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168881"
      },
      {
        "date": "2020-04-27T21:15:14.593000",
        "db": "NVD",
        "id": "CVE-2020-7067"
      },
      {
        "date": "2020-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "date": "2022-05-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "date": "2020-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "date": "2022-05-16T19:57:47.077000",
        "db": "NVD",
        "id": "CVE-2020-7067"
      },
      {
        "date": "2022-05-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP Out-of-bounds read vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0117
Vulnerability from variot

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. PHP is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to obtain sensitive information or crash the application resulting in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. ========================================================================== Ubuntu Security Notice USN-2572-1 April 20, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)

It was discovered that PHP incorrectly handled unserializing PHAR files. (CVE-2015-2787)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.4 php5-cgi 5.5.12+dfsg-2ubuntu4.4 php5-cli 5.5.12+dfsg-2ubuntu4.4 php5-fpm 5.5.12+dfsg-2ubuntu4.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 php5-cgi 5.5.9+dfsg-1ubuntu4.9 php5-cli 5.5.9+dfsg-1ubuntu4.9 php5-fpm 5.5.9+dfsg-1ubuntu4.9

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.18 php5-cgi 5.3.10-1ubuntu3.18 php5-cli 5.3.10-1ubuntu3.18 php5-fpm 5.3.10-1ubuntu3.18

Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.30 php5-cgi 5.3.2-1ubuntu4.30 php5-cli 5.3.2-1ubuntu4.30

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: php security update Advisory ID: RHSA-2015:1218-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1218.html Issue date: 2015-07-09 CVE Names: CVE-2014-9425 CVE-2014-9705 CVE-2014-9709 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash. (CVE-2014-9425)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1177734 - CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy() 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-bcmath-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

x86_64: php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm

ppc64: php-5.3.3-46.el6_6.ppc64.rpm php-cli-5.3.3-46.el6_6.ppc64.rpm php-common-5.3.3-46.el6_6.ppc64.rpm php-debuginfo-5.3.3-46.el6_6.ppc64.rpm php-gd-5.3.3-46.el6_6.ppc64.rpm php-ldap-5.3.3-46.el6_6.ppc64.rpm php-mysql-5.3.3-46.el6_6.ppc64.rpm php-odbc-5.3.3-46.el6_6.ppc64.rpm php-pdo-5.3.3-46.el6_6.ppc64.rpm php-pgsql-5.3.3-46.el6_6.ppc64.rpm php-soap-5.3.3-46.el6_6.ppc64.rpm php-xml-5.3.3-46.el6_6.ppc64.rpm php-xmlrpc-5.3.3-46.el6_6.ppc64.rpm

s390x: php-5.3.3-46.el6_6.s390x.rpm php-cli-5.3.3-46.el6_6.s390x.rpm php-common-5.3.3-46.el6_6.s390x.rpm php-debuginfo-5.3.3-46.el6_6.s390x.rpm php-gd-5.3.3-46.el6_6.s390x.rpm php-ldap-5.3.3-46.el6_6.s390x.rpm php-mysql-5.3.3-46.el6_6.s390x.rpm php-odbc-5.3.3-46.el6_6.s390x.rpm php-pdo-5.3.3-46.el6_6.s390x.rpm php-pgsql-5.3.3-46.el6_6.s390x.rpm php-soap-5.3.3-46.el6_6.s390x.rpm php-xml-5.3.3-46.el6_6.s390x.rpm php-xmlrpc-5.3.3-46.el6_6.s390x.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: php-bcmath-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

ppc64: php-bcmath-5.3.3-46.el6_6.ppc64.rpm php-dba-5.3.3-46.el6_6.ppc64.rpm php-debuginfo-5.3.3-46.el6_6.ppc64.rpm php-devel-5.3.3-46.el6_6.ppc64.rpm php-embedded-5.3.3-46.el6_6.ppc64.rpm php-enchant-5.3.3-46.el6_6.ppc64.rpm php-fpm-5.3.3-46.el6_6.ppc64.rpm php-imap-5.3.3-46.el6_6.ppc64.rpm php-intl-5.3.3-46.el6_6.ppc64.rpm php-mbstring-5.3.3-46.el6_6.ppc64.rpm php-process-5.3.3-46.el6_6.ppc64.rpm php-pspell-5.3.3-46.el6_6.ppc64.rpm php-recode-5.3.3-46.el6_6.ppc64.rpm php-snmp-5.3.3-46.el6_6.ppc64.rpm php-tidy-5.3.3-46.el6_6.ppc64.rpm php-zts-5.3.3-46.el6_6.ppc64.rpm

s390x: php-bcmath-5.3.3-46.el6_6.s390x.rpm php-dba-5.3.3-46.el6_6.s390x.rpm php-debuginfo-5.3.3-46.el6_6.s390x.rpm php-devel-5.3.3-46.el6_6.s390x.rpm php-embedded-5.3.3-46.el6_6.s390x.rpm php-enchant-5.3.3-46.el6_6.s390x.rpm php-fpm-5.3.3-46.el6_6.s390x.rpm php-imap-5.3.3-46.el6_6.s390x.rpm php-intl-5.3.3-46.el6_6.s390x.rpm php-mbstring-5.3.3-46.el6_6.s390x.rpm php-process-5.3.3-46.el6_6.s390x.rpm php-pspell-5.3.3-46.el6_6.s390x.rpm php-recode-5.3.3-46.el6_6.s390x.rpm php-snmp-5.3.3-46.el6_6.s390x.rpm php-tidy-5.3.3-46.el6_6.s390x.rpm php-zts-5.3.3-46.el6_6.s390x.rpm

x86_64: php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: php-bcmath-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

x86_64: php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-9425 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVnsPKXlSAg2UNWIIRAtXEAKC6gknTJ+I/czViSyE71AjUZ1pWSQCgo6ip /jsvmaEr/ag17pZ7M9fXiz4= =vWCv -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. Please note that this package build also moves the configuration files from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz

Slackware 14.1 package: 9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz

Slackware -current package: 30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz

Slackware x86_64 -current package: 1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.4.40-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

.

Buffer Overflow when parsing tar/zip/phar in phar_set_inode (CVE-2015-3329).

Potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330).

PHP has been updated to version 5.5.24, which fixes these issues and other bugs.

Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 http://advisories.mageia.org/MGASA-2015-0169.html


Updated Packages:

Mandriva Business Server 1/X86_64: fb5b4628263a821fb3e4075a5fb4e5b4 mbs1/x86_64/apache-mod_php-5.5.24-1.mbs1.x86_64.rpm 3c7f76ada5ccad65c212ee350fdffe87 mbs1/x86_64/lib64php5_common5-5.5.24-1.mbs1.x86_64.rpm 5400e21c3eaecc346e1eb8c712e9478f mbs1/x86_64/php-apc-3.1.15-1.18.mbs1.x86_64.rpm 90ae23234441a8de169207ff7f045684 mbs1/x86_64/php-apc-admin-3.1.15-1.18.mbs1.x86_64.rpm a39b53bcacc941035d830ce1052540b3 mbs1/x86_64/php-bcmath-5.5.24-1.mbs1.x86_64.rpm ada97c19882cf313e4d7ebba0909f6d8 mbs1/x86_64/php-bz2-5.5.24-1.mbs1.x86_64.rpm c6e5c880827c6bc76dfb1c15460637b4 mbs1/x86_64/php-calendar-5.5.24-1.mbs1.x86_64.rpm 6535a7223184cec5ac17edb9e1d31388 mbs1/x86_64/php-cgi-5.5.24-1.mbs1.x86_64.rpm 16aa52d7dd47cc27cb5d7aec420944eb mbs1/x86_64/php-cli-5.5.24-1.mbs1.x86_64.rpm 7983f9d1bf3039b5efdb0ed70329cccd mbs1/x86_64/php-ctype-5.5.24-1.mbs1.x86_64.rpm 3cbc805a1610b54d191e2e3ca99c3ae4 mbs1/x86_64/php-curl-5.5.24-1.mbs1.x86_64.rpm f53dd6f08013c00ae1c95df14671624e mbs1/x86_64/php-dba-5.5.24-1.mbs1.x86_64.rpm e2a5d632a8581e27a366191c9fd86424 mbs1/x86_64/php-devel-5.5.24-1.mbs1.x86_64.rpm 37bb13541a04b935c93600dc63e98047 mbs1/x86_64/php-doc-5.5.24-1.mbs1.noarch.rpm fad46645f9afb86eedf094cbe82eaebe mbs1/x86_64/php-dom-5.5.24-1.mbs1.x86_64.rpm 22141396e7bccb2aac8a2e7c0d0f02aa mbs1/x86_64/php-enchant-5.5.24-1.mbs1.x86_64.rpm e3f7bc72aad9e3fb7b9f25f64d9ca95c mbs1/x86_64/php-exif-5.5.24-1.mbs1.x86_64.rpm 53a76b203f90a9008eb35cdf93aac246 mbs1/x86_64/php-fileinfo-5.5.24-1.mbs1.x86_64.rpm 7cb8c9592f48413f3783f49947563a8f mbs1/x86_64/php-filter-5.5.24-1.mbs1.x86_64.rpm 3d34478d09bbf6848c8c2eaea0156feb mbs1/x86_64/php-fpm-5.5.24-1.mbs1.x86_64.rpm fc47e9e9b740e94e5210854b7872af8f mbs1/x86_64/php-ftp-5.5.24-1.mbs1.x86_64.rpm e22e5cf59f7d0c361b41e220fd0ebbde mbs1/x86_64/php-gd-5.5.24-1.mbs1.x86_64.rpm cd5fef5777b58e0562ddeb3ca4b4e1dd mbs1/x86_64/php-gettext-5.5.24-1.mbs1.x86_64.rpm aba136588f2c77f2cca4bcc300e7f0b5 mbs1/x86_64/php-gmp-5.5.24-1.mbs1.x86_64.rpm 8752b1e4f863b2cdadf08cfdcaf462f7 mbs1/x86_64/php-hash-5.5.24-1.mbs1.x86_64.rpm 36bef8c7e03cdffd66a4553266e1a13d mbs1/x86_64/php-iconv-5.5.24-1.mbs1.x86_64.rpm 0b405f5f49d174745a4135e033fbe234 mbs1/x86_64/php-imap-5.5.24-1.mbs1.x86_64.rpm fc25a10fb623016b5e95595aa114274a mbs1/x86_64/php-ini-5.5.24-1.mbs1.x86_64.rpm c4435a44b199cd4fadca0cac247aca06 mbs1/x86_64/php-intl-5.5.24-1.mbs1.x86_64.rpm ec611fd14d6b502990fe0a3ab243211a mbs1/x86_64/php-json-5.5.24-1.mbs1.x86_64.rpm 519c8ae2df9aeca23d15953470c3a485 mbs1/x86_64/php-ldap-5.5.24-1.mbs1.x86_64.rpm f52168266f3d1df5a333f2acb83c7739 mbs1/x86_64/php-mbstring-5.5.24-1.mbs1.x86_64.rpm 8fed199f0b2be5b2d1780bed11c5c5d6 mbs1/x86_64/php-mcrypt-5.5.24-1.mbs1.x86_64.rpm e5d5276bcfaa7d951b4b543e76949a2f mbs1/x86_64/php-mssql-5.5.24-1.mbs1.x86_64.rpm 0a34a8334cd8a3e4d7867a962df62f15 mbs1/x86_64/php-mysql-5.5.24-1.mbs1.x86_64.rpm 3fd0dcc4cb8c4ef136c68e243788aa85 mbs1/x86_64/php-mysqli-5.5.24-1.mbs1.x86_64.rpm d9db3dd5963888f69b11cdaa1d1c97e4 mbs1/x86_64/php-mysqlnd-5.5.24-1.mbs1.x86_64.rpm f27cbd0c9f968bfa7d6f10d8040a1f4f mbs1/x86_64/php-odbc-5.5.24-1.mbs1.x86_64.rpm db18ba83bd3e8f82f189c4e93799de9a mbs1/x86_64/php-opcache-5.5.24-1.mbs1.x86_64.rpm 7e02eaad2751f993fcd7af5a649b4707 mbs1/x86_64/php-openssl-5.5.24-1.mbs1.x86_64.rpm be43bdb8b4c0ea65901bb7ab4a12e1be mbs1/x86_64/php-pcntl-5.5.24-1.mbs1.x86_64.rpm 57ba222e0921de0efcad052a1ed359cc mbs1/x86_64/php-pdo-5.5.24-1.mbs1.x86_64.rpm 3ba50d22dead03f756136363e1e2ce27 mbs1/x86_64/php-pdo_dblib-5.5.24-1.mbs1.x86_64.rpm fe6858486fc7a42f7099f103fec8e0c9 mbs1/x86_64/php-pdo_mysql-5.5.24-1.mbs1.x86_64.rpm 407570e83b281be3515970aa6e24a773 mbs1/x86_64/php-pdo_odbc-5.5.24-1.mbs1.x86_64.rpm e5c66883133694a146b0f4840749a7d7 mbs1/x86_64/php-pdo_pgsql-5.5.24-1.mbs1.x86_64.rpm d41508abccb63d3b0c0d44a82596f1d6 mbs1/x86_64/php-pdo_sqlite-5.5.24-1.mbs1.x86_64.rpm 3f7dd514cca5b5259854043194099c4c mbs1/x86_64/php-pgsql-5.5.24-1.mbs1.x86_64.rpm 1b6b8a0d2e033b35697757a49329d51e mbs1/x86_64/php-phar-5.5.24-1.mbs1.x86_64.rpm 30e86f3079cd49241d680f46542b16b8 mbs1/x86_64/php-posix-5.5.24-1.mbs1.x86_64.rpm b065951f2e32008908857708ae2f1539 mbs1/x86_64/php-readline-5.5.24-1.mbs1.x86_64.rpm 13886e31952529313c505acbc7ebbbc6 mbs1/x86_64/php-recode-5.5.24-1.mbs1.x86_64.rpm 95ca2a29237d6f3e6f852431626be072 mbs1/x86_64/php-session-5.5.24-1.mbs1.x86_64.rpm f5f33541bc2a3b3f0b456989e20aa45c mbs1/x86_64/php-shmop-5.5.24-1.mbs1.x86_64.rpm c5414a148aa0e25b03b9faf79c50693a mbs1/x86_64/php-snmp-5.5.24-1.mbs1.x86_64.rpm d02afd660db7544b09328445c2f99ec6 mbs1/x86_64/php-soap-5.5.24-1.mbs1.x86_64.rpm 239a1c675cf3a4f853cc94cfc188e60e mbs1/x86_64/php-sockets-5.5.24-1.mbs1.x86_64.rpm 04e689ed1f9163a149f3448cfe4bd218 mbs1/x86_64/php-sqlite3-5.5.24-1.mbs1.x86_64.rpm a39905d2eae282b1d06db94afbf51255 mbs1/x86_64/php-sybase_ct-5.5.24-1.mbs1.x86_64.rpm a7fd332d4fea37c9f3335a0d8921f228 mbs1/x86_64/php-sysvmsg-5.5.24-1.mbs1.x86_64.rpm b9fdd882caee7f469d3c285082e8f717 mbs1/x86_64/php-sysvsem-5.5.24-1.mbs1.x86_64.rpm 79ede61a89fae9e6fab33f1a99b3ded7 mbs1/x86_64/php-sysvshm-5.5.24-1.mbs1.x86_64.rpm 5f0b1072e400ccc886979e7647c160f2 mbs1/x86_64/php-tidy-5.5.24-1.mbs1.x86_64.rpm 1df6d933d3f5c14bb334b8e49df50901 mbs1/x86_64/php-timezonedb-2015.4-1.mbs1.x86_64.rpm e03d364e8d94dc5e509f89ad06b1ceec mbs1/x86_64/php-tokenizer-5.5.24-1.mbs1.x86_64.rpm 4eb33980b578bc3f7c8436993e401a6b mbs1/x86_64/php-wddx-5.5.24-1.mbs1.x86_64.rpm cfb0b798a98736cebe6d2854610e5c88 mbs1/x86_64/php-xml-5.5.24-1.mbs1.x86_64.rpm 2d05b6ecae1866827a732b19bdea2682 mbs1/x86_64/php-xmlreader-5.5.24-1.mbs1.x86_64.rpm bab20d281d211f8202d881723f0091f1 mbs1/x86_64/php-xmlrpc-5.5.24-1.mbs1.x86_64.rpm d213f4b86b0532049556a37958d12570 mbs1/x86_64/php-xmlwriter-5.5.24-1.mbs1.x86_64.rpm a43e88b8cb0cf9a46d63f318d63853c7 mbs1/x86_64/php-xsl-5.5.24-1.mbs1.x86_64.rpm 3150b97e91d4363c5b79b6e67cf4febe mbs1/x86_64/php-zip-5.5.24-1.mbs1.x86_64.rpm 962d3621008091b8186481e521296d29 mbs1/x86_64/php-zlib-5.5.24-1.mbs1.x86_64.rpm 52139e1dbd986bf5b685ee0f92e67da2 mbs1/SRPMS/php-5.5.24-1.mbs1.src.rpm 854f5600d70006910d80643b638289d4 mbs1/SRPMS/php-apc-3.1.15-1.18.mbs1.src.rpm 77e0fad280231397615e51f099b33f1c mbs1/SRPMS/php-timezonedb-2015.4-1.mbs1.src.rpm

Mandriva Business Server 2/X86_64: 2a2dcd3f73583e81c1d4ca142814ed6a mbs2/x86_64/apache-mod_php-5.5.24-1.mbs2.x86_64.rpm a7964f16c85b0772835366fa821f7dd1 mbs2/x86_64/lib64php5_common5-5.5.24-1.mbs2.x86_64.rpm 624d6512573e4ccc202f9ea08433727e mbs2/x86_64/php-bcmath-5.5.24-1.mbs2.x86_64.rpm dd817015c54820a9fc967da7db4b1461 mbs2/x86_64/php-bz2-5.5.24-1.mbs2.x86_64.rpm 1c022b50d3f12d3e8e358fca3afe6f0f mbs2/x86_64/php-calendar-5.5.24-1.mbs2.x86_64.rpm 52159b3e747e424b1fe40944f404b45d mbs2/x86_64/php-cgi-5.5.24-1.mbs2.x86_64.rpm 5ac82cf4acc95e8d8a80537173a1dc98 mbs2/x86_64/php-cli-5.5.24-1.mbs2.x86_64.rpm e7271551aa14e6931b0ba22ee33d3712 mbs2/x86_64/php-ctype-5.5.24-1.mbs2.x86_64.rpm 7293fa4917183914c356cc2376a5e1ab mbs2/x86_64/php-curl-5.5.24-1.mbs2.x86_64.rpm 258058f8e1cda5be8a9444964a553691 mbs2/x86_64/php-dba-5.5.24-1.mbs2.x86_64.rpm c0a6fa757e9ffda700f65a93442564d4 mbs2/x86_64/php-devel-5.5.24-1.mbs2.x86_64.rpm c06bc210915a004b2b9fcd084f853e20 mbs2/x86_64/php-doc-5.5.24-1.mbs2.noarch.rpm 049a5952ec9f5af423d4ecc78ff80f60 mbs2/x86_64/php-dom-5.5.24-1.mbs2.x86_64.rpm c09f88b638281bb87aea12ef38455f36 mbs2/x86_64/php-enchant-5.5.24-1.mbs2.x86_64.rpm 54d1dc9b189dfb87de442ba2c765deef mbs2/x86_64/php-exif-5.5.24-1.mbs2.x86_64.rpm ee6d0aa018912da413a14365a41cc1a2 mbs2/x86_64/php-fileinfo-5.5.24-1.mbs2.x86_64.rpm 0f216dc10bb650bdf29c01d9905ca4f2 mbs2/x86_64/php-filter-5.5.24-1.mbs2.x86_64.rpm 4bf7b3c69724d769e10f8341c95d6004 mbs2/x86_64/php-fpm-5.5.24-1.mbs2.x86_64.rpm aeb60443860bbb7e88a0288fb3e2f6cd mbs2/x86_64/php-ftp-5.5.24-1.mbs2.x86_64.rpm 226a551699749179b94570dfa3c50986 mbs2/x86_64/php-gd-5.5.24-1.mbs2.x86_64.rpm 5e29df38df1b862e4ba3b5486cdbcc47 mbs2/x86_64/php-gettext-5.5.24-1.mbs2.x86_64.rpm ead9effbca236c6c2902955935c28225 mbs2/x86_64/php-gmp-5.5.24-1.mbs2.x86_64.rpm c8f01d16bb8cbbd1d891c68c54d2dd16 mbs2/x86_64/php-hash-5.5.24-1.mbs2.x86_64.rpm c1c7332cf8dc2c0d21cb57bf4d7f81dd mbs2/x86_64/php-iconv-5.5.24-1.mbs2.x86_64.rpm 7f86a963f8cf5e6351acd1fdf995b7a1 mbs2/x86_64/php-imap-5.5.24-1.mbs2.x86_64.rpm 215c060793b574a36c28131dca9bf9c7 mbs2/x86_64/php-ini-5.5.24-1.mbs2.x86_64.rpm 7f07f161b4e1885aa807d3753d948e10 mbs2/x86_64/php-interbase-5.5.24-1.mbs2.x86_64.rpm 8171c9830749db254898f80f8ecbdd04 mbs2/x86_64/php-intl-5.5.24-1.mbs2.x86_64.rpm 1fa26b49fa8e0b776d484b4fcc0d4bf3 mbs2/x86_64/php-json-5.5.24-1.mbs2.x86_64.rpm 29051ac44b6e2068a71c026e9d458536 mbs2/x86_64/php-ldap-5.5.24-1.mbs2.x86_64.rpm 3d97347fe4b9589ae80b7fd16c281dcd mbs2/x86_64/php-mbstring-5.5.24-1.mbs2.x86_64.rpm 1a5a41400380b4bcde25d2b693e1dab0 mbs2/x86_64/php-mcrypt-5.5.24-1.mbs2.x86_64.rpm a79635ca99cd7ae80d1661373161da1f mbs2/x86_64/php-mssql-5.5.24-1.mbs2.x86_64.rpm cdc3bde549c9ae73915db8a0e0919ce5 mbs2/x86_64/php-mysql-5.5.24-1.mbs2.x86_64.rpm 7a72c1ab11020a2c52aa3a74636d5342 mbs2/x86_64/php-mysqli-5.5.24-1.mbs2.x86_64.rpm 93fb357f9dbf32887a98a5409b3b8a16 mbs2/x86_64/php-mysqlnd-5.5.24-1.mbs2.x86_64.rpm caf79717e1ca56ec3e53fdaa25e734aa mbs2/x86_64/php-odbc-5.5.24-1.mbs2.x86_64.rpm eb293f64d2bd635c70d36274275e60bb mbs2/x86_64/php-opcache-5.5.24-1.mbs2.x86_64.rpm 91847d268cb8a62eb0e89fc95a9c51e6 mbs2/x86_64/php-openssl-5.5.24-1.mbs2.x86_64.rpm 35e065d8684684e3e304bafbb309c895 mbs2/x86_64/php-pcntl-5.5.24-1.mbs2.x86_64.rpm d65e05e7edf7480ed362783dc75609be mbs2/x86_64/php-pdo-5.5.24-1.mbs2.x86_64.rpm 8657b2e1171497ff9ae5864ecccfeb23 mbs2/x86_64/php-pdo_dblib-5.5.24-1.mbs2.x86_64.rpm 19c9414ced1e0806b77347f9427d6653 mbs2/x86_64/php-pdo_firebird-5.5.24-1.mbs2.x86_64.rpm 28b09335667ac3993f1aca5da234df8a mbs2/x86_64/php-pdo_mysql-5.5.24-1.mbs2.x86_64.rpm b928f58777cfbd848985606bd680bf8f mbs2/x86_64/php-pdo_odbc-5.5.24-1.mbs2.x86_64.rpm ba6bf3afe9d497b9f1d99cb467b13ca5 mbs2/x86_64/php-pdo_pgsql-5.5.24-1.mbs2.x86_64.rpm 21823497094c28ce7bf74f052122fe99 mbs2/x86_64/php-pdo_sqlite-5.5.24-1.mbs2.x86_64.rpm 4a6a259c16ca5bad2b466f29acad4985 mbs2/x86_64/php-pgsql-5.5.24-1.mbs2.x86_64.rpm 7c9c9f9555a74f3257c6e8f16222d21f mbs2/x86_64/php-phar-5.5.24-1.mbs2.x86_64.rpm db4254db501a4fca54fa367b20f068f4 mbs2/x86_64/php-posix-5.5.24-1.mbs2.x86_64.rpm 10fb26df5f5a5d3b1988c40678b56fb6 mbs2/x86_64/php-readline-5.5.24-1.mbs2.x86_64.rpm c20ddec24b84440146734feb639b0f00 mbs2/x86_64/php-recode-5.5.24-1.mbs2.x86_64.rpm 68a49598e99391f37342a3d23a1414e7 mbs2/x86_64/php-session-5.5.24-1.mbs2.x86_64.rpm a26563d738120cba5f81ddda143ca55f mbs2/x86_64/php-shmop-5.5.24-1.mbs2.x86_64.rpm d69120a1ed4aeb3fe229cc83120d8c78 mbs2/x86_64/php-snmp-5.5.24-1.mbs2.x86_64.rpm 4596e3f325f70a29bf12d76793984b20 mbs2/x86_64/php-soap-5.5.24-1.mbs2.x86_64.rpm 7deda5cc9443b117fad82352943353ff mbs2/x86_64/php-sockets-5.5.24-1.mbs2.x86_64.rpm bc3f0ad45bb5bf488c73a5933a70d2c0 mbs2/x86_64/php-sqlite3-5.5.24-1.mbs2.x86_64.rpm 295fa388d26e62dcb0faf23c6e690ffa mbs2/x86_64/php-sybase_ct-5.5.24-1.mbs2.x86_64.rpm 88367608d60aac24ca0b0d0d92187b0e mbs2/x86_64/php-sysvmsg-5.5.24-1.mbs2.x86_64.rpm 36eac7d0e9a1f148e8954912db56dc13 mbs2/x86_64/php-sysvsem-5.5.24-1.mbs2.x86_64.rpm 74e6909f0c7a516bd99625c649bed33c mbs2/x86_64/php-sysvshm-5.5.24-1.mbs2.x86_64.rpm 9142ae8fb4665580503bc0520d3aaf89 mbs2/x86_64/php-tidy-5.5.24-1.mbs2.x86_64.rpm 4ee29061197f48af9c987d31abdec823 mbs2/x86_64/php-timezonedb-2015.4-1.mbs2.x86_64.rpm eafea4beda5144dd3adac0afce3f2258 mbs2/x86_64/php-tokenizer-5.5.24-1.mbs2.x86_64.rpm 505c78284f22f95d8a574c13ea043bc4 mbs2/x86_64/php-wddx-5.5.24-1.mbs2.x86_64.rpm e7e4fe996d11553ebd80ad4392caae2e mbs2/x86_64/php-xml-5.5.24-1.mbs2.x86_64.rpm 7a1c383a450c6a80f95255434e5390fd mbs2/x86_64/php-xmlreader-5.5.24-1.mbs2.x86_64.rpm 2af0b36e46ba236da59a98631c664bd9 mbs2/x86_64/php-xmlrpc-5.5.24-1.mbs2.x86_64.rpm a3f77553286094ecd60e174cfdb0e6dc mbs2/x86_64/php-xmlwriter-5.5.24-1.mbs2.x86_64.rpm b3bb2d250c73f7c355394353b4c0599d mbs2/x86_64/php-xsl-5.5.24-1.mbs2.x86_64.rpm a8f9476cba7a6aaab6eee8da66fd8fea mbs2/x86_64/php-zip-5.5.24-1.mbs2.x86_64.rpm 43d4282dddd18c07b87774cf704ce5be mbs2/x86_64/php-zlib-5.5.24-1.mbs2.x86_64.rpm 8cdfdd3582b44c38d735c58aea9e45f7 mbs2/SRPMS/php-5.5.24-1.mbs2.src.rpm 09afb4a05a8a1add563f2cb348fb2b0d mbs2/SRPMS/php-timezonedb-2015.4-1.mbs2.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

CVE-2015-4024

Denial of service when processing multipart/form-data requests.

For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.41-0+deb7u1.

For the stable distribution (jessie), these problems have been fixed in version 5.6.9+dfsg-0+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 5.6.9+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in version 5.6.9+dfsg-1.

We recommend that you upgrade your php5 packages

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0117",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5 (ht205031)"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.24"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 thats all  10.11"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(ht205267)"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4 (ht205031)"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Emmanuel Law",
    "sources": [
      {
        "db": "BID",
        "id": "74239"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-2783",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-2783",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-80744",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-2783",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-040",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80744",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-2783",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. PHP is prone to a remote memory-corruption vulnerability. \nAttackers can exploit this  issue to obtain sensitive information or   crash the application resulting in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. ==========================================================================\nUbuntu Security Notice USN-2572-1\nApril 20, 2015\n\nphp5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only applied to\nUbuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR files. \n(CVE-2015-2787)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.4\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.4\n  php5-cli                        5.5.12+dfsg-2ubuntu4.4\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.9\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.9\n  php5-cli                        5.5.9+dfsg-1ubuntu4.9\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.9\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.18\n  php5-cgi                        5.3.10-1ubuntu3.18\n  php5-cli                        5.3.10-1ubuntu3.18\n  php5-fpm                        5.3.10-1ubuntu3.18\n\nUbuntu 10.04 LTS:\n  libapache2-mod-php5             5.3.2-1ubuntu4.30\n  php5-cgi                        5.3.2-1ubuntu4.30\n  php5-cli                        5.3.2-1ubuntu4.30\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: php security update\nAdvisory ID:       RHSA-2015:1218-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1218.html\nIssue date:        2015-07-09\nCVE Names:         CVE-2014-9425 CVE-2014-9705 CVE-2014-9709 \n                   CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 \n                   CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 \n                   CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 \n                   CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 \n                   CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1177734 - CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy()\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\nx86_64:\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\n\nppc64:\nphp-5.3.3-46.el6_6.ppc64.rpm\nphp-cli-5.3.3-46.el6_6.ppc64.rpm\nphp-common-5.3.3-46.el6_6.ppc64.rpm\nphp-debuginfo-5.3.3-46.el6_6.ppc64.rpm\nphp-gd-5.3.3-46.el6_6.ppc64.rpm\nphp-ldap-5.3.3-46.el6_6.ppc64.rpm\nphp-mysql-5.3.3-46.el6_6.ppc64.rpm\nphp-odbc-5.3.3-46.el6_6.ppc64.rpm\nphp-pdo-5.3.3-46.el6_6.ppc64.rpm\nphp-pgsql-5.3.3-46.el6_6.ppc64.rpm\nphp-soap-5.3.3-46.el6_6.ppc64.rpm\nphp-xml-5.3.3-46.el6_6.ppc64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.ppc64.rpm\n\ns390x:\nphp-5.3.3-46.el6_6.s390x.rpm\nphp-cli-5.3.3-46.el6_6.s390x.rpm\nphp-common-5.3.3-46.el6_6.s390x.rpm\nphp-debuginfo-5.3.3-46.el6_6.s390x.rpm\nphp-gd-5.3.3-46.el6_6.s390x.rpm\nphp-ldap-5.3.3-46.el6_6.s390x.rpm\nphp-mysql-5.3.3-46.el6_6.s390x.rpm\nphp-odbc-5.3.3-46.el6_6.s390x.rpm\nphp-pdo-5.3.3-46.el6_6.s390x.rpm\nphp-pgsql-5.3.3-46.el6_6.s390x.rpm\nphp-soap-5.3.3-46.el6_6.s390x.rpm\nphp-xml-5.3.3-46.el6_6.s390x.rpm\nphp-xmlrpc-5.3.3-46.el6_6.s390x.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nppc64:\nphp-bcmath-5.3.3-46.el6_6.ppc64.rpm\nphp-dba-5.3.3-46.el6_6.ppc64.rpm\nphp-debuginfo-5.3.3-46.el6_6.ppc64.rpm\nphp-devel-5.3.3-46.el6_6.ppc64.rpm\nphp-embedded-5.3.3-46.el6_6.ppc64.rpm\nphp-enchant-5.3.3-46.el6_6.ppc64.rpm\nphp-fpm-5.3.3-46.el6_6.ppc64.rpm\nphp-imap-5.3.3-46.el6_6.ppc64.rpm\nphp-intl-5.3.3-46.el6_6.ppc64.rpm\nphp-mbstring-5.3.3-46.el6_6.ppc64.rpm\nphp-process-5.3.3-46.el6_6.ppc64.rpm\nphp-pspell-5.3.3-46.el6_6.ppc64.rpm\nphp-recode-5.3.3-46.el6_6.ppc64.rpm\nphp-snmp-5.3.3-46.el6_6.ppc64.rpm\nphp-tidy-5.3.3-46.el6_6.ppc64.rpm\nphp-zts-5.3.3-46.el6_6.ppc64.rpm\n\ns390x:\nphp-bcmath-5.3.3-46.el6_6.s390x.rpm\nphp-dba-5.3.3-46.el6_6.s390x.rpm\nphp-debuginfo-5.3.3-46.el6_6.s390x.rpm\nphp-devel-5.3.3-46.el6_6.s390x.rpm\nphp-embedded-5.3.3-46.el6_6.s390x.rpm\nphp-enchant-5.3.3-46.el6_6.s390x.rpm\nphp-fpm-5.3.3-46.el6_6.s390x.rpm\nphp-imap-5.3.3-46.el6_6.s390x.rpm\nphp-intl-5.3.3-46.el6_6.s390x.rpm\nphp-mbstring-5.3.3-46.el6_6.s390x.rpm\nphp-process-5.3.3-46.el6_6.s390x.rpm\nphp-pspell-5.3.3-46.el6_6.s390x.rpm\nphp-recode-5.3.3-46.el6_6.s390x.rpm\nphp-snmp-5.3.3-46.el6_6.s390x.rpm\nphp-tidy-5.3.3-46.el6_6.s390x.rpm\nphp-zts-5.3.3-46.el6_6.s390x.rpm\n\nx86_64:\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9425\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVnsPKXlSAg2UNWIIRAtXEAKC6gknTJ+I/czViSyE71AjUZ1pWSQCgo6ip\n/jsvmaEr/ag17pZ7M9fXiz4=\n=vWCv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.40-i486-1_slack14.1.txz:  Upgraded. \n  Please note that this package build also moves the configuration files\n  from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n2666059d6540b1b4385d25dfc5ebbe99  php-5.4.40-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc146f500912ba9c7e5d652e5e3643c04  php-5.4.40-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9efc8a96f9a3f3261e5f640292b1b781  php-5.4.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c95e077f314f1cfa3ee83b9aba90b91  php-5.4.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n30d14f237c71fada0d594c2360a58016  n/php-5.6.8-i486-1.txz\n\nSlackware x86_64 -current package:\n1a0fcc590aa4dff5de5f08293936d0d9  n/php-5.6.8-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.40-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n \n Buffer Overflow when parsing tar/zip/phar in phar_set_inode\n (CVE-2015-3329). \n \n Potential remote code execution with apache 2.4 apache2handler\n (CVE-2015-3330). \n \n PHP has been updated to version 5.5.24, which fixes these issues and\n other bugs. \n \n Additionally the timezonedb packages has been upgraded to the latest\n version and the PECL packages which requires so has been rebuilt\n for php-5.5.24. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\n http://advisories.mageia.org/MGASA-2015-0169.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n fb5b4628263a821fb3e4075a5fb4e5b4  mbs1/x86_64/apache-mod_php-5.5.24-1.mbs1.x86_64.rpm\n 3c7f76ada5ccad65c212ee350fdffe87  mbs1/x86_64/lib64php5_common5-5.5.24-1.mbs1.x86_64.rpm\n 5400e21c3eaecc346e1eb8c712e9478f  mbs1/x86_64/php-apc-3.1.15-1.18.mbs1.x86_64.rpm\n 90ae23234441a8de169207ff7f045684  mbs1/x86_64/php-apc-admin-3.1.15-1.18.mbs1.x86_64.rpm\n a39b53bcacc941035d830ce1052540b3  mbs1/x86_64/php-bcmath-5.5.24-1.mbs1.x86_64.rpm\n ada97c19882cf313e4d7ebba0909f6d8  mbs1/x86_64/php-bz2-5.5.24-1.mbs1.x86_64.rpm\n c6e5c880827c6bc76dfb1c15460637b4  mbs1/x86_64/php-calendar-5.5.24-1.mbs1.x86_64.rpm\n 6535a7223184cec5ac17edb9e1d31388  mbs1/x86_64/php-cgi-5.5.24-1.mbs1.x86_64.rpm\n 16aa52d7dd47cc27cb5d7aec420944eb  mbs1/x86_64/php-cli-5.5.24-1.mbs1.x86_64.rpm\n 7983f9d1bf3039b5efdb0ed70329cccd  mbs1/x86_64/php-ctype-5.5.24-1.mbs1.x86_64.rpm\n 3cbc805a1610b54d191e2e3ca99c3ae4  mbs1/x86_64/php-curl-5.5.24-1.mbs1.x86_64.rpm\n f53dd6f08013c00ae1c95df14671624e  mbs1/x86_64/php-dba-5.5.24-1.mbs1.x86_64.rpm\n e2a5d632a8581e27a366191c9fd86424  mbs1/x86_64/php-devel-5.5.24-1.mbs1.x86_64.rpm\n 37bb13541a04b935c93600dc63e98047  mbs1/x86_64/php-doc-5.5.24-1.mbs1.noarch.rpm\n fad46645f9afb86eedf094cbe82eaebe  mbs1/x86_64/php-dom-5.5.24-1.mbs1.x86_64.rpm\n 22141396e7bccb2aac8a2e7c0d0f02aa  mbs1/x86_64/php-enchant-5.5.24-1.mbs1.x86_64.rpm\n e3f7bc72aad9e3fb7b9f25f64d9ca95c  mbs1/x86_64/php-exif-5.5.24-1.mbs1.x86_64.rpm\n 53a76b203f90a9008eb35cdf93aac246  mbs1/x86_64/php-fileinfo-5.5.24-1.mbs1.x86_64.rpm\n 7cb8c9592f48413f3783f49947563a8f  mbs1/x86_64/php-filter-5.5.24-1.mbs1.x86_64.rpm\n 3d34478d09bbf6848c8c2eaea0156feb  mbs1/x86_64/php-fpm-5.5.24-1.mbs1.x86_64.rpm\n fc47e9e9b740e94e5210854b7872af8f  mbs1/x86_64/php-ftp-5.5.24-1.mbs1.x86_64.rpm\n e22e5cf59f7d0c361b41e220fd0ebbde  mbs1/x86_64/php-gd-5.5.24-1.mbs1.x86_64.rpm\n cd5fef5777b58e0562ddeb3ca4b4e1dd  mbs1/x86_64/php-gettext-5.5.24-1.mbs1.x86_64.rpm\n aba136588f2c77f2cca4bcc300e7f0b5  mbs1/x86_64/php-gmp-5.5.24-1.mbs1.x86_64.rpm\n 8752b1e4f863b2cdadf08cfdcaf462f7  mbs1/x86_64/php-hash-5.5.24-1.mbs1.x86_64.rpm\n 36bef8c7e03cdffd66a4553266e1a13d  mbs1/x86_64/php-iconv-5.5.24-1.mbs1.x86_64.rpm\n 0b405f5f49d174745a4135e033fbe234  mbs1/x86_64/php-imap-5.5.24-1.mbs1.x86_64.rpm\n fc25a10fb623016b5e95595aa114274a  mbs1/x86_64/php-ini-5.5.24-1.mbs1.x86_64.rpm\n c4435a44b199cd4fadca0cac247aca06  mbs1/x86_64/php-intl-5.5.24-1.mbs1.x86_64.rpm\n ec611fd14d6b502990fe0a3ab243211a  mbs1/x86_64/php-json-5.5.24-1.mbs1.x86_64.rpm\n 519c8ae2df9aeca23d15953470c3a485  mbs1/x86_64/php-ldap-5.5.24-1.mbs1.x86_64.rpm\n f52168266f3d1df5a333f2acb83c7739  mbs1/x86_64/php-mbstring-5.5.24-1.mbs1.x86_64.rpm\n 8fed199f0b2be5b2d1780bed11c5c5d6  mbs1/x86_64/php-mcrypt-5.5.24-1.mbs1.x86_64.rpm\n e5d5276bcfaa7d951b4b543e76949a2f  mbs1/x86_64/php-mssql-5.5.24-1.mbs1.x86_64.rpm\n 0a34a8334cd8a3e4d7867a962df62f15  mbs1/x86_64/php-mysql-5.5.24-1.mbs1.x86_64.rpm\n 3fd0dcc4cb8c4ef136c68e243788aa85  mbs1/x86_64/php-mysqli-5.5.24-1.mbs1.x86_64.rpm\n d9db3dd5963888f69b11cdaa1d1c97e4  mbs1/x86_64/php-mysqlnd-5.5.24-1.mbs1.x86_64.rpm\n f27cbd0c9f968bfa7d6f10d8040a1f4f  mbs1/x86_64/php-odbc-5.5.24-1.mbs1.x86_64.rpm\n db18ba83bd3e8f82f189c4e93799de9a  mbs1/x86_64/php-opcache-5.5.24-1.mbs1.x86_64.rpm\n 7e02eaad2751f993fcd7af5a649b4707  mbs1/x86_64/php-openssl-5.5.24-1.mbs1.x86_64.rpm\n be43bdb8b4c0ea65901bb7ab4a12e1be  mbs1/x86_64/php-pcntl-5.5.24-1.mbs1.x86_64.rpm\n 57ba222e0921de0efcad052a1ed359cc  mbs1/x86_64/php-pdo-5.5.24-1.mbs1.x86_64.rpm\n 3ba50d22dead03f756136363e1e2ce27  mbs1/x86_64/php-pdo_dblib-5.5.24-1.mbs1.x86_64.rpm\n fe6858486fc7a42f7099f103fec8e0c9  mbs1/x86_64/php-pdo_mysql-5.5.24-1.mbs1.x86_64.rpm\n 407570e83b281be3515970aa6e24a773  mbs1/x86_64/php-pdo_odbc-5.5.24-1.mbs1.x86_64.rpm\n e5c66883133694a146b0f4840749a7d7  mbs1/x86_64/php-pdo_pgsql-5.5.24-1.mbs1.x86_64.rpm\n d41508abccb63d3b0c0d44a82596f1d6  mbs1/x86_64/php-pdo_sqlite-5.5.24-1.mbs1.x86_64.rpm\n 3f7dd514cca5b5259854043194099c4c  mbs1/x86_64/php-pgsql-5.5.24-1.mbs1.x86_64.rpm\n 1b6b8a0d2e033b35697757a49329d51e  mbs1/x86_64/php-phar-5.5.24-1.mbs1.x86_64.rpm\n 30e86f3079cd49241d680f46542b16b8  mbs1/x86_64/php-posix-5.5.24-1.mbs1.x86_64.rpm\n b065951f2e32008908857708ae2f1539  mbs1/x86_64/php-readline-5.5.24-1.mbs1.x86_64.rpm\n 13886e31952529313c505acbc7ebbbc6  mbs1/x86_64/php-recode-5.5.24-1.mbs1.x86_64.rpm\n 95ca2a29237d6f3e6f852431626be072  mbs1/x86_64/php-session-5.5.24-1.mbs1.x86_64.rpm\n f5f33541bc2a3b3f0b456989e20aa45c  mbs1/x86_64/php-shmop-5.5.24-1.mbs1.x86_64.rpm\n c5414a148aa0e25b03b9faf79c50693a  mbs1/x86_64/php-snmp-5.5.24-1.mbs1.x86_64.rpm\n d02afd660db7544b09328445c2f99ec6  mbs1/x86_64/php-soap-5.5.24-1.mbs1.x86_64.rpm\n 239a1c675cf3a4f853cc94cfc188e60e  mbs1/x86_64/php-sockets-5.5.24-1.mbs1.x86_64.rpm\n 04e689ed1f9163a149f3448cfe4bd218  mbs1/x86_64/php-sqlite3-5.5.24-1.mbs1.x86_64.rpm\n a39905d2eae282b1d06db94afbf51255  mbs1/x86_64/php-sybase_ct-5.5.24-1.mbs1.x86_64.rpm\n a7fd332d4fea37c9f3335a0d8921f228  mbs1/x86_64/php-sysvmsg-5.5.24-1.mbs1.x86_64.rpm\n b9fdd882caee7f469d3c285082e8f717  mbs1/x86_64/php-sysvsem-5.5.24-1.mbs1.x86_64.rpm\n 79ede61a89fae9e6fab33f1a99b3ded7  mbs1/x86_64/php-sysvshm-5.5.24-1.mbs1.x86_64.rpm\n 5f0b1072e400ccc886979e7647c160f2  mbs1/x86_64/php-tidy-5.5.24-1.mbs1.x86_64.rpm\n 1df6d933d3f5c14bb334b8e49df50901  mbs1/x86_64/php-timezonedb-2015.4-1.mbs1.x86_64.rpm\n e03d364e8d94dc5e509f89ad06b1ceec  mbs1/x86_64/php-tokenizer-5.5.24-1.mbs1.x86_64.rpm\n 4eb33980b578bc3f7c8436993e401a6b  mbs1/x86_64/php-wddx-5.5.24-1.mbs1.x86_64.rpm\n cfb0b798a98736cebe6d2854610e5c88  mbs1/x86_64/php-xml-5.5.24-1.mbs1.x86_64.rpm\n 2d05b6ecae1866827a732b19bdea2682  mbs1/x86_64/php-xmlreader-5.5.24-1.mbs1.x86_64.rpm\n bab20d281d211f8202d881723f0091f1  mbs1/x86_64/php-xmlrpc-5.5.24-1.mbs1.x86_64.rpm\n d213f4b86b0532049556a37958d12570  mbs1/x86_64/php-xmlwriter-5.5.24-1.mbs1.x86_64.rpm\n a43e88b8cb0cf9a46d63f318d63853c7  mbs1/x86_64/php-xsl-5.5.24-1.mbs1.x86_64.rpm\n 3150b97e91d4363c5b79b6e67cf4febe  mbs1/x86_64/php-zip-5.5.24-1.mbs1.x86_64.rpm\n 962d3621008091b8186481e521296d29  mbs1/x86_64/php-zlib-5.5.24-1.mbs1.x86_64.rpm \n 52139e1dbd986bf5b685ee0f92e67da2  mbs1/SRPMS/php-5.5.24-1.mbs1.src.rpm\n 854f5600d70006910d80643b638289d4  mbs1/SRPMS/php-apc-3.1.15-1.18.mbs1.src.rpm\n 77e0fad280231397615e51f099b33f1c  mbs1/SRPMS/php-timezonedb-2015.4-1.mbs1.src.rpm\n\n Mandriva Business Server 2/X86_64:\n 2a2dcd3f73583e81c1d4ca142814ed6a  mbs2/x86_64/apache-mod_php-5.5.24-1.mbs2.x86_64.rpm\n a7964f16c85b0772835366fa821f7dd1  mbs2/x86_64/lib64php5_common5-5.5.24-1.mbs2.x86_64.rpm\n 624d6512573e4ccc202f9ea08433727e  mbs2/x86_64/php-bcmath-5.5.24-1.mbs2.x86_64.rpm\n dd817015c54820a9fc967da7db4b1461  mbs2/x86_64/php-bz2-5.5.24-1.mbs2.x86_64.rpm\n 1c022b50d3f12d3e8e358fca3afe6f0f  mbs2/x86_64/php-calendar-5.5.24-1.mbs2.x86_64.rpm\n 52159b3e747e424b1fe40944f404b45d  mbs2/x86_64/php-cgi-5.5.24-1.mbs2.x86_64.rpm\n 5ac82cf4acc95e8d8a80537173a1dc98  mbs2/x86_64/php-cli-5.5.24-1.mbs2.x86_64.rpm\n e7271551aa14e6931b0ba22ee33d3712  mbs2/x86_64/php-ctype-5.5.24-1.mbs2.x86_64.rpm\n 7293fa4917183914c356cc2376a5e1ab  mbs2/x86_64/php-curl-5.5.24-1.mbs2.x86_64.rpm\n 258058f8e1cda5be8a9444964a553691  mbs2/x86_64/php-dba-5.5.24-1.mbs2.x86_64.rpm\n c0a6fa757e9ffda700f65a93442564d4  mbs2/x86_64/php-devel-5.5.24-1.mbs2.x86_64.rpm\n c06bc210915a004b2b9fcd084f853e20  mbs2/x86_64/php-doc-5.5.24-1.mbs2.noarch.rpm\n 049a5952ec9f5af423d4ecc78ff80f60  mbs2/x86_64/php-dom-5.5.24-1.mbs2.x86_64.rpm\n c09f88b638281bb87aea12ef38455f36  mbs2/x86_64/php-enchant-5.5.24-1.mbs2.x86_64.rpm\n 54d1dc9b189dfb87de442ba2c765deef  mbs2/x86_64/php-exif-5.5.24-1.mbs2.x86_64.rpm\n ee6d0aa018912da413a14365a41cc1a2  mbs2/x86_64/php-fileinfo-5.5.24-1.mbs2.x86_64.rpm\n 0f216dc10bb650bdf29c01d9905ca4f2  mbs2/x86_64/php-filter-5.5.24-1.mbs2.x86_64.rpm\n 4bf7b3c69724d769e10f8341c95d6004  mbs2/x86_64/php-fpm-5.5.24-1.mbs2.x86_64.rpm\n aeb60443860bbb7e88a0288fb3e2f6cd  mbs2/x86_64/php-ftp-5.5.24-1.mbs2.x86_64.rpm\n 226a551699749179b94570dfa3c50986  mbs2/x86_64/php-gd-5.5.24-1.mbs2.x86_64.rpm\n 5e29df38df1b862e4ba3b5486cdbcc47  mbs2/x86_64/php-gettext-5.5.24-1.mbs2.x86_64.rpm\n ead9effbca236c6c2902955935c28225  mbs2/x86_64/php-gmp-5.5.24-1.mbs2.x86_64.rpm\n c8f01d16bb8cbbd1d891c68c54d2dd16  mbs2/x86_64/php-hash-5.5.24-1.mbs2.x86_64.rpm\n c1c7332cf8dc2c0d21cb57bf4d7f81dd  mbs2/x86_64/php-iconv-5.5.24-1.mbs2.x86_64.rpm\n 7f86a963f8cf5e6351acd1fdf995b7a1  mbs2/x86_64/php-imap-5.5.24-1.mbs2.x86_64.rpm\n 215c060793b574a36c28131dca9bf9c7  mbs2/x86_64/php-ini-5.5.24-1.mbs2.x86_64.rpm\n 7f07f161b4e1885aa807d3753d948e10  mbs2/x86_64/php-interbase-5.5.24-1.mbs2.x86_64.rpm\n 8171c9830749db254898f80f8ecbdd04  mbs2/x86_64/php-intl-5.5.24-1.mbs2.x86_64.rpm\n 1fa26b49fa8e0b776d484b4fcc0d4bf3  mbs2/x86_64/php-json-5.5.24-1.mbs2.x86_64.rpm\n 29051ac44b6e2068a71c026e9d458536  mbs2/x86_64/php-ldap-5.5.24-1.mbs2.x86_64.rpm\n 3d97347fe4b9589ae80b7fd16c281dcd  mbs2/x86_64/php-mbstring-5.5.24-1.mbs2.x86_64.rpm\n 1a5a41400380b4bcde25d2b693e1dab0  mbs2/x86_64/php-mcrypt-5.5.24-1.mbs2.x86_64.rpm\n a79635ca99cd7ae80d1661373161da1f  mbs2/x86_64/php-mssql-5.5.24-1.mbs2.x86_64.rpm\n cdc3bde549c9ae73915db8a0e0919ce5  mbs2/x86_64/php-mysql-5.5.24-1.mbs2.x86_64.rpm\n 7a72c1ab11020a2c52aa3a74636d5342  mbs2/x86_64/php-mysqli-5.5.24-1.mbs2.x86_64.rpm\n 93fb357f9dbf32887a98a5409b3b8a16  mbs2/x86_64/php-mysqlnd-5.5.24-1.mbs2.x86_64.rpm\n caf79717e1ca56ec3e53fdaa25e734aa  mbs2/x86_64/php-odbc-5.5.24-1.mbs2.x86_64.rpm\n eb293f64d2bd635c70d36274275e60bb  mbs2/x86_64/php-opcache-5.5.24-1.mbs2.x86_64.rpm\n 91847d268cb8a62eb0e89fc95a9c51e6  mbs2/x86_64/php-openssl-5.5.24-1.mbs2.x86_64.rpm\n 35e065d8684684e3e304bafbb309c895  mbs2/x86_64/php-pcntl-5.5.24-1.mbs2.x86_64.rpm\n d65e05e7edf7480ed362783dc75609be  mbs2/x86_64/php-pdo-5.5.24-1.mbs2.x86_64.rpm\n 8657b2e1171497ff9ae5864ecccfeb23  mbs2/x86_64/php-pdo_dblib-5.5.24-1.mbs2.x86_64.rpm\n 19c9414ced1e0806b77347f9427d6653  mbs2/x86_64/php-pdo_firebird-5.5.24-1.mbs2.x86_64.rpm\n 28b09335667ac3993f1aca5da234df8a  mbs2/x86_64/php-pdo_mysql-5.5.24-1.mbs2.x86_64.rpm\n b928f58777cfbd848985606bd680bf8f  mbs2/x86_64/php-pdo_odbc-5.5.24-1.mbs2.x86_64.rpm\n ba6bf3afe9d497b9f1d99cb467b13ca5  mbs2/x86_64/php-pdo_pgsql-5.5.24-1.mbs2.x86_64.rpm\n 21823497094c28ce7bf74f052122fe99  mbs2/x86_64/php-pdo_sqlite-5.5.24-1.mbs2.x86_64.rpm\n 4a6a259c16ca5bad2b466f29acad4985  mbs2/x86_64/php-pgsql-5.5.24-1.mbs2.x86_64.rpm\n 7c9c9f9555a74f3257c6e8f16222d21f  mbs2/x86_64/php-phar-5.5.24-1.mbs2.x86_64.rpm\n db4254db501a4fca54fa367b20f068f4  mbs2/x86_64/php-posix-5.5.24-1.mbs2.x86_64.rpm\n 10fb26df5f5a5d3b1988c40678b56fb6  mbs2/x86_64/php-readline-5.5.24-1.mbs2.x86_64.rpm\n c20ddec24b84440146734feb639b0f00  mbs2/x86_64/php-recode-5.5.24-1.mbs2.x86_64.rpm\n 68a49598e99391f37342a3d23a1414e7  mbs2/x86_64/php-session-5.5.24-1.mbs2.x86_64.rpm\n a26563d738120cba5f81ddda143ca55f  mbs2/x86_64/php-shmop-5.5.24-1.mbs2.x86_64.rpm\n d69120a1ed4aeb3fe229cc83120d8c78  mbs2/x86_64/php-snmp-5.5.24-1.mbs2.x86_64.rpm\n 4596e3f325f70a29bf12d76793984b20  mbs2/x86_64/php-soap-5.5.24-1.mbs2.x86_64.rpm\n 7deda5cc9443b117fad82352943353ff  mbs2/x86_64/php-sockets-5.5.24-1.mbs2.x86_64.rpm\n bc3f0ad45bb5bf488c73a5933a70d2c0  mbs2/x86_64/php-sqlite3-5.5.24-1.mbs2.x86_64.rpm\n 295fa388d26e62dcb0faf23c6e690ffa  mbs2/x86_64/php-sybase_ct-5.5.24-1.mbs2.x86_64.rpm\n 88367608d60aac24ca0b0d0d92187b0e  mbs2/x86_64/php-sysvmsg-5.5.24-1.mbs2.x86_64.rpm\n 36eac7d0e9a1f148e8954912db56dc13  mbs2/x86_64/php-sysvsem-5.5.24-1.mbs2.x86_64.rpm\n 74e6909f0c7a516bd99625c649bed33c  mbs2/x86_64/php-sysvshm-5.5.24-1.mbs2.x86_64.rpm\n 9142ae8fb4665580503bc0520d3aaf89  mbs2/x86_64/php-tidy-5.5.24-1.mbs2.x86_64.rpm\n 4ee29061197f48af9c987d31abdec823  mbs2/x86_64/php-timezonedb-2015.4-1.mbs2.x86_64.rpm\n eafea4beda5144dd3adac0afce3f2258  mbs2/x86_64/php-tokenizer-5.5.24-1.mbs2.x86_64.rpm\n 505c78284f22f95d8a574c13ea043bc4  mbs2/x86_64/php-wddx-5.5.24-1.mbs2.x86_64.rpm\n e7e4fe996d11553ebd80ad4392caae2e  mbs2/x86_64/php-xml-5.5.24-1.mbs2.x86_64.rpm\n 7a1c383a450c6a80f95255434e5390fd  mbs2/x86_64/php-xmlreader-5.5.24-1.mbs2.x86_64.rpm\n 2af0b36e46ba236da59a98631c664bd9  mbs2/x86_64/php-xmlrpc-5.5.24-1.mbs2.x86_64.rpm\n a3f77553286094ecd60e174cfdb0e6dc  mbs2/x86_64/php-xmlwriter-5.5.24-1.mbs2.x86_64.rpm\n b3bb2d250c73f7c355394353b4c0599d  mbs2/x86_64/php-xsl-5.5.24-1.mbs2.x86_64.rpm\n a8f9476cba7a6aaab6eee8da66fd8fea  mbs2/x86_64/php-zip-5.5.24-1.mbs2.x86_64.rpm\n 43d4282dddd18c07b87774cf704ce5be  mbs2/x86_64/php-zlib-5.5.24-1.mbs2.x86_64.rpm \n 8cdfdd3582b44c38d735c58aea9e45f7  mbs2/SRPMS/php-5.5.24-1.mbs2.src.rpm\n 09afb4a05a8a1add563f2cb348fb2b0d  mbs2/SRPMS/php-timezonedb-2015.4-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\nCVE-2015-4024\n\n    Denial of service when processing multipart/form-data requests. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1. \n\nWe recommend that you upgrade your php5 packages",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "BID",
        "id": "74239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-80744",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-2783",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "74239",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032146",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94440136",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "132198",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "131640",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "132442",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132440",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-80744",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131528",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131577",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "BID",
        "id": "74239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "id": "VAR-201506-0117",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:51:09.324000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "Sec Bug #69324",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69324"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "Red Hat: CVE-2015-2783",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-2783"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2572-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-509",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-509"
      },
      {
        "title": "Debian Security Advisories: DSA-3280-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=46f85ac4e3abfa7a18e115fb47892db6"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=69324"
      },
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-2572-1"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/74239"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "http://www.debian.org/security/2015/dsa-3280"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1186.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1032146"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2783"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94440136/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2783"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/apr/151"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=9faaee66fa493372c7340b1ab05f8fd115131a42"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04686230"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972384"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3330"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143403519711434\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38438"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2572-1/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.30"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.18"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2305"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2331"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2331"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2015-0169.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "BID",
        "id": "74239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "BID",
        "id": "74239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "date": "2015-04-14T00:00:00",
        "db": "BID",
        "id": "74239"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "date": "2015-04-20T19:22:00",
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "date": "2015-07-09T23:16:17",
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "date": "2015-04-22T20:14:00",
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-04-27T16:21:20",
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "date": "2015-06-10T01:21:58",
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "date": "2015-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "date": "2015-06-09T18:59:00.067000",
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "date": "2016-07-06T13:22:00",
        "db": "BID",
        "id": "74239"
      },
      {
        "date": "2015-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "date": "2019-04-22T17:48:00.643000",
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/phar/phar.c Vulnerability in which important information is obtained from process memory",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      }
    ],
    "trust": 0.6
  }
}

var-201503-0144
Vulnerability from variot

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. This vulnerability CVE-2015-0231 And related issues. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. PHP is prone to a remote code-execution vulnerability. Failed attempts will likely result in denial-of-service conditions. Following are vulnerable: PHP 5.4.x prior to 5.4.39 PHP 5.5.x prior to 5.5.23 PHP 5.6.x prior to 5.6.7. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A use-after-free vulnerability exists in the 'process_nested_data' function in PHP's ext/standard/var_unserializer.re file. ========================================================================== Ubuntu Security Notice USN-2572-1 April 20, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2787)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.4 php5-cgi 5.5.12+dfsg-2ubuntu4.4 php5-cli 5.5.12+dfsg-2ubuntu4.4 php5-fpm 5.5.12+dfsg-2ubuntu4.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 php5-cgi 5.5.9+dfsg-1ubuntu4.9 php5-cli 5.5.9+dfsg-1ubuntu4.9 php5-fpm 5.5.9+dfsg-1ubuntu4.9

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.18 php5-cgi 5.3.10-1ubuntu3.18 php5-cli 5.3.10-1ubuntu3.18 php5-fpm 5.3.10-1ubuntu3.18

Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.30 php5-cgi 5.3.2-1ubuntu4.30 php5-cli 5.3.2-1ubuntu4.30

In general, a standard system update will make all the necessary changes. 6) - i386, x86_64

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

This update also fixes the following bugs:

  • The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305)

  • When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299)

  • Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. (BZ#1212298)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm

s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.ael7b_1.src.rpm

ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm

s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg= =FREZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. (CVE-2014-9709)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.8"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5 (ht205031)"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 thats all  10.11"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.23"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(ht205267)"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4 (ht205031)"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "13.2"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73431"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2787"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-627"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.38",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.6.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2787"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-2787",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-2787",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-80748",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-2787",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-627",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80748",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-2787",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80748"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2787"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2787"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-627"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. This vulnerability CVE-2015-0231 And related issues. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. PHP is prone to a remote code-execution vulnerability. Failed attempts will likely result in denial-of-service conditions. \nFollowing are vulnerable:\nPHP 5.4.x prior to 5.4.39\nPHP 5.5.x prior to 5.5.23\nPHP 5.6.x prior to 5.6.7. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A use-after-free vulnerability exists in the \u0027process_nested_data\u0027 function in PHP\u0027s ext/standard/var_unserializer.re file. ==========================================================================\nUbuntu Security Notice USN-2572-1\nApril 20, 2015\n\nphp5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only applied to\nUbuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-2787)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.4\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.4\n  php5-cli                        5.5.12+dfsg-2ubuntu4.4\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.9\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.9\n  php5-cli                        5.5.9+dfsg-1ubuntu4.9\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.9\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.18\n  php5-cgi                        5.3.10-1ubuntu3.18\n  php5-cli                        5.3.10-1ubuntu3.18\n  php5-fpm                        5.3.10-1ubuntu3.18\n\nUbuntu 10.04 LTS:\n  libapache2-mod-php5             5.3.2-1ubuntu4.30\n  php5-cgi                        5.3.2-1ubuntu4.30\n  php5-cli                        5.3.2-1ubuntu4.30\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php security and bug fix update\nAdvisory ID:       RHSA-2015:1135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1135.html\nIssue date:        2015-06-23\nCVE Names:         CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 \n                   CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 \n                   CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 \n                   CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 \n                   CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 \n                   CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 \n                   CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. \n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nppc64:\nphp-5.4.16-36.el7_1.ppc64.rpm\nphp-cli-5.4.16-36.el7_1.ppc64.rpm\nphp-common-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-gd-5.4.16-36.el7_1.ppc64.rpm\nphp-ldap-5.4.16-36.el7_1.ppc64.rpm\nphp-mysql-5.4.16-36.el7_1.ppc64.rpm\nphp-odbc-5.4.16-36.el7_1.ppc64.rpm\nphp-pdo-5.4.16-36.el7_1.ppc64.rpm\nphp-pgsql-5.4.16-36.el7_1.ppc64.rpm\nphp-process-5.4.16-36.el7_1.ppc64.rpm\nphp-recode-5.4.16-36.el7_1.ppc64.rpm\nphp-soap-5.4.16-36.el7_1.ppc64.rpm\nphp-xml-5.4.16-36.el7_1.ppc64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-5.4.16-36.el7_1.s390x.rpm\nphp-cli-5.4.16-36.el7_1.s390x.rpm\nphp-common-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-gd-5.4.16-36.el7_1.s390x.rpm\nphp-ldap-5.4.16-36.el7_1.s390x.rpm\nphp-mysql-5.4.16-36.el7_1.s390x.rpm\nphp-odbc-5.4.16-36.el7_1.s390x.rpm\nphp-pdo-5.4.16-36.el7_1.s390x.rpm\nphp-pgsql-5.4.16-36.el7_1.s390x.rpm\nphp-process-5.4.16-36.el7_1.s390x.rpm\nphp-recode-5.4.16-36.el7_1.s390x.rpm\nphp-soap-5.4.16-36.el7_1.s390x.rpm\nphp-xml-5.4.16-36.el7_1.s390x.rpm\nphp-xmlrpc-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.ael7b_1.src.rpm\n\nppc64le:\nphp-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-cli-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-common-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-gd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-ldap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-odbc-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pdo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-process-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-recode-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-soap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xml-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.el7_1.ppc64.rpm\nphp-dba-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-devel-5.4.16-36.el7_1.ppc64.rpm\nphp-embedded-5.4.16-36.el7_1.ppc64.rpm\nphp-enchant-5.4.16-36.el7_1.ppc64.rpm\nphp-fpm-5.4.16-36.el7_1.ppc64.rpm\nphp-intl-5.4.16-36.el7_1.ppc64.rpm\nphp-mbstring-5.4.16-36.el7_1.ppc64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.ppc64.rpm\nphp-pspell-5.4.16-36.el7_1.ppc64.rpm\nphp-snmp-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.el7_1.s390x.rpm\nphp-dba-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-devel-5.4.16-36.el7_1.s390x.rpm\nphp-embedded-5.4.16-36.el7_1.s390x.rpm\nphp-enchant-5.4.16-36.el7_1.s390x.rpm\nphp-fpm-5.4.16-36.el7_1.s390x.rpm\nphp-intl-5.4.16-36.el7_1.s390x.rpm\nphp-mbstring-5.4.16-36.el7_1.s390x.rpm\nphp-mysqlnd-5.4.16-36.el7_1.s390x.rpm\nphp-pspell-5.4.16-36.el7_1.s390x.rpm\nphp-snmp-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nphp-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-dba-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-devel-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-embedded-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-enchant-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-fpm-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-intl-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pspell-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-snmp-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O\ndtqycPWs+07GhjmZ6NNx5Bg=\n=FREZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. The php55 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a\nnumber of additional utilities. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP\u0027s OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2787"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      },
      {
        "db": "BID",
        "id": "73431"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80748"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2787"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-2787",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "73431",
        "trust": 1.5
      },
      {
        "db": "SECTRACK",
        "id": "1032485",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94440136",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001999",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-627",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-80748",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2787",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131528",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132161",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132406",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132158",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80748"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2787"
      },
      {
        "db": "BID",
        "id": "73431"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2787"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-627"
      }
    ]
  },
  "id": "VAR-201503-0144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80748"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:14:43.209000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "smalyshev/gist:eea9eafc7c88a4a6d10d",
        "trust": 0.8,
        "url": "https://gist.github.com/smalyshev/eea9eafc7c88a4a6d10d"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "Sec Bug #68976",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=68976"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "TLSA-2015-13",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-13j.html"
      },
      {
        "title": "Red Hat: CVE-2015-2787",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-2787"
      },
      {
        "title": "Debian Security Advisories: DSA-3198-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c4d31fb1a942bdc1ee4d9ee7c751940"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2572-1"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "php",
        "trust": 0.1,
        "url": "https://github.com/b1ueb0y/php "
      },
      {
        "title": "phpcodz",
        "trust": 0.1,
        "url": "https://github.com/80vul/phpcodz "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-2787"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2787"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=68976"
      },
      {
        "trust": 1.8,
        "url": "https://gist.github.com/smalyshev/eea9eafc7c88a4a6d10d"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 1.5,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/73431"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1053.html"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.ubuntu.com/usn/usn-2572-1"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1032485"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2787"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94440136/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2787"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972384"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1351"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2305"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143748090628601\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144050155601375\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/b1ueb0y/php"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/80vul/phpcodz"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38415"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2572-1/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.30"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.18"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1352"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80748"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2787"
      },
      {
        "db": "BID",
        "id": "73431"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2787"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-627"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-80748"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2787"
      },
      {
        "db": "BID",
        "id": "73431"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2787"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-627"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80748"
      },
      {
        "date": "2015-03-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-2787"
      },
      {
        "date": "2015-02-03T00:00:00",
        "db": "BID",
        "id": "73431"
      },
      {
        "date": "2015-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      },
      {
        "date": "2015-04-20T19:22:00",
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "date": "2015-06-04T16:15:24",
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "date": "2015-07-09T23:16:17",
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "date": "2015-06-23T14:07:16",
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-06-04T16:12:40",
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "date": "2015-03-30T10:59:15.663000",
        "db": "NVD",
        "id": "CVE-2015-2787"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-627"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80748"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-2787"
      },
      {
        "date": "2016-07-06T14:22:00",
        "db": "BID",
        "id": "73431"
      },
      {
        "date": "2015-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      },
      {
        "date": "2018-10-30T16:27:35.843000",
        "db": "NVD",
        "id": "CVE-2015-2787"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-627"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-627"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/standard/var_unserializer.re of  process_nested_data Vulnerability in arbitrary code execution in function",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001999"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-627"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0320
Vulnerability from variot

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. PHP is prone to an information-disclosure vulnerability because of a type confusion error. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability stems from the fact that the program does not verify whether the uri attribute is a string. The following versions are affected: PHP prior to 5.4.39, 5.5.x prior to 5.5.23, and 5.6.x prior to 5.6.7. 6) - i386, x86_64

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

This update also fixes the following bugs:

  • The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305)

  • When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299)

  • Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm

s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.ael7b_1.src.rpm

ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm

s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg= =FREZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2658-1 July 06, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description: - php5: HTML-embedded scripting language interpreter

Details:

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)

Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. (CVE-2015-4021)

Max Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. (CVE-2015-4024)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. (CVE-2015-4147)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. This issue only affected Ubuntu 15.04. (CVE-2015-4644)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.2 php5-cgi 5.6.4+dfsg-4ubuntu6.2 php5-cli 5.6.4+dfsg-4ubuntu6.2 php5-fpm 5.6.4+dfsg-4ubuntu6.2

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.6 php5-cgi 5.5.12+dfsg-2ubuntu4.6 php5-cli 5.5.12+dfsg-2ubuntu4.6 php5-fpm 5.5.12+dfsg-2ubuntu4.6

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.11 php5-cgi 5.5.9+dfsg-1ubuntu4.11 php5-cli 5.5.9+dfsg-1ubuntu4.11 php5-fpm 5.5.9+dfsg-1ubuntu4.11

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.19 php5-cgi 5.3.10-1ubuntu3.19 php5-cli 5.3.10-1ubuntu3.19 php5-fpm 5.3.10-1ubuntu3.19

In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. (CVE-2014-9709)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0320",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.10"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75103"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4148"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-133"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.38",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4148"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-4148",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-4148",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-82109",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4148",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-133",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82109",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-4148",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82109"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4148"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4148"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-133"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a \"type confusion\" issue. PHP is prone to an information-disclosure vulnerability because of a type confusion error. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability stems from the fact that the program does not verify whether the uri attribute is a string. The following versions are affected: PHP prior to 5.4.39, 5.5.x prior to 5.5.23, and 5.6.x prior to 5.6.7. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php security and bug fix update\nAdvisory ID:       RHSA-2015:1135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1135.html\nIssue date:        2015-06-23\nCVE Names:         CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 \n                   CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 \n                   CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 \n                   CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 \n                   CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 \n                   CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 \n                   CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption. \n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nppc64:\nphp-5.4.16-36.el7_1.ppc64.rpm\nphp-cli-5.4.16-36.el7_1.ppc64.rpm\nphp-common-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-gd-5.4.16-36.el7_1.ppc64.rpm\nphp-ldap-5.4.16-36.el7_1.ppc64.rpm\nphp-mysql-5.4.16-36.el7_1.ppc64.rpm\nphp-odbc-5.4.16-36.el7_1.ppc64.rpm\nphp-pdo-5.4.16-36.el7_1.ppc64.rpm\nphp-pgsql-5.4.16-36.el7_1.ppc64.rpm\nphp-process-5.4.16-36.el7_1.ppc64.rpm\nphp-recode-5.4.16-36.el7_1.ppc64.rpm\nphp-soap-5.4.16-36.el7_1.ppc64.rpm\nphp-xml-5.4.16-36.el7_1.ppc64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-5.4.16-36.el7_1.s390x.rpm\nphp-cli-5.4.16-36.el7_1.s390x.rpm\nphp-common-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-gd-5.4.16-36.el7_1.s390x.rpm\nphp-ldap-5.4.16-36.el7_1.s390x.rpm\nphp-mysql-5.4.16-36.el7_1.s390x.rpm\nphp-odbc-5.4.16-36.el7_1.s390x.rpm\nphp-pdo-5.4.16-36.el7_1.s390x.rpm\nphp-pgsql-5.4.16-36.el7_1.s390x.rpm\nphp-process-5.4.16-36.el7_1.s390x.rpm\nphp-recode-5.4.16-36.el7_1.s390x.rpm\nphp-soap-5.4.16-36.el7_1.s390x.rpm\nphp-xml-5.4.16-36.el7_1.s390x.rpm\nphp-xmlrpc-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.ael7b_1.src.rpm\n\nppc64le:\nphp-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-cli-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-common-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-gd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-ldap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-odbc-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pdo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-process-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-recode-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-soap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xml-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.el7_1.ppc64.rpm\nphp-dba-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-devel-5.4.16-36.el7_1.ppc64.rpm\nphp-embedded-5.4.16-36.el7_1.ppc64.rpm\nphp-enchant-5.4.16-36.el7_1.ppc64.rpm\nphp-fpm-5.4.16-36.el7_1.ppc64.rpm\nphp-intl-5.4.16-36.el7_1.ppc64.rpm\nphp-mbstring-5.4.16-36.el7_1.ppc64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.ppc64.rpm\nphp-pspell-5.4.16-36.el7_1.ppc64.rpm\nphp-snmp-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.el7_1.s390x.rpm\nphp-dba-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-devel-5.4.16-36.el7_1.s390x.rpm\nphp-embedded-5.4.16-36.el7_1.s390x.rpm\nphp-enchant-5.4.16-36.el7_1.s390x.rpm\nphp-fpm-5.4.16-36.el7_1.s390x.rpm\nphp-intl-5.4.16-36.el7_1.s390x.rpm\nphp-mbstring-5.4.16-36.el7_1.s390x.rpm\nphp-mysqlnd-5.4.16-36.el7_1.s390x.rpm\nphp-pspell-5.4.16-36.el7_1.s390x.rpm\nphp-snmp-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nphp-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-dba-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-devel-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-embedded-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-enchant-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-fpm-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-intl-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pspell-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-snmp-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O\ndtqycPWs+07GhjmZ6NNx5Bg=\n=FREZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ============================================================================\nUbuntu Security Notice USN-2658-1\nJuly 06, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n\nSoftware Description:\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nNeal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL\nbytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled\nfilenames starting with a NULL byte. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\nwhen connecting to remote FTP servers. (CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\ndata types. (CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\nthat the uri property is a string. This issue only affected Ubuntu\n15.04. (CVE-2015-4644)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libapache2-mod-php5             5.6.4+dfsg-4ubuntu6.2\n  php5-cgi                        5.6.4+dfsg-4ubuntu6.2\n  php5-cli                        5.6.4+dfsg-4ubuntu6.2\n  php5-fpm                        5.6.4+dfsg-4ubuntu6.2\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.6\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.6\n  php5-cli                        5.5.12+dfsg-2ubuntu4.6\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.6\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.11\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.11\n  php5-cli                        5.5.9+dfsg-1ubuntu4.11\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.11\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.19\n  php5-cgi                        5.3.10-1ubuntu3.19\n  php5-cli                        5.3.10-1ubuntu3.19\n  php5-fpm                        5.3.10-1ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. The php55 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a\nnumber of additional utilities. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP\u0027s OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4148"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      },
      {
        "db": "BID",
        "id": "75103"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82109"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4148"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-82109",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38304",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82109"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4148"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4148",
        "trust": 3.5
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/06/01/4",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "75103",
        "trust": 1.5
      },
      {
        "db": "SECTRACK",
        "id": "1032459",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003054",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-133",
        "trust": 0.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "38304",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-82109",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4148",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132161",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132406",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132531",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132158",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82109"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4148"
      },
      {
        "db": "BID",
        "id": "75103"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4148"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-133"
      }
    ]
  },
  "id": "VAR-201506-0320",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82109"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:20:46.556000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "Sec Bug #69085",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69085"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "Red Hat: CVE-2015-4148",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-4148"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2658-1"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-4148"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82109"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4148"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://openwall.com/lists/oss-security/2015/06/01/4"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=69085"
      },
      {
        "trust": 1.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 1.5,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1053.html"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/75103"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1032459"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00028.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4148"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4148"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/6075/security-advisory-alienvault-v5-2-addresses-55-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098669"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1351"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2305"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39204"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/38304/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2658-1/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4605"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.11"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2658-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4604"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.19"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1352"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82109"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4148"
      },
      {
        "db": "BID",
        "id": "75103"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4148"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-133"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-82109"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4148"
      },
      {
        "db": "BID",
        "id": "75103"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4148"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-133"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82109"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4148"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "BID",
        "id": "75103"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      },
      {
        "date": "2015-06-04T16:15:24",
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "date": "2015-07-09T23:16:17",
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "date": "2015-06-23T14:07:16",
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "date": "2015-07-07T00:23:34",
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-06-04T16:12:40",
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "date": "2015-06-09T18:59:10.487000",
        "db": "NVD",
        "id": "CVE-2015-4148"
      },
      {
        "date": "2015-06-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-133"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82109"
      },
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4148"
      },
      {
        "date": "2016-07-06T14:22:00",
        "db": "BID",
        "id": "75103"
      },
      {
        "date": "2015-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      },
      {
        "date": "2018-01-05T02:30:08.400000",
        "db": "NVD",
        "id": "CVE-2015-4148"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-133"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-133"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/soap/soap.c Inside  do_soap_call Vulnerabilities that capture important information in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003054"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-133"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0465
Vulnerability from variot

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter.". PHP is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in the 'php_handler' function in PHP's sapi/apache2handler/sapi_apache2.c file. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. ========================================================================== Ubuntu Security Notice USN-2572-1 April 20, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)

It was discovered that PHP incorrectly handled unserializing PHAR files. (CVE-2015-2787)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.4 php5-cgi 5.5.12+dfsg-2ubuntu4.4 php5-cli 5.5.12+dfsg-2ubuntu4.4 php5-fpm 5.5.12+dfsg-2ubuntu4.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 php5-cgi 5.5.9+dfsg-1ubuntu4.9 php5-cli 5.5.9+dfsg-1ubuntu4.9 php5-fpm 5.5.9+dfsg-1ubuntu4.9

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.18 php5-cgi 5.3.10-1ubuntu3.18 php5-cli 5.3.10-1ubuntu3.18 php5-fpm 5.3.10-1ubuntu3.18

Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.30 php5-cgi 5.3.2-1ubuntu4.30 php5-cli 5.3.2-1ubuntu4.30

In general, a standard system update will make all the necessary changes.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. Please note that this package build also moves the configuration files from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz

Slackware 14.1 package: 9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz

Slackware -current package: 30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz

Slackware x86_64 -current package: 1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.4.40-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

This update also fixes the following bugs:

  • The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305)

  • When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299)

  • Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm

s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.ael7b_1.src.rpm

ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm

s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg= =FREZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Buffer Overflow when parsing tar/zip/phar in phar_set_inode (CVE-2015-3329).

Potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330).

Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVPf25mqjQ0CJFipgRAr9DAJwLXVXZqUb2kRGPCR9arVb7TKkfOQCgmCY7 cUUPvfG5XP6mbL/c94A8wq0= =BCBr -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0465",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5 (ht205031)"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.24"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 thats all  10.11"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(ht205267)"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4 (ht205031)"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74204"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-042"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3330"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3330"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "php@bof.de",
    "sources": [
      {
        "db": "BID",
        "id": "74204"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3330",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3330",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-81291",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3330",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-042",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81291",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3330",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81291"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-042"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3330"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \"deconfigured interpreter.\". PHP is prone to a remote code-execution vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the context of the affected  application. Failed exploit attempts may result in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in the \u0027php_handler\u0027 function in PHP\u0027s sapi/apache2handler/sapi_apache2.c file. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. ==========================================================================\nUbuntu Security Notice USN-2572-1\nApril 20, 2015\n\nphp5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only applied to\nUbuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR files. \n(CVE-2015-2787)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.4\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.4\n  php5-cli                        5.5.12+dfsg-2ubuntu4.4\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.9\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.9\n  php5-cli                        5.5.9+dfsg-1ubuntu4.9\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.9\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.18\n  php5-cgi                        5.3.10-1ubuntu3.18\n  php5-cli                        5.3.10-1ubuntu3.18\n  php5-fpm                        5.3.10-1ubuntu3.18\n\nUbuntu 10.04 LTS:\n  libapache2-mod-php5             5.3.2-1ubuntu4.30\n  php5-cgi                        5.3.2-1ubuntu4.30\n  php5-cli                        5.3.2-1ubuntu4.30\n\nIn general, a standard system update will make all the necessary changes. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.40-i486-1_slack14.1.txz:  Upgraded. \n  Please note that this package build also moves the configuration files\n  from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n2666059d6540b1b4385d25dfc5ebbe99  php-5.4.40-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc146f500912ba9c7e5d652e5e3643c04  php-5.4.40-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9efc8a96f9a3f3261e5f640292b1b781  php-5.4.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c95e077f314f1cfa3ee83b9aba90b91  php-5.4.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n30d14f237c71fada0d594c2360a58016  n/php-5.6.8-i486-1.txz\n\nSlackware x86_64 -current package:\n1a0fcc590aa4dff5de5f08293936d0d9  n/php-5.6.8-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.40-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php security and bug fix update\nAdvisory ID:       RHSA-2015:1135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1135.html\nIssue date:        2015-06-23\nCVE Names:         CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 \n                   CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 \n                   CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 \n                   CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 \n                   CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 \n                   CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 \n                   CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption. \n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nppc64:\nphp-5.4.16-36.el7_1.ppc64.rpm\nphp-cli-5.4.16-36.el7_1.ppc64.rpm\nphp-common-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-gd-5.4.16-36.el7_1.ppc64.rpm\nphp-ldap-5.4.16-36.el7_1.ppc64.rpm\nphp-mysql-5.4.16-36.el7_1.ppc64.rpm\nphp-odbc-5.4.16-36.el7_1.ppc64.rpm\nphp-pdo-5.4.16-36.el7_1.ppc64.rpm\nphp-pgsql-5.4.16-36.el7_1.ppc64.rpm\nphp-process-5.4.16-36.el7_1.ppc64.rpm\nphp-recode-5.4.16-36.el7_1.ppc64.rpm\nphp-soap-5.4.16-36.el7_1.ppc64.rpm\nphp-xml-5.4.16-36.el7_1.ppc64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-5.4.16-36.el7_1.s390x.rpm\nphp-cli-5.4.16-36.el7_1.s390x.rpm\nphp-common-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-gd-5.4.16-36.el7_1.s390x.rpm\nphp-ldap-5.4.16-36.el7_1.s390x.rpm\nphp-mysql-5.4.16-36.el7_1.s390x.rpm\nphp-odbc-5.4.16-36.el7_1.s390x.rpm\nphp-pdo-5.4.16-36.el7_1.s390x.rpm\nphp-pgsql-5.4.16-36.el7_1.s390x.rpm\nphp-process-5.4.16-36.el7_1.s390x.rpm\nphp-recode-5.4.16-36.el7_1.s390x.rpm\nphp-soap-5.4.16-36.el7_1.s390x.rpm\nphp-xml-5.4.16-36.el7_1.s390x.rpm\nphp-xmlrpc-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.ael7b_1.src.rpm\n\nppc64le:\nphp-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-cli-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-common-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-gd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-ldap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-odbc-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pdo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-process-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-recode-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-soap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xml-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.el7_1.ppc64.rpm\nphp-dba-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-devel-5.4.16-36.el7_1.ppc64.rpm\nphp-embedded-5.4.16-36.el7_1.ppc64.rpm\nphp-enchant-5.4.16-36.el7_1.ppc64.rpm\nphp-fpm-5.4.16-36.el7_1.ppc64.rpm\nphp-intl-5.4.16-36.el7_1.ppc64.rpm\nphp-mbstring-5.4.16-36.el7_1.ppc64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.ppc64.rpm\nphp-pspell-5.4.16-36.el7_1.ppc64.rpm\nphp-snmp-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.el7_1.s390x.rpm\nphp-dba-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-devel-5.4.16-36.el7_1.s390x.rpm\nphp-embedded-5.4.16-36.el7_1.s390x.rpm\nphp-enchant-5.4.16-36.el7_1.s390x.rpm\nphp-fpm-5.4.16-36.el7_1.s390x.rpm\nphp-intl-5.4.16-36.el7_1.s390x.rpm\nphp-mbstring-5.4.16-36.el7_1.s390x.rpm\nphp-mysqlnd-5.4.16-36.el7_1.s390x.rpm\nphp-pspell-5.4.16-36.el7_1.s390x.rpm\nphp-snmp-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nphp-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-dba-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-devel-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-embedded-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-enchant-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-fpm-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-intl-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pspell-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-snmp-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O\ndtqycPWs+07GhjmZ6NNx5Bg=\n=FREZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n Buffer Overflow when parsing tar/zip/phar in phar_set_inode\n (CVE-2015-3329). \n \n Potential remote code execution with apache 2.4 apache2handler\n (CVE-2015-3330). \n \n Additionally the timezonedb packages has been upgraded to the latest\n version and the PECL packages which requires so has been rebuilt\n for php-5.5.24.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVPf25mqjQ0CJFipgRAr9DAJwLXVXZqUb2kRGPCR9arVb7TKkfOQCgmCY7\ncUUPvfG5XP6mbL/c94A8wq0=\n=BCBr\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      },
      {
        "db": "BID",
        "id": "74204"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81291"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3330"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3330",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "74204",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1033703",
        "trust": 1.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/04/17/7",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94440136",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003047",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-042",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-81291",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3330",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131528",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132440",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131577",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132406",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132442",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131640",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81291"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3330"
      },
      {
        "db": "BID",
        "id": "74204"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-042"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3330"
      }
    ]
  },
  "id": "VAR-201506-0465",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81291"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T22:08:28.995000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "Sec Bug #69218",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69218"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7"
      },
      {
        "title": "TLSA-2015-15",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-15j.html"
      },
      {
        "title": "Red Hat: CVE-2015-3330",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3330"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2572-1"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3330"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/74204"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1186.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-2572-1"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=68486"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=69218"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.8,
        "url": "http://openwall.com/lists/oss-security/2015/04/17/7"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1033703"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3330"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=809610f5ea38a83b284e1125d1fff129bdd615e7"
      },
      {
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94440136/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3330"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4605"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4604"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2783"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39488"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2572-1/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.30"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.18"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2305"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2331"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2331"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2015-0169.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81291"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3330"
      },
      {
        "db": "BID",
        "id": "74204"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-042"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3330"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81291"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3330"
      },
      {
        "db": "BID",
        "id": "74204"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-042"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3330"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81291"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3330"
      },
      {
        "date": "2015-04-17T00:00:00",
        "db": "BID",
        "id": "74204"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      },
      {
        "date": "2015-04-20T19:22:00",
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "date": "2015-06-25T14:18:12",
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "date": "2015-04-22T20:14:00",
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "date": "2015-06-23T14:07:16",
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "date": "2015-06-25T14:18:25",
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "date": "2015-04-27T16:21:20",
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "date": "2015-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-042"
      },
      {
        "date": "2015-06-09T18:59:03.613000",
        "db": "NVD",
        "id": "CVE-2015-3330"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81291"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3330"
      },
      {
        "date": "2016-07-05T21:28:00",
        "db": "BID",
        "id": "74204"
      },
      {
        "date": "2015-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      },
      {
        "date": "2019-12-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-042"
      },
      {
        "date": "2023-11-07T02:25:36.520000",
        "db": "NVD",
        "id": "CVE-2015-3330"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-042"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  sapi/apache2handler/sapi_apache2.c of  php_handler Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003047"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-042"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0119
Vulnerability from variot

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. PHP is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to crash the affected application resulting in denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. An integer overflow vulnerability exists in the 'the mbfl_strcut' function in PHP's ext/mbstring/libmbfl/mbfl/mbfilter.c file. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5. ============================================================================ Ubuntu Security Notice USN-2984-1 May 24, 2016

php5, php7.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)

Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3078)

It was discovered that PHP incorrectly handled invalid indexes in the SplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)

It was discovered that the PHP rawurlencode() function incorrectly handled large strings. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4070)

It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)

It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)

It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)

It was discovered that the PHP phar extension incorrectly handled certain archive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343)

It was discovered that the PHP bcpowmod() function incorrectly handled memory. (CVE-2016-4537, CVE-2016-4538)

It was discovered that the PHP XML parser incorrectly handled certain malformed XML data. (CVE-2016-4539)

It was discovered that certain PHP grapheme functions incorrectly handled negative offsets. (CVE-2016-4540, CVE-2016-4541)

It was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.4-7ubuntu2.1 php7.0-cgi 7.0.4-7ubuntu2.1 php7.0-cli 7.0.4-7ubuntu2.1 php7.0-fpm 7.0.4-7ubuntu2.1

Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.4 php5-cgi 5.6.11+dfsg-1ubuntu3.4 php5-cli 5.6.11+dfsg-1ubuntu3.4 php5-fpm 5.6.11+dfsg-1ubuntu3.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.17 php5-cgi 5.5.9+dfsg-1ubuntu4.17 php5-cli 5.5.9+dfsg-1ubuntu4.17 php5-fpm 5.5.9+dfsg-1ubuntu4.17

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.23 php5-cgi 5.3.10-1ubuntu3.23 php5-cli 5.3.10-1ubuntu3.23 php5-fpm 5.3.10-1ubuntu3.23

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update Advisory ID: RHSA-2016:2750-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html Issue date: 2016-11-15 CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 =====================================================================

  1. Summary:

An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.

The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)

Security Fixes in the rh-php56-php component:

  • Several Moderate and Low impact security issues were found in PHP. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)

  • Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)

Red Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch() 1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23) 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19) 1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3) 1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) 1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36) 1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c 1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated 1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent 1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives 1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile() 1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data 1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd 1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method 1323103 - CVE-2016-4073 php: Negative size parameter in memcpy 1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name 1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error() 1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode 1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file 1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads 1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure 1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream() 1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition 1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input 1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used 1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used 1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow 1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c 1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects 1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches 1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns 1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal 1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread 1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc 1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities() 1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file() 1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow 1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow 1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec 1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread 1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize 1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351603 - CVE-2016-6128 gd: Invalid color index not properly handled 1358395 - CVE-2016-5399 php: Improper error handling in bzread() 1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex 1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization 1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE 1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment 1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc() 1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http 1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize() 1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c 1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener 1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex 1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object 1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability 1374699 - CVE-2016-7126 php: select_colors write out-of-bounds 1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access 1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF 1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access 1374707 - CVE-2016-7130 php: wddx_deserialize null dereference 1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml 1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-7456 https://access.redhat.com/security/cve/CVE-2014-9767 https://access.redhat.com/security/cve/CVE-2015-2325 https://access.redhat.com/security/cve/CVE-2015-2326 https://access.redhat.com/security/cve/CVE-2015-2327 https://access.redhat.com/security/cve/CVE-2015-2328 https://access.redhat.com/security/cve/CVE-2015-3210 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8381 https://access.redhat.com/security/cve/CVE-2015-8383 https://access.redhat.com/security/cve/CVE-2015-8384 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2015-8392 https://access.redhat.com/security/cve/CVE-2015-8395 https://access.redhat.com/security/cve/CVE-2015-8835 https://access.redhat.com/security/cve/CVE-2015-8865 https://access.redhat.com/security/cve/CVE-2015-8866 https://access.redhat.com/security/cve/CVE-2015-8867 https://access.redhat.com/security/cve/CVE-2015-8873 https://access.redhat.com/security/cve/CVE-2015-8874 https://access.redhat.com/security/cve/CVE-2015-8876 https://access.redhat.com/security/cve/CVE-2015-8877 https://access.redhat.com/security/cve/CVE-2015-8879 https://access.redhat.com/security/cve/CVE-2016-1903 https://access.redhat.com/security/cve/CVE-2016-2554 https://access.redhat.com/security/cve/CVE-2016-3074 https://access.redhat.com/security/cve/CVE-2016-3141 https://access.redhat.com/security/cve/CVE-2016-3142 https://access.redhat.com/security/cve/CVE-2016-4070 https://access.redhat.com/security/cve/CVE-2016-4071 https://access.redhat.com/security/cve/CVE-2016-4072 https://access.redhat.com/security/cve/CVE-2016-4073 https://access.redhat.com/security/cve/CVE-2016-4342 https://access.redhat.com/security/cve/CVE-2016-4343 https://access.redhat.com/security/cve/CVE-2016-4473 https://access.redhat.com/security/cve/CVE-2016-4537 https://access.redhat.com/security/cve/CVE-2016-4538 https://access.redhat.com/security/cve/CVE-2016-4539 https://access.redhat.com/security/cve/CVE-2016-4540 https://access.redhat.com/security/cve/CVE-2016-4541 https://access.redhat.com/security/cve/CVE-2016-4542 https://access.redhat.com/security/cve/CVE-2016-4543 https://access.redhat.com/security/cve/CVE-2016-4544 https://access.redhat.com/security/cve/CVE-2016-5093 https://access.redhat.com/security/cve/CVE-2016-5094 https://access.redhat.com/security/cve/CVE-2016-5096 https://access.redhat.com/security/cve/CVE-2016-5114 https://access.redhat.com/security/cve/CVE-2016-5399 https://access.redhat.com/security/cve/CVE-2016-5766 https://access.redhat.com/security/cve/CVE-2016-5767 https://access.redhat.com/security/cve/CVE-2016-5768 https://access.redhat.com/security/cve/CVE-2016-5770 https://access.redhat.com/security/cve/CVE-2016-5771 https://access.redhat.com/security/cve/CVE-2016-5772 https://access.redhat.com/security/cve/CVE-2016-5773 https://access.redhat.com/security/cve/CVE-2016-6128 https://access.redhat.com/security/cve/CVE-2016-6207 https://access.redhat.com/security/cve/CVE-2016-6288 https://access.redhat.com/security/cve/CVE-2016-6289 https://access.redhat.com/security/cve/CVE-2016-6290 https://access.redhat.com/security/cve/CVE-2016-6291 https://access.redhat.com/security/cve/CVE-2016-6292 https://access.redhat.com/security/cve/CVE-2016-6294 https://access.redhat.com/security/cve/CVE-2016-6295 https://access.redhat.com/security/cve/CVE-2016-6296 https://access.redhat.com/security/cve/CVE-2016-6297 https://access.redhat.com/security/cve/CVE-2016-7124 https://access.redhat.com/security/cve/CVE-2016-7125 https://access.redhat.com/security/cve/CVE-2016-7126 https://access.redhat.com/security/cve/CVE-2016-7127 https://access.redhat.com/security/cve/CVE-2016-7128 https://access.redhat.com/security/cve/CVE-2016-7129 https://access.redhat.com/security/cve/CVE-2016-7130 https://access.redhat.com/security/cve/CVE-2016-7131 https://access.redhat.com/security/cve/CVE-2016-7132 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs UCuj+0gWfBsWXOgFhgH0uL8= =FcPG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05240731 Version: 1

HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-08-19 Last Updated: 2016-08-19

Potential Security Impact: Local Denial of Service (DoS), Elevation of Privilege, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Disclosure of Information, Unauthorized Modification

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory.

References:

- CVE-2016-1238 - Perl Local Elevation of Privilege
- CVE-2016-2381 - Perl Remote Unauthorized Modification
- CVE-2014-4330 - Perl Local Denial of Service (DoS)

    **Note:** applies only for the H/J-series SPR. Fix was already

provided in a previous L-series SPR. OSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and T1203L01^AAC

*Impacted releases:*

- L15.02
- L15.08.00, L15.08.01
- L16.05.00

- J06.14 through J06.16.02
- J06.17.00, J06.17.01
- J06.18.00, J06.18.01
- J06.19.00, J06.19.01, J06.19.02
- J06.20.00

- H06.25 through H06.26.01
- H06.27.00, H06.27.01
- H06.28.00, H06.28.01
- H06.29.00, H06.29.01

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2013-7456
  7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-4330
  4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-8383
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8386
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8387
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8389
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8390
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8391
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

CVE-2015-8393
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-8394
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8607
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8853
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-8865
  7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8874
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-1238
  6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
  6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)

CVE-2016-1903
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE-2016-2381
  6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-2016-2554
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-3074
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4070
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-4071
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4072
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4073
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4342
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVE-2016-4343
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-4537
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4538
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4539
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4540
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4541
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4542
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4543
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4544
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5093
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5094
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5096
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5114
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE-2016-5766
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5767
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5768
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5769
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5770
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5771
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5772
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5773
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has released the following software updates to resolve the vulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP.

Install one of the SPRs below as appropriate for the system's release version:

  • L-Series:

    • T1203L01^AAE (OSS Scripting Languages) - already available

      This SPR already is present in these RVUs: None

      This SPR is usable with the following RVUs:

      • L15.02 through L16.05.00
  • H and J-Series:

    • T1203H01^AAF (OSS Scripting Languages) - already available

      This SPR already is present in these RVUs: None

      This SPR is usable with the following RVUs:

      • J06.14 through J06.20.00

      • H06.25 through H06.29.01

Note: Please refer to NonStop Hotstuff HS03333 for more information.

HISTORY Version:1 (rev.1) - 19 August 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


Debian Security Advisory DSA-3560-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2016 https://www.debian.org/security/faq


Package : php5 CVE ID : CVE-2015-8865 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. Please refer to the upstream changelog for more information:

https://php.net/ChangeLog-5.php#5.6.20

For the stable distribution (jessie), these problems have been fixed in version 5.6.20+dfsg-0+deb8u1.

We recommend that you upgrade your php5 packages.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 5.6.28 >= 5.6.28

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.28"

References

[ 1 ] CVE-2015-8865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865 [ 2 ] CVE-2016-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074 [ 3 ] CVE-2016-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071 [ 4 ] CVE-2016-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072 [ 5 ] CVE-2016-4073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073 [ 6 ] CVE-2016-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537 [ 7 ] CVE-2016-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538 [ 8 ] CVE-2016-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539 [ 9 ] CVE-2016-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540 [ 10 ] CVE-2016-4541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541 [ 11 ] CVE-2016-4542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542 [ 12 ] CVE-2016-4543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543 [ 13 ] CVE-2016-4544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544 [ 14 ] CVE-2016-5385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385 [ 15 ] CVE-2016-6289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289 [ 16 ] CVE-2016-6290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290 [ 17 ] CVE-2016-6291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291 [ 18 ] CVE-2016-6292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292 [ 19 ] CVE-2016-6294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294 [ 20 ] CVE-2016-6295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295 [ 21 ] CVE-2016-6296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296 [ 22 ] CVE-2016-6297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297 [ 23 ] CVE-2016-7124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124 [ 24 ] CVE-2016-7125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125 [ 25 ] CVE-2016-7126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126 [ 26 ] CVE-2016-7127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127 [ 27 ] CVE-2016-7128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128 [ 28 ] CVE-2016-7129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129 [ 29 ] CVE-2016-7130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130 [ 30 ] CVE-2016-7131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131 [ 31 ] CVE-2016-7132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132 [ 32 ] CVE-2016-7133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133 [ 33 ] CVE-2016-7134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134 [ 34 ] CVE-2016-7411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411 [ 35 ] CVE-2016-7412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412 [ 36 ] CVE-2016-7413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413 [ 37 ] CVE-2016-7414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414 [ 38 ] CVE-2016-7416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416 [ 39 ] CVE-2016-7417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417 [ 40 ] CVE-2016-7418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201611-22

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0119",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.33"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.32"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.30"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.16"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.0.5"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.20"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.45"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.44"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.43"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.37"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.31"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.42"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.41"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.36"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.35"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.34"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.33"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.32"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.31"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.17.03"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.43"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "mac os security update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016-0020"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "7.0.5"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.20"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.34"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016-0030"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "85991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-560"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4073"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fernando",
    "sources": [
      {
        "db": "BID",
        "id": "85991"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-4073",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4073",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-92892",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-4073",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4073",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-560",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-92892",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-4073",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92892"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4073"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-560"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. PHP is prone to a denial-of-service vulnerability. \nSuccessful exploits may allow the attacker to crash the affected application resulting in denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. An integer overflow vulnerability exists in the \u0027the mbfl_strcut\u0027 function in PHP\u0027s ext/mbstring/libmbfl/mbfl/mbfilter.c file. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5. ============================================================================\nUbuntu Security Notice USN-2984-1\nMay 24, 2016\n\nphp5, php7.0 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)\n\nHans Jerry Illikainen discovered that the PHP Zip extension incorrectly\nhandled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. \n(CVE-2016-3078)\n\nIt was discovered that PHP incorrectly handled invalid indexes in the\nSplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)\n\nIt was discovered that the PHP rawurlencode() function incorrectly handled\nlarge strings. This issue only affected Ubuntu\n16.04 LTS. (CVE-2016-4070)\n\nIt was discovered that the PHP php_snmp_error() function incorrectly\nhandled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\nfilenames in archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)\n\nIt was discovered that the PHP mb_strcut() function incorrectly handled\nstring formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\narchive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2016-4342, CVE-2016-4343)\n\nIt was discovered that the PHP bcpowmod() function incorrectly handled\nmemory. \n(CVE-2016-4537, CVE-2016-4538)\n\nIt was discovered that the PHP XML parser incorrectly handled certain\nmalformed XML data. (CVE-2016-4539)\n\nIt was discovered that certain PHP grapheme functions incorrectly handled\nnegative offsets. (CVE-2016-4540,\nCVE-2016-4541)\n\nIt was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543,\nCVE-2016-4544)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libapache2-mod-php7.0           7.0.4-7ubuntu2.1\n  php7.0-cgi                      7.0.4-7ubuntu2.1\n  php7.0-cli                      7.0.4-7ubuntu2.1\n  php7.0-fpm                      7.0.4-7ubuntu2.1\n\nUbuntu 15.10:\n  libapache2-mod-php5             5.6.11+dfsg-1ubuntu3.4\n  php5-cgi                        5.6.11+dfsg-1ubuntu3.4\n  php5-cli                        5.6.11+dfsg-1ubuntu3.4\n  php5-fpm                        5.6.11+dfsg-1ubuntu3.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.17\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.17\n  php5-cli                        5.5.9+dfsg-1ubuntu4.17\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.17\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.23\n  php5-cgi                        5.3.10-1ubuntu3.23\n  php5-cli                        5.3.10-1ubuntu3.23\n  php5-fpm                        5.3.10-1ubuntu3.23\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rh-php56 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2016:2750-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2750.html\nIssue date:        2016-11-15\nCVE Names:         CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 \n                   CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 \n                   CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 \n                   CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 \n                   CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 \n                   CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 \n                   CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 \n                   CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 \n                   CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 \n                   CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 \n                   CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 \n                   CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 \n                   CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 \n                   CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 \n                   CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 \n                   CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 \n                   CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 \n                   CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 \n                   CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 \n                   CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 \n                   CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 \n                   CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 \n                   CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 \n                   CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 \n                   CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 \n                   CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 \n                   CVE-2016-7132 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php56, rh-php56-php, and rh-php56-php-pear is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The rh-php56 packages provide a recent stable release of PHP\nwith PEAR 1.9.5 and enhanced language features including constant\nexpressions, variadic functions, arguments unpacking, and the interactive\ndebuger. The memcache, mongo, and XDebug extensions are also included. \n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which\nprovides a number of bug fixes and enhancements over the previous version. \n(BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-7456,\nCVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867,\nCVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879,\nCVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142,\nCVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342,\nCVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539,\nCVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544,\nCVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399,\nCVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771,\nCVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288,\nCVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294,\nCVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125,\nCVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130,\nCVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the\nrh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,\nCVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383,\nCVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391,\nCVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-3074, CVE-2016-4473, and CVE-2016-5399. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch()\n1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23)\n1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)\n1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)\n1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories\n1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)\n1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)\n1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)\n1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)\n1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)\n1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)\n1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)\n1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)\n1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)\n1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c\n1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated\n1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent\n1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives\n1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile()\n1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data\n1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd\n1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method\n1323103 - CVE-2016-4073 php: Negative size parameter in memcpy\n1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \\0 inside name\n1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error()\n1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode\n1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file\n1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads\n1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure\n1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream()\n1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition\n1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input\n1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used\n1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used\n1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow\n1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c\n1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects\n1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches\n1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns\n1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal\n1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread\n1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc\n1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities()\n1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file()\n1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow\n1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec\n1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread\n1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize\n1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351603 - CVE-2016-6128 gd: Invalid color index not properly handled\n1358395 - CVE-2016-5399 php: Improper error handling in bzread()\n1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex\n1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization\n1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment\n1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()\n1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http\n1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize()\n1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c\n1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex\n1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object\n1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability\n1374699 - CVE-2016-7126 php: select_colors write out-of-bounds\n1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access\n1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF\n1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access\n1374707 - CVE-2016-7130 php: wddx_deserialize null dereference\n1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml\n1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-7456\nhttps://access.redhat.com/security/cve/CVE-2014-9767\nhttps://access.redhat.com/security/cve/CVE-2015-2325\nhttps://access.redhat.com/security/cve/CVE-2015-2326\nhttps://access.redhat.com/security/cve/CVE-2015-2327\nhttps://access.redhat.com/security/cve/CVE-2015-2328\nhttps://access.redhat.com/security/cve/CVE-2015-3210\nhttps://access.redhat.com/security/cve/CVE-2015-3217\nhttps://access.redhat.com/security/cve/CVE-2015-5073\nhttps://access.redhat.com/security/cve/CVE-2015-8381\nhttps://access.redhat.com/security/cve/CVE-2015-8383\nhttps://access.redhat.com/security/cve/CVE-2015-8384\nhttps://access.redhat.com/security/cve/CVE-2015-8385\nhttps://access.redhat.com/security/cve/CVE-2015-8386\nhttps://access.redhat.com/security/cve/CVE-2015-8388\nhttps://access.redhat.com/security/cve/CVE-2015-8391\nhttps://access.redhat.com/security/cve/CVE-2015-8392\nhttps://access.redhat.com/security/cve/CVE-2015-8395\nhttps://access.redhat.com/security/cve/CVE-2015-8835\nhttps://access.redhat.com/security/cve/CVE-2015-8865\nhttps://access.redhat.com/security/cve/CVE-2015-8866\nhttps://access.redhat.com/security/cve/CVE-2015-8867\nhttps://access.redhat.com/security/cve/CVE-2015-8873\nhttps://access.redhat.com/security/cve/CVE-2015-8874\nhttps://access.redhat.com/security/cve/CVE-2015-8876\nhttps://access.redhat.com/security/cve/CVE-2015-8877\nhttps://access.redhat.com/security/cve/CVE-2015-8879\nhttps://access.redhat.com/security/cve/CVE-2016-1903\nhttps://access.redhat.com/security/cve/CVE-2016-2554\nhttps://access.redhat.com/security/cve/CVE-2016-3074\nhttps://access.redhat.com/security/cve/CVE-2016-3141\nhttps://access.redhat.com/security/cve/CVE-2016-3142\nhttps://access.redhat.com/security/cve/CVE-2016-4070\nhttps://access.redhat.com/security/cve/CVE-2016-4071\nhttps://access.redhat.com/security/cve/CVE-2016-4072\nhttps://access.redhat.com/security/cve/CVE-2016-4073\nhttps://access.redhat.com/security/cve/CVE-2016-4342\nhttps://access.redhat.com/security/cve/CVE-2016-4343\nhttps://access.redhat.com/security/cve/CVE-2016-4473\nhttps://access.redhat.com/security/cve/CVE-2016-4537\nhttps://access.redhat.com/security/cve/CVE-2016-4538\nhttps://access.redhat.com/security/cve/CVE-2016-4539\nhttps://access.redhat.com/security/cve/CVE-2016-4540\nhttps://access.redhat.com/security/cve/CVE-2016-4541\nhttps://access.redhat.com/security/cve/CVE-2016-4542\nhttps://access.redhat.com/security/cve/CVE-2016-4543\nhttps://access.redhat.com/security/cve/CVE-2016-4544\nhttps://access.redhat.com/security/cve/CVE-2016-5093\nhttps://access.redhat.com/security/cve/CVE-2016-5094\nhttps://access.redhat.com/security/cve/CVE-2016-5096\nhttps://access.redhat.com/security/cve/CVE-2016-5114\nhttps://access.redhat.com/security/cve/CVE-2016-5399\nhttps://access.redhat.com/security/cve/CVE-2016-5766\nhttps://access.redhat.com/security/cve/CVE-2016-5767\nhttps://access.redhat.com/security/cve/CVE-2016-5768\nhttps://access.redhat.com/security/cve/CVE-2016-5770\nhttps://access.redhat.com/security/cve/CVE-2016-5771\nhttps://access.redhat.com/security/cve/CVE-2016-5772\nhttps://access.redhat.com/security/cve/CVE-2016-5773\nhttps://access.redhat.com/security/cve/CVE-2016-6128\nhttps://access.redhat.com/security/cve/CVE-2016-6207\nhttps://access.redhat.com/security/cve/CVE-2016-6288\nhttps://access.redhat.com/security/cve/CVE-2016-6289\nhttps://access.redhat.com/security/cve/CVE-2016-6290\nhttps://access.redhat.com/security/cve/CVE-2016-6291\nhttps://access.redhat.com/security/cve/CVE-2016-6292\nhttps://access.redhat.com/security/cve/CVE-2016-6294\nhttps://access.redhat.com/security/cve/CVE-2016-6295\nhttps://access.redhat.com/security/cve/CVE-2016-6296\nhttps://access.redhat.com/security/cve/CVE-2016-6297\nhttps://access.redhat.com/security/cve/CVE-2016-7124\nhttps://access.redhat.com/security/cve/CVE-2016-7125\nhttps://access.redhat.com/security/cve/CVE-2016-7126\nhttps://access.redhat.com/security/cve/CVE-2016-7127\nhttps://access.redhat.com/security/cve/CVE-2016-7128\nhttps://access.redhat.com/security/cve/CVE-2016-7129\nhttps://access.redhat.com/security/cve/CVE-2016-7130\nhttps://access.redhat.com/security/cve/CVE-2016-7131\nhttps://access.redhat.com/security/cve/CVE-2016-7132\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs\nUCuj+0gWfBsWXOgFhgH0uL8=\n=FcPG\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05240731\nVersion: 1\n\nHPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and\nPHP, Multiple Local and Remote Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-08-19\nLast Updated: 2016-08-19\n\nPotential Security Impact: Local Denial of Service (DoS), Elevation of\nPrivilege, Remote Denial of Service (DoS), Execution of Arbitrary Code,\nUnauthorized Disclosure of Information, Unauthorized Modification\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential remote and local vulnerabilities impacting Perl and PHP\nhave been addressed by HPE NonStop Servers OSS Script Languages. The\nvulnerabilities include Perl\u0027s opportunistic loading of optional modules\nwhich might allow local users to gain elevation of privilege via a Trojan\nhorse library under the current working directory. \n\nReferences:\n\n    - CVE-2016-1238 - Perl Local Elevation of Privilege\n    - CVE-2016-2381 - Perl Remote Unauthorized Modification\n    - CVE-2014-4330 - Perl Local Denial of Service (DoS)\n\n        **Note:** applies only for the H/J-series SPR. Fix was already\nprovided in a previous L-series SPR. \nOSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and\nT1203L01^AAC\n\n    *Impacted releases:*\n\n    - L15.02\n    - L15.08.00, L15.08.01\n    - L16.05.00\n\n    - J06.14 through J06.16.02\n    - J06.17.00, J06.17.01\n    - J06.18.00, J06.18.01\n    - J06.19.00, J06.19.01, J06.19.02\n    - J06.20.00\n\n    - H06.25 through H06.26.01\n    - H06.27.00, H06.27.01\n    - H06.28.00, H06.28.01\n    - H06.29.00, H06.29.01\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2013-7456\n      7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-4330\n      4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-8383\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8386\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8387\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8389\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8390\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8391\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)\n\n    CVE-2015-8393\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-8394\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8607\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8853\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-8865\n      7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8874\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-1238\n      6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\n      6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-1903\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    CVE-2016-2381\n      6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\n      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n    CVE-2016-2554\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-3074\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4070\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-4071\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4072\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4073\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4342\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)\n\n    CVE-2016-4343\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4537\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4538\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4539\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4540\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4541\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4542\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4543\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4544\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5093\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5094\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5096\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5114\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    CVE-2016-5766\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5767\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5768\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5769\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5770\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5771\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5772\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5773\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has released the following software updates to resolve the\nvulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP. \n\nInstall one of the SPRs below as appropriate for the system\u0027s release\nversion:\n\n  + L-Series:\n\n    * T1203L01^AAE (OSS Scripting Languages) - already available\n\n        This SPR already is present in these RVUs: None\n\n        This SPR is usable with the following RVUs:\n\n        - L15.02 through L16.05.00\n\n  + H and J-Series:\n\n    * T1203H01^AAF (OSS Scripting Languages) - already available\n\n        This SPR already is present in these RVUs: None\n\n        This SPR is usable with the following RVUs:\n\n         - J06.14 through J06.20.00\n\n         - H06.25 through H06.29.01\n\n**Note:** Please refer to *NonStop Hotstuff HS03333* for more information. \n\nHISTORY\nVersion:1 (rev.1) - 19 August 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3560-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nApril 27, 2016                        https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : php5\nCVE ID         : CVE-2015-8865 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072\n                 CVE-2016-4073\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. Please refer to the\nupstream changelog for more information:\n\n https://php.net/ChangeLog-5.php#5.6.20\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.20+dfsg-0+deb8u1. \n\nWe recommend that you upgrade your php5 packages. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/php                 \u003c 5.6.28                  \u003e= 5.6.28\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.28\"\n\nReferences\n==========\n\n[  1 ] CVE-2015-8865\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865\n[  2 ] CVE-2016-3074\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074\n[  3 ] CVE-2016-4071\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071\n[  4 ] CVE-2016-4072\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072\n[  5 ] CVE-2016-4073\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073\n[  6 ] CVE-2016-4537\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537\n[  7 ] CVE-2016-4538\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538\n[  8 ] CVE-2016-4539\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539\n[  9 ] CVE-2016-4540\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540\n[ 10 ] CVE-2016-4541\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541\n[ 11 ] CVE-2016-4542\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542\n[ 12 ] CVE-2016-4543\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543\n[ 13 ] CVE-2016-4544\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544\n[ 14 ] CVE-2016-5385\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385\n[ 15 ] CVE-2016-6289\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289\n[ 16 ] CVE-2016-6290\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290\n[ 17 ] CVE-2016-6291\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291\n[ 18 ] CVE-2016-6292\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292\n[ 19 ] CVE-2016-6294\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294\n[ 20 ] CVE-2016-6295\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295\n[ 21 ] CVE-2016-6296\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296\n[ 22 ] CVE-2016-6297\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297\n[ 23 ] CVE-2016-7124\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124\n[ 24 ] CVE-2016-7125\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125\n[ 25 ] CVE-2016-7126\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126\n[ 26 ] CVE-2016-7127\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127\n[ 27 ] CVE-2016-7128\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128\n[ 28 ] CVE-2016-7129\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129\n[ 29 ] CVE-2016-7130\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130\n[ 30 ] CVE-2016-7131\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131\n[ 31 ] CVE-2016-7132\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132\n[ 32 ] CVE-2016-7133\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133\n[ 33 ] CVE-2016-7134\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134\n[ 34 ] CVE-2016-7411\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411\n[ 35 ] CVE-2016-7412\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412\n[ 36 ] CVE-2016-7413\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413\n[ 37 ] CVE-2016-7414\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414\n[ 38 ] CVE-2016-7416\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416\n[ 39 ] CVE-2016-7417\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417\n[ 40 ] CVE-2016-7418\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201611-22\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4073"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      },
      {
        "db": "BID",
        "id": "85991"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92892"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4073"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4073",
        "trust": 3.4
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/04/24/1",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "85991",
        "trust": 1.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002863",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-560",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-92892",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4073",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137174",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139729",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138463",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136841",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139968",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92892"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4073"
      },
      {
        "db": "BID",
        "id": "85991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-560"
      }
    ]
  },
  "id": "VAR-201605-0119",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92892"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:08:54.426000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206567"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206567"
      },
      {
        "title": "71906.diff",
        "trust": 0.8,
        "url": "https://gist.github.com/smalyshev/d8355c96a657cc5dba70"
      },
      {
        "title": "HPSBNS03635",
        "trust": 0.8,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05240731"
      },
      {
        "title": "Sec Bug #71906",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=71906"
      },
      {
        "title": "Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut",
        "trust": 0.8,
        "url": "https://git.php.net/?p=php-src.git;a=commit;h=64f42c73efc58e88671ad76b6b6bc8e2b62713e1"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "PHP 7 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-7.php"
      },
      {
        "title": "PHP Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61243"
      },
      {
        "title": "Red Hat: CVE-2016-4073",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-4073"
      },
      {
        "title": "Debian Security Advisories: DSA-3560-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f33dfec360e1186a6d0f52314de3ce6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-698",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-698"
      },
      {
        "title": "Ubuntu Security Notice: php5, php7.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2984-1"
      },
      {
        "title": "Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162750 - security advisory"
      },
      {
        "title": "watchdog",
        "trust": 0.1,
        "url": "https://github.com/flipkart-incubator/watchdog "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/catdever/watchdog "
      },
      {
        "title": "watchdog",
        "trust": 0.1,
        "url": "https://github.com/rohankumardubey/watchdog "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-4073"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-560"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92892"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4073"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=71906"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-7.php"
      },
      {
        "trust": 1.8,
        "url": "https://gist.github.com/smalyshev/d8355c96a657cc5dba70"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206567"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2016/04/24/1"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/85991"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201611-22"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2750.html"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05240731"
      },
      {
        "trust": 1.2,
        "url": "http://www.debian.org/security/2016/dsa-3560"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2952-1"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2952-2"
      },
      {
        "trust": 1.1,
        "url": "https://git.php.net/?p=php-src.git%3ba=commit%3bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1"
      },
      {
        "trust": 1.0,
        "url": "https://git.php.net/?p=php-src.git;a=commit;h=64f42c73efc58e88671ad76b6b6bc8e2b62713e1"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4073"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4073"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8865"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4073"
      },
      {
        "trust": 0.3,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 0.3,
        "url": "http://php.net/changelog-7.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-4073"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4544"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8386"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8391"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8383"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8874"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/flipkart-incubator/watchdog"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/./dsa-3560"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2984-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3132"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.4-7ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3078"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.23"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.17"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2984-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6288"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5093"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4342"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4473"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5096"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4070"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8853"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05240731"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8393"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8389"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8390"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://php.net/changelog-5.php#5.6.20"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7417"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7416"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5385"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7134"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7411"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7413"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7414"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7133"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7418"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3074"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92892"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4073"
      },
      {
        "db": "BID",
        "id": "85991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-560"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-92892"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4073"
      },
      {
        "db": "BID",
        "id": "85991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-560"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92892"
      },
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4073"
      },
      {
        "date": "2016-03-26T00:00:00",
        "db": "BID",
        "id": "85991"
      },
      {
        "date": "2016-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      },
      {
        "date": "2016-05-24T23:31:17",
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "date": "2016-11-15T16:44:45",
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "date": "2016-08-22T18:18:17",
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "date": "2016-04-28T15:45:53",
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "date": "2016-12-01T16:38:01",
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "date": "2016-05-20T11:00:18.037000",
        "db": "NVD",
        "id": "CVE-2016-4073"
      },
      {
        "date": "2016-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-560"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92892"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4073"
      },
      {
        "date": "2016-12-20T00:05:00",
        "db": "BID",
        "id": "85991"
      },
      {
        "date": "2016-10-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      },
      {
        "date": "2023-11-07T02:32:33.757000",
        "db": "NVD",
        "id": "CVE-2016-4073"
      },
      {
        "date": "2016-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-560"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-560"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/mbstring/libmbfl/mbfl/mbfilter.c of  mbfl_strcut Function Integer Overflow Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002863"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-560"
      }
    ],
    "trust": 0.6
  }
}

var-201908-1840
Vulnerability from variot

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. PHP EXIF Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A buffer error vulnerability exists in PHP 7.1.x prior to 7.1.31, 7.2.x prior to 7.2.21, and 7.3.x prior to 7.3.8. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. PHP is prone to a heap-based buffer-overflow vulnerability. Failed exploits will result in denial-of-service conditions.

PHP versions before 7.3.8 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15

macOS Catalina 10.15 addresses the following:

AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team

apache_mod_php Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 7.3.8. CVE-2019-11041 CVE-2019-11042

Audio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab Entry added October 29, 2019

Books Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service Description: A resource exhaustion issue was addressed with improved input validation. CVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven Entry added October 29, 2019

CFNetwork Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland Entry added October 29, 2019

CoreAudio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

CoreCrypto Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a large input may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2019-8741: Nicky Mouha of NIST Entry added October 29, 2019

CoreMedia Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8825: Found by GWP-ASan in Google Chrome Entry added October 29, 2019

Crash Reporter Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics Description: A race condition existed when reading and writing user preferences. This was addressed with improved state handling. CVE-2019-8757: William Cerniuk of Core Development, LLC

CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An input validation issue was addressed with improved input validation. CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) Entry added October 29, 2019

CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2019-8767: Stephen Zeisberg Entry added October 29, 2019

CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) Entry added October 29, 2019

File Quarantine Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to elevate privileges Description: This issue was addressed by removing the vulnerable code. CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs Entry added October 29, 2019

Foundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project Zero Entry added October 29, 2019

Graphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a malicious shader may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-12152: Piotr Bania of Cisco Talos CVE-2018-12153: Piotr Bania of Cisco Talos CVE-2018-12154: Piotr Bania of Cisco Talos Entry added October 29, 2019

Intel Graphics Driver Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8758: Lilang Wu and Moony Li of Trend Micro

IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved restrictions. CVE-2019-8755: Lilang Wu and Moony Li of Trend Micro

IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8759: another of 360 Nirvan Team Entry added October 29, 2019

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local app may be able to read a persistent account identifier Description: A validation issue was addressed with improved logic. CVE-2019-8809: Apple Entry added October 29, 2019

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8709: derrek (@derrekr6) [confirmed]derrek (@derrekr6) CVE-2019-8781: Linus Henze (pinauten.de) Entry added October 29, 2019

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team Entry added October 29, 2019

libxml2 Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in libxml2 Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8749: found by OSS-Fuzz CVE-2019-8756: found by OSS-Fuzz Entry added October 29, 2019

libxslt Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in libxslt Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8750: found by OSS-Fuzz Entry added October 29, 2019

mDNSResponder Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in physical proximity may be able to passively observe device names in AWDL communications Description: This issue was resolved by replacing device names with a random identifier. CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Entry added October 29, 2019

Menus Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8826: Found by GWP-ASan in Google Chrome Entry added October 29, 2019

Notes Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to view a user's locked notes Description: The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia Polytechnic Institute and State University

PDFKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker may be able to exfiltrate the contents of an encrypted PDF Description: An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising of FH Münster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH Münster University of Applied Sciences, and Jörg Schwenk of Ruhr University Bochum

PluginKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to check for the existence of arbitrary files Description: A logic issue was addressed with improved restrictions. CVE-2019-8708: an anonymous researcher Entry added October 29, 2019

PluginKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8715: an anonymous researcher Entry added October 29, 2019

SharedFileList Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to access recent documents Description: The issue was addressed with improved permissions logic. CVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH

sips Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992) and pjf of IceSword Lab of Qihoo 360

UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2019-8761: Renee Trisberg of SpectX Entry added October 29, 2019

UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A user may be unable to delete browsing history items Description: "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. CVE-2019-8768: Hugo S. Diaz (coldpointblue)

WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Visiting a maliciously crafted website may reveal browsing history Description: An issue existed in the drawing of web page elements. The issue was addressed with improved logic. CVE-2019-8769: Piérre Reimertz (@reimertz)

Additional recognition

AppleRTC We would like to acknowledge Vitaly Cheptsov for their assistance.

Audio We would like to acknowledge riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative for their assistance.

boringssl We would like to acknowledge Nimrod Aviram of Tel Aviv University, Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr University Bochum and Thijs Alkemade (@xnyhps) of Computest for their assistance.

Finder We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.

Gatekeeper We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.

Identity Service We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

mDNSResponder We would like to acknowledge Gregor Lang of e.solutions GmbH for their assistance.

python We would like to acknowledge an anonymous researcher for their assistance.

Safari Data Importing We would like to acknowledge Kent Zoya for their assistance.

Simple certificate enrollment protocol (SCEP) We would like to acknowledge an anonymous researcher for their assistance.

Telephony We would like to acknowledge Phil Stokes from SentinelOne for their assistance.

VPN We would like to acknowledge Royce Gawron of Second Son Consulting, Inc. for their assistance.

Installation note:

macOS Catalina 10.15 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s4QACgkQBz4uGe3y 0M0s3w//QZG0JsE1BjWJ3mwKoSn/I1V0SLryV9UxJeibPfhyF6VJEYk63jZxZ5ki 48vM7iKE3nAHamNFOMtUvyzEdO6VGNZ1uiuSu9nkyziEERapHJSLcEh83p2JhWV/ SEsBB3bsT4l3V9ZYxk/9DX6ynCTzKLZTynw6Yo2PMYiMpavD5sfZ6v8U53qdZ+LX SNuw+vRTsvu3YlFkUStTdQ64sT72yGII0c8iFpSb2AWv7IgbypB5lW4/MRQjrzoc 9yMhvMgXcgAlzoH5GpGE2EflbekcQxudxDh1t0o7f8OASRPTljNjL4oiKXBMhiAM iUgDn7duE9LqupfSWK5WOUkF+XRV0qTaLCTDWaCzVa5YsApvSVPhbmoFqKXSQG8T U6SxQviqzJ06sD1jqm2sZ/LnD5xMEXhQvNx89oJrTRsCU/o0fy4tRhHp52aJoF7E Wvr1kTlo6SGm6NjkmZVoKj6962/0XUYSOt8gR+L/sF7N6URUG+1Ko2jx8zhYHMEO ju+Hw0TFHd+8mP29oOEIsIpuRpCp9jjgEJDdu7mGqJ1Py2Gs0uGeHEZd6DJhKggA IvdJu4Q9usjWaxQ9H3m2I/xEqw78sMEEFgCYfLTC0gf2ChaiGZuhKipcF04c81kM bOGmjuyJrajD/2rY9EHrqtCm5b2079YAIxUAmTOkT0uP2WmlZoM= =bhin -----END PGP SIGNATURE-----

. 8) - aarch64, noarch, ppc64le, s390x, x86_64

For the stable distribution (buster), these problems have been fixed in version 7.3.9-1~deb10u1.

We recommend that you upgrade your php7.3 packages. ========================================================================= Ubuntu Security Notice USN-4097-1 August 13, 2019

php7.0, php7.2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

PHP could be made to crash or execute arbitrary code if it received specially crafted image. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04: libapache2-mod-php7.2 7.2.19-0ubuntu0.19.04.2 php7.2-cgi 7.2.19-0ubuntu0.19.04.2 php7.2-cli 7.2.19-0ubuntu0.19.04.2 php7.2-fpm 7.2.19-0ubuntu0.19.04.2 php7.2-xmlrpc 7.2.19-0ubuntu0.19.04.2

Ubuntu 18.04 LTS: libapache2-mod-php7.2 7.2.19-0ubuntu0.18.04.2 php7.2-cgi 7.2.19-0ubuntu0.18.04.2 php7.2-cli 7.2.19-0ubuntu0.18.04.2 php7.2-fpm 7.2.19-0ubuntu0.18.04.2 php7.2-xmlrpc 7.2.19-0ubuntu0.18.04.2

Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.6 php7.0-cgi 7.0.33-0ubuntu0.16.04.6 php7.0-cli 7.0.33-0ubuntu0.16.04.6 php7.0-fpm 7.0.33-0ubuntu0.16.04.6 php7.0-xmlrpc 7.0.33-0ubuntu0.16.04.6

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Critical: rh-php72-php security update Advisory ID: RHSA-2019:3299-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:3299 Issue date: 2019-11-01 CVE Names: CVE-2016-10166 CVE-2018-20783 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 =====================================================================

  1. Summary:

An update for rh-php72-php is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: rh-php72-php (7.2.24). (BZ#1766603)

Security Fix(es):

  • php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)

  • gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166)

  • gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)

  • php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)

  • php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637)

  • php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)

  • php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)

  • php: Invalid read in exif_process_SOFn() (CVE-2019-9640)

  • php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)

  • php: Buffer over-read in exif_read_data() (CVE-2019-11040)

  • php: Buffer over-read in PHAR reading functions (CVE-2018-20783)

  • php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021)

  • php: memcpy with negative length via crafted DNS response (CVE-2019-9022)

  • php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023)

  • php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)

  • php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034)

  • php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035)

  • php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036)

  • gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038)

  • php: heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)

  • php: heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc() 1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c 1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions 1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode() 1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions 1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions 1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c 1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response 1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing 1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn() 1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value() 1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG() 1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure 1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm() 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data() 1739459 - CVE-2019-11041 php: heap buffer over-read in exif_scan_thumbnail() 1739465 - CVE-2019-11042 php: heap buffer over-read in exif_process_user_comment() 1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

aarch64: rh-php72-php-7.2.24-1.el7.aarch64.rpm rh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm rh-php72-php-cli-7.2.24-1.el7.aarch64.rpm rh-php72-php-common-7.2.24-1.el7.aarch64.rpm rh-php72-php-dba-7.2.24-1.el7.aarch64.rpm rh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm rh-php72-php-devel-7.2.24-1.el7.aarch64.rpm rh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm rh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm rh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm rh-php72-php-gd-7.2.24-1.el7.aarch64.rpm rh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-intl-7.2.24-1.el7.aarch64.rpm rh-php72-php-json-7.2.24-1.el7.aarch64.rpm rh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm rh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm rh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm rh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm rh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm rh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm rh-php72-php-process-7.2.24-1.el7.aarch64.rpm rh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm rh-php72-php-recode-7.2.24-1.el7.aarch64.rpm rh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-soap-7.2.24-1.el7.aarch64.rpm rh-php72-php-xml-7.2.24-1.el7.aarch64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm rh-php72-php-zip-7.2.24-1.el7.aarch64.rpm

ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm

s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

aarch64: rh-php72-php-7.2.24-1.el7.aarch64.rpm rh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm rh-php72-php-cli-7.2.24-1.el7.aarch64.rpm rh-php72-php-common-7.2.24-1.el7.aarch64.rpm rh-php72-php-dba-7.2.24-1.el7.aarch64.rpm rh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm rh-php72-php-devel-7.2.24-1.el7.aarch64.rpm rh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm rh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm rh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm rh-php72-php-gd-7.2.24-1.el7.aarch64.rpm rh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-intl-7.2.24-1.el7.aarch64.rpm rh-php72-php-json-7.2.24-1.el7.aarch64.rpm rh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm rh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm rh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm rh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm rh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm rh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm rh-php72-php-process-7.2.24-1.el7.aarch64.rpm rh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm rh-php72-php-recode-7.2.24-1.el7.aarch64.rpm rh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-soap-7.2.24-1.el7.aarch64.rpm rh-php72-php-xml-7.2.24-1.el7.aarch64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm rh-php72-php-zip-7.2.24-1.el7.aarch64.rpm

ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm

s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm

x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm

s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm

x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm

s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm

x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm

s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm

x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-10166 https://access.redhat.com/security/cve/CVE-2018-20783 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-9020 https://access.redhat.com/security/cve/CVE-2019-9021 https://access.redhat.com/security/cve/CVE-2019-9022 https://access.redhat.com/security/cve/CVE-2019-9023 https://access.redhat.com/security/cve/CVE-2019-9024 https://access.redhat.com/security/cve/CVE-2019-9637 https://access.redhat.com/security/cve/CVE-2019-9638 https://access.redhat.com/security/cve/CVE-2019-9639 https://access.redhat.com/security/cve/CVE-2019-9640 https://access.redhat.com/security/cve/CVE-2019-11034 https://access.redhat.com/security/cve/CVE-2019-11035 https://access.redhat.com/security/cve/CVE-2019-11036 https://access.redhat.com/security/cve/CVE-2019-11038 https://access.redhat.com/security/cve/CVE-2019-11039 https://access.redhat.com/security/cve/CVE-2019-11040 https://access.redhat.com/security/cve/CVE-2019-11041 https://access.redhat.com/security/cve/CVE-2019-11042 https://access.redhat.com/security/cve/CVE-2019-11043 https://access.redhat.com/security/updates/classification/#critical

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXbwslNzjgjWX9erEAQgZrA//YpBwARJTytrbpWQquZ4hnjbScNEZK1d4 sOOT+oiQSrzvghsNKNCKwEO1CLbNA9XOT7bCchtpD/HguTc4XeGNk7dAf/qA6UVB tJCxmqNBVBKqoe9UafmxLUFcVSkv/PHRVD2h+/TvmqdB8Uf2Z8hIIaBt7UsW34sb yBMLJVhyG98c/7VzwqFXW6Vm+Ly6+/ViYtloe5/Ex4D8FvB72Cc9uRvCTWdLLOXu PlwQKdaEt5CtUrTmLFEX+9t6tybwhNBf/dZ96nazCaSRtQVnhZI9s+wjoE6vEOOB +bOldvJ9tu7LclzMIz7SbSqjhPBSLtEMGZKcO1havVGDwcfPAEc12TW9DtVFDlqA Xq+dFW5vviRCoMlSmNBmSqQZSWMF64LdzjvWfW2G/nBnNLOdhu/Wufs1sJUOc+cp V9PgQH0iWut0N89DaOzTH+4PQvvvTw12HuKHk+P+/O8bBBdcI9gpd5klce/5jquc QXqhy49koz6BturNpVnXfSWjdLPwQ1pwhGJOkv7vLsdx6HVeuY6BsSE+C28cHFl+ z/AOZL4eCa9xKlePdGKCbqzTjMmCiJQbeShoBOKt1DtSgVVgtE0Kc5EZQcqop0aw RG304k1HSbrgsSRFxx6s1RophOQaC3ASvWkw5OY/8ylNrO9AAMxLRjZNCve6V7Rq 86WRMpuQxpE= =winR -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1840",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "canonical",
        "version": "19.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.1"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.8"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.21"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.1.0"
      },
      {
        "model": "software collections",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.1.31"
      },
      {
        "model": "tenable.sc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.19.0"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.1.31 for up to  7.1.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.2.21 for up to  7.2.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.3.8 for up to  7.3.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.30"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.15"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-11041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11041"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.1.31",
                "versionStartIncluding": "7.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.21",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.8",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-11041"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu,Red Hat",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-140"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-11041",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-11041",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-142648",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-11041",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 4.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "security@php.net",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.2,
            "impactScore": 2.5,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-11041",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-11041",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security@php.net",
            "id": "CVE-2019-11041",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-140",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-142648",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-11041",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142648"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-140"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11041"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11041"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. PHP EXIF Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A buffer error vulnerability exists in PHP 7.1.x prior to 7.1.31, 7.2.x prior to 7.2.21, and 7.3.x prior to 7.3.8. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. PHP is prone to a heap-based buffer-overflow vulnerability. Failed exploits will result in denial-of-service conditions. \n\nPHP  versions before 7.3.8 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-29-10 Additional information\nfor APPLE-SA-2019-10-07-1 macOS Catalina 10.15\n\nmacOS Catalina 10.15 addresses the following:\n\nAMD\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security\nResearch Team\n\napache_mod_php\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in PHP\nDescription: Multiple issues were addressed by updating to PHP\nversion 7.3.8. \nCVE-2019-11041\nCVE-2019-11042\n\nAudio\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab\nEntry added October 29, 2019\n\nBooks\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Parsing a maliciously crafted iBooks file may lead to a\npersistent denial-of-service\nDescription: A resource exhaustion issue was addressed with improved\ninput validation. \nCVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven\nEntry added October 29, 2019\n\nCFNetwork\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: This issue was addressed with improved checks. \nCVE-2019-8753: \u0141ukasz Pilorz of Standard Chartered GBS Poland\nEntry added October 29, 2019\n\nCoreAudio\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted movie may result in the\ndisclosure of process memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-8705: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nCoreCrypto\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a large input may lead to a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2019-8741: Nicky Mouha of NIST\nEntry added October 29, 2019\n\nCoreMedia\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8825: Found by GWP-ASan in Google Chrome\nEntry added October 29, 2019\n\nCrash Reporter\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: The \"Share Mac Analytics\" setting may not be disabled when a\nuser deselects the switch to share analytics\nDescription: A race condition existed when reading and writing user\npreferences. This was addressed with improved state handling. \nCVE-2019-8757: William Cerniuk of Core Development, LLC\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)\nEntry added October 29, 2019\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted string may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2019-8767: Stephen Zeisberg\nEntry added October 29, 2019\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)\nEntry added October 29, 2019\n\nFile Quarantine\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to elevate privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs\nEntry added October 29, 2019\n\nFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8746: Natalie Silvanovich and Samuel Gro\u00df of Google Project\nZero\nEntry added October 29, 2019\n\nGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a malicious shader may result in unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2018-12152: Piotr Bania of Cisco Talos\nCVE-2018-12153: Piotr Bania of Cisco Talos\nCVE-2018-12154: Piotr Bania of Cisco Talos\nEntry added October 29, 2019\n\nIntel Graphics Driver\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8758: Lilang Wu and Moony Li of Trend Micro\n\nIOGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8755: Lilang Wu and Moony Li of Trend Micro\n\nIOGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8759: another of 360 Nirvan Team\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local app may be able to read a persistent account\nidentifier\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8809: Apple\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8709: derrek (@derrekr6)\n[confirmed]derrek (@derrekr6)\nCVE-2019-8781: Linus Henze (pinauten.de)\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8717: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory corruption issue existed in the handling of\nIPv6 packets. This issue was addressed with improved memory\nmanagement. \nCVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team\nEntry added October 29, 2019\n\nlibxml2\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in libxml2\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8749: found by OSS-Fuzz\nCVE-2019-8756: found by OSS-Fuzz\nEntry added October 29, 2019\n\nlibxslt\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in libxslt\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8750: found by OSS-Fuzz\nEntry added October 29, 2019\n\nmDNSResponder\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in physical proximity may be able to passively\nobserve device names in AWDL communications\nDescription: This issue was resolved by replacing device names with a\nrandom identifier. \nCVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile\nNetworking Lab at Technische Universit\u00e4t Darmstadt\nEntry added October 29, 2019\n\nMenus\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8826: Found by GWP-ASan in Google Chrome\nEntry added October 29, 2019\n\nNotes\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: The contents of locked notes sometimes appeared in\nsearch results. This issue was addressed with improved data cleanup. \nCVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia\nPolytechnic Institute and State University\n\nPDFKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker may be able to exfiltrate the contents of an\nencrypted PDF\nDescription: An issue existed in the handling of links in encrypted\nPDFs. This issue was addressed by adding a confirmation prompt. \nCVE-2019-8772: Jens M\u00fcller of Ruhr University Bochum, Fabian Ising\nof FH M\u00fcnster University of Applied Sciences, Vladislav Mladenov\nof Ruhr University Bochum, Christian Mainka of Ruhr University\nBochum, Sebastian Schinzel of FH M\u00fcnster University of Applied\nSciences, and J\u00f6rg Schwenk of Ruhr University Bochum\n\nPluginKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8708: an anonymous researcher\nEntry added October 29, 2019\n\nPluginKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8715: an anonymous researcher\nEntry added October 29, 2019\n\nSharedFileList\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to access recent\ndocuments\nDescription: The issue was addressed with improved permissions logic. \nCVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH\n\nsips\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992)\nand pjf of IceSword Lab of Qihoo 360\n\nUIFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Parsing a maliciously crafted text file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2019-8761: Renee Trisberg of SpectX\nEntry added October 29, 2019\n\nUIFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8745: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nWebKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A user may be unable to delete browsing history items\nDescription: \"Clear History and Website Data\" did not clear the\nhistory. The issue was addressed with improved data deletion. \nCVE-2019-8768: Hugo S. Diaz (coldpointblue)\n\nWebKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Visiting a maliciously crafted website may reveal browsing\nhistory\nDescription: An issue existed in the drawing of web page elements. \nThe issue was addressed with improved logic. \nCVE-2019-8769: Pi\u00e9rre Reimertz (@reimertz)\n\nAdditional recognition\n\nAppleRTC\nWe would like to acknowledge Vitaly Cheptsov for their assistance. \n\nAudio\nWe would like to acknowledge riusksk of VulWar Corp working with\nTrend Micro\u0027s Zero Day Initiative for their assistance. \n\nboringssl\nWe would like to acknowledge Nimrod Aviram of Tel Aviv University,\nRobert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr\nUniversity Bochum and Thijs Alkemade (@xnyhps) of Computest for their\nassistance. \n\nFinder\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nGatekeeper\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nIdentity Service\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nmDNSResponder\nWe would like to acknowledge Gregor Lang of e.solutions GmbH for\ntheir assistance. \n\npython\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nSafari Data Importing\nWe would like to acknowledge Kent Zoya for their assistance. \n\nSimple certificate enrollment protocol (SCEP)\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nTelephony\nWe would like to acknowledge Phil Stokes from SentinelOne for their\nassistance. \n\nVPN\nWe would like to acknowledge Royce Gawron of Second Son Consulting,\nInc. for their assistance. \n\nInstallation note:\n\nmacOS Catalina 10.15 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s4QACgkQBz4uGe3y\n0M0s3w//QZG0JsE1BjWJ3mwKoSn/I1V0SLryV9UxJeibPfhyF6VJEYk63jZxZ5ki\n48vM7iKE3nAHamNFOMtUvyzEdO6VGNZ1uiuSu9nkyziEERapHJSLcEh83p2JhWV/\nSEsBB3bsT4l3V9ZYxk/9DX6ynCTzKLZTynw6Yo2PMYiMpavD5sfZ6v8U53qdZ+LX\nSNuw+vRTsvu3YlFkUStTdQ64sT72yGII0c8iFpSb2AWv7IgbypB5lW4/MRQjrzoc\n9yMhvMgXcgAlzoH5GpGE2EflbekcQxudxDh1t0o7f8OASRPTljNjL4oiKXBMhiAM\niUgDn7duE9LqupfSWK5WOUkF+XRV0qTaLCTDWaCzVa5YsApvSVPhbmoFqKXSQG8T\nU6SxQviqzJ06sD1jqm2sZ/LnD5xMEXhQvNx89oJrTRsCU/o0fy4tRhHp52aJoF7E\nWvr1kTlo6SGm6NjkmZVoKj6962/0XUYSOt8gR+L/sF7N6URUG+1Ko2jx8zhYHMEO\nju+Hw0TFHd+8mP29oOEIsIpuRpCp9jjgEJDdu7mGqJ1Py2Gs0uGeHEZd6DJhKggA\nIvdJu4Q9usjWaxQ9H3m2I/xEqw78sMEEFgCYfLTC0gf2ChaiGZuhKipcF04c81kM\nbOGmjuyJrajD/2rY9EHrqtCm5b2079YAIxUAmTOkT0uP2WmlZoM=\n=bhin\n-----END PGP SIGNATURE-----\n\n\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.9-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. =========================================================================\nUbuntu Security Notice USN-4097-1\nAugust 13, 2019\n\nphp7.0, php7.2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nPHP could be made to crash or execute arbitrary code if it\nreceived specially crafted image. \nAn attacker could possibly use this issue to cause a denial of service\nor execute arbitrary code. (CVE-2019-11041, CVE-2019-11042)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n  libapache2-mod-php7.2           7.2.19-0ubuntu0.19.04.2\n  php7.2-cgi                      7.2.19-0ubuntu0.19.04.2\n  php7.2-cli                      7.2.19-0ubuntu0.19.04.2\n  php7.2-fpm                      7.2.19-0ubuntu0.19.04.2\n  php7.2-xmlrpc                   7.2.19-0ubuntu0.19.04.2\n\nUbuntu 18.04 LTS:\n  libapache2-mod-php7.2           7.2.19-0ubuntu0.18.04.2\n  php7.2-cgi                      7.2.19-0ubuntu0.18.04.2\n  php7.2-cli                      7.2.19-0ubuntu0.18.04.2\n  php7.2-fpm                      7.2.19-0ubuntu0.18.04.2\n  php7.2-xmlrpc                   7.2.19-0ubuntu0.18.04.2\n\nUbuntu 16.04 LTS:\n  libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.6\n  php7.0-cgi                      7.0.33-0ubuntu0.16.04.6\n  php7.0-cli                      7.0.33-0ubuntu0.16.04.6\n  php7.0-fpm                      7.0.33-0ubuntu0.16.04.6\n  php7.0-xmlrpc                   7.0.33-0ubuntu0.16.04.6\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: rh-php72-php security update\nAdvisory ID:       RHSA-2019:3299-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:3299\nIssue date:        2019-11-01\nCVE Names:         CVE-2016-10166 CVE-2018-20783 CVE-2019-6977 \n                   CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 \n                   CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 \n                   CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 \n                   CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 \n                   CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 \n                   CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php72-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nThe following packages have been upgraded to a later upstream version:\nrh-php72-php (7.2.24). (BZ#1766603)\n\nSecurity Fix(es):\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\n* gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166)\n\n* gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c\n(CVE-2019-6977)\n\n* php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)\n\n* php: File rename across filesystems may allow unwanted access during\nprocessing (CVE-2019-9637)\n\n* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)\n\n* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)\n\n* php: Invalid read in exif_process_SOFn() (CVE-2019-9640)\n\n* php: Out-of-bounds read due to integer overflow in\niconv_mime_decode_headers() (CVE-2019-11039)\n\n* php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n* php: Buffer over-read in PHAR reading functions (CVE-2018-20783)\n\n* php: Heap-based buffer over-read in PHAR reading functions\n(CVE-2019-9021)\n\n* php: memcpy with negative length via crafted DNS response (CVE-2019-9022)\n\n* php: Heap-based buffer over-read in mbstring regular expression functions\n(CVE-2019-9023)\n\n* php: Out-of-bounds read in base64_decode_xmlrpc in\next/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)\n\n* php: Heap buffer overflow in function exif_process_IFD_TAG()\n(CVE-2019-11034)\n\n* php: Heap buffer overflow in function exif_iif_add_value()\n(CVE-2019-11035)\n\n* php: Buffer over-read in exif_process_IFD_TAG() leading to information\ndisclosure (CVE-2019-11036)\n\n* gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038)\n\n* php: heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n* php: heap buffer over-read in exif_process_user_comment()\n(CVE-2019-11042)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc()\n1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c\n1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions\n1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode()\n1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions\n1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions\n1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c\n1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response\n1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing\n1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE\n1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE\n1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn()\n1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value()\n1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG()\n1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure\n1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm()\n1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()\n1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data()\n1739459 - CVE-2019-11041 php: heap buffer over-read in exif_scan_thumbnail()\n1739465 - CVE-2019-11042 php: heap buffer over-read in exif_process_user_comment()\n1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\naarch64:\nrh-php72-php-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-cli-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-common-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dba-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-devel-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-intl-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-json-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-process-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-recode-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-soap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xml-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-zip-7.2.24-1.el7.aarch64.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\naarch64:\nrh-php72-php-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-cli-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-common-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dba-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-devel-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-intl-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-json-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-process-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-recode-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-soap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xml-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-zip-7.2.24-1.el7.aarch64.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10166\nhttps://access.redhat.com/security/cve/CVE-2018-20783\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-9020\nhttps://access.redhat.com/security/cve/CVE-2019-9021\nhttps://access.redhat.com/security/cve/CVE-2019-9022\nhttps://access.redhat.com/security/cve/CVE-2019-9023\nhttps://access.redhat.com/security/cve/CVE-2019-9024\nhttps://access.redhat.com/security/cve/CVE-2019-9637\nhttps://access.redhat.com/security/cve/CVE-2019-9638\nhttps://access.redhat.com/security/cve/CVE-2019-9639\nhttps://access.redhat.com/security/cve/CVE-2019-9640\nhttps://access.redhat.com/security/cve/CVE-2019-11034\nhttps://access.redhat.com/security/cve/CVE-2019-11035\nhttps://access.redhat.com/security/cve/CVE-2019-11036\nhttps://access.redhat.com/security/cve/CVE-2019-11038\nhttps://access.redhat.com/security/cve/CVE-2019-11039\nhttps://access.redhat.com/security/cve/CVE-2019-11040\nhttps://access.redhat.com/security/cve/CVE-2019-11041\nhttps://access.redhat.com/security/cve/CVE-2019-11042\nhttps://access.redhat.com/security/cve/CVE-2019-11043\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXbwslNzjgjWX9erEAQgZrA//YpBwARJTytrbpWQquZ4hnjbScNEZK1d4\nsOOT+oiQSrzvghsNKNCKwEO1CLbNA9XOT7bCchtpD/HguTc4XeGNk7dAf/qA6UVB\ntJCxmqNBVBKqoe9UafmxLUFcVSkv/PHRVD2h+/TvmqdB8Uf2Z8hIIaBt7UsW34sb\nyBMLJVhyG98c/7VzwqFXW6Vm+Ly6+/ViYtloe5/Ex4D8FvB72Cc9uRvCTWdLLOXu\nPlwQKdaEt5CtUrTmLFEX+9t6tybwhNBf/dZ96nazCaSRtQVnhZI9s+wjoE6vEOOB\n+bOldvJ9tu7LclzMIz7SbSqjhPBSLtEMGZKcO1havVGDwcfPAEc12TW9DtVFDlqA\nXq+dFW5vviRCoMlSmNBmSqQZSWMF64LdzjvWfW2G/nBnNLOdhu/Wufs1sJUOc+cp\nV9PgQH0iWut0N89DaOzTH+4PQvvvTw12HuKHk+P+/O8bBBdcI9gpd5klce/5jquc\nQXqhy49koz6BturNpVnXfSWjdLPwQ1pwhGJOkv7vLsdx6HVeuY6BsSE+C28cHFl+\nz/AOZL4eCa9xKlePdGKCbqzTjMmCiJQbeShoBOKt1DtSgVVgtE0Kc5EZQcqop0aw\nRG304k1HSbrgsSRFxx6s1RophOQaC3ASvWkw5OY/8ylNrO9AAMxLRjZNCve6V7Rq\n86WRMpuQxpE=\n=winR\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-11041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142648"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11041"
      },
      {
        "db": "PACKETSTORM",
        "id": "154561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "154543"
      },
      {
        "db": "PACKETSTORM",
        "id": "154050"
      },
      {
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-11041",
        "trust": 3.3
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-14",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "159094",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007694",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "154051",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-140",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "157463",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3073",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3272",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2515",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0741",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3072",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4296",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1500",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3111",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6056",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072292",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "154050",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154768",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-142648",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11041",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154561",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155066",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155070",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142648"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      },
      {
        "db": "PACKETSTORM",
        "id": "154561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "154543"
      },
      {
        "db": "PACKETSTORM",
        "id": "154050"
      },
      {
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-140"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11041"
      }
    ]
  },
  "id": "VAR-201908-1840",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142648"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:18:47.623000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[SECURITY] [DLA 1878-1] php5 security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
      },
      {
        "title": "78222",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=78222"
      },
      {
        "title": "USN-4097-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/4097-1/"
      },
      {
        "title": "USN-4097-2",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/4097-2/"
      },
      {
        "title": "PHP Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=95902"
      },
      {
        "title": "Ubuntu Security Notice: php7.0, php7.2 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4097-1"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4097-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2019-1284",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1284"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2019-1283",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1283"
      },
      {
        "title": "Debian Security Advisories: DSA-4527-1 php7.3 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=877cb76e8aeddfa40b275ad142be1771"
      },
      {
        "title": "Red Hat: Moderate: php:7.2 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201624 - security advisory"
      },
      {
        "title": "Red Hat: Critical: rh-php72-php security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193299 - security advisory"
      },
      {
        "title": "Apple: macOS Catalina 10.15",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aafc8ca42bce10e92a70604a0d265a55"
      },
      {
        "title": "Debian Security Advisories: DSA-4529-1 php7.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ee5cd1d3e8c521eee01300cbf544b2d7"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/apple-tackles-a-dozen-bugs-in-catalina/148988/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-11041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-140"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142648"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11041"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://access.redhat.com/errata/rhsa-2019:3299"
      },
      {
        "trust": 2.5,
        "url": "https://usn.ubuntu.com/4097-1/"
      },
      {
        "trust": 2.4,
        "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
      },
      {
        "trust": 2.4,
        "url": "https://usn.ubuntu.com/4097-2/"
      },
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11041"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2019/sep/35"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2019/sep/38"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2019/oct/9"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=78222"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht210634"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2019/dsa-4527"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2019/dsa-4529"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2019/oct/15"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2019/oct/55"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht210722"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2021-14"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11041"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2019-11041"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11042"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2019:3300"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192243-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1500/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3073/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3272/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159094/red-hat-security-advisory-2020-3662-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-29928"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154051/ubuntu-security-notice-usn-4097-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0741/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4296/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210722"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210634"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-php/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3072/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6056"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157463/red-hat-security-advisory-2020-1624-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3111/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11040"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11039"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11036"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11035"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11038"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11034"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8717"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8757"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8701"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8730"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8745"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8748"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8758"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8755"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11040"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11039"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11042"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109468"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8753"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8706"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8744"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8746"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8708"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8756"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12153"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8749"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8741"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8715"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12152"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7065"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11050"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11045"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19203"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7062"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7059"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11045"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11047"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7066"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7065"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11047"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19203"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7063"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7064"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19246"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16163"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7066"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11048"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11048"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13224"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7060"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16163"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19246"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7063"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7062"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11050"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7059"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7060"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.19-0ubuntu0.18.04.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.6"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4097-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.19-0ubuntu0.19.04.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9022"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9640"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9024"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9638"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9637"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11036"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11043"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9638"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11038"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9024"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6977"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9639"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9023"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9022"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11043"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9640"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9021"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9023"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-10166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9639"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9637"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6977"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8770"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8768"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142648"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      },
      {
        "db": "PACKETSTORM",
        "id": "154561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "154543"
      },
      {
        "db": "PACKETSTORM",
        "id": "154050"
      },
      {
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-140"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11041"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-142648"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      },
      {
        "db": "PACKETSTORM",
        "id": "154561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "154543"
      },
      {
        "db": "PACKETSTORM",
        "id": "154050"
      },
      {
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-140"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11041"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142648"
      },
      {
        "date": "2019-08-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-11041"
      },
      {
        "date": "2019-08-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      },
      {
        "date": "2019-09-23T18:25:24",
        "db": "PACKETSTORM",
        "id": "154561"
      },
      {
        "date": "2019-11-01T17:10:40",
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "date": "2020-09-08T18:10:32",
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "date": "2019-09-20T14:58:48",
        "db": "PACKETSTORM",
        "id": "154543"
      },
      {
        "date": "2019-08-14T02:37:04",
        "db": "PACKETSTORM",
        "id": "154050"
      },
      {
        "date": "2019-11-01T17:11:58",
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "date": "2019-10-08T19:59:26",
        "db": "PACKETSTORM",
        "id": "154768"
      },
      {
        "date": "2019-08-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-140"
      },
      {
        "date": "2019-08-09T20:15:11.050000",
        "db": "NVD",
        "id": "CVE-2019-11041"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142648"
      },
      {
        "date": "2020-10-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-11041"
      },
      {
        "date": "2019-08-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      },
      {
        "date": "2023-03-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-140"
      },
      {
        "date": "2023-02-28T15:13:52.977000",
        "db": "NVD",
        "id": "CVE-2019-11041"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-140"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP EXIF Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007694"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-140"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0268
Vulnerability from variot

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. PHP is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A security vulnerability exists in PHP's implementation of pcntl_exec, which stems from the fact that the program does not allow null bytes in pathnames. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

This update also fixes the following bugs:

  • The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305)

  • When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299)

  • Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm

s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.ael7b_1.src.rpm

ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm

s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg= =FREZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2658-1 July 06, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description: - php5: HTML-embedded scripting language interpreter

Details:

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)

Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. (CVE-2015-4021)

Max Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. (CVE-2015-4022, CVE-2015-4643)

Shusheng Liu discovered that PHP incorrectly handled certain malformed form data. (CVE-2015-4024)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. (CVE-2015-4147)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4644)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.2 php5-cgi 5.6.4+dfsg-4ubuntu6.2 php5-cli 5.6.4+dfsg-4ubuntu6.2 php5-fpm 5.6.4+dfsg-4ubuntu6.2

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.6 php5-cgi 5.5.12+dfsg-2ubuntu4.6 php5-cli 5.5.12+dfsg-2ubuntu4.6 php5-fpm 5.5.12+dfsg-2ubuntu4.6

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.11 php5-cgi 5.5.9+dfsg-1ubuntu4.11 php5-cli 5.5.9+dfsg-1ubuntu4.11 php5-fpm 5.5.9+dfsg-1ubuntu4.11

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.19 php5-cgi 5.3.10-1ubuntu3.19 php5-cli 5.3.10-1ubuntu3.19 php5-fpm 5.3.10-1ubuntu3.19

In general, a standard system update will make all the necessary changes.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.41-i486-1_slack14.1.txz: Upgraded. This update fixes some bugs and security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 5e8d107dba11f8c87693edfdc32f56b7 php-5.4.41-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 24d6895fe6b0e9c88b04ceaccc35383d php-5.4.41-x86_64-1_slack14.0.txz

Slackware 14.1 package: 52011eec3a256a365789562b63e8ba84 php-5.4.41-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 82b75af6253121cab6cc84dd714f554c php-5.4.41-x86_64-1_slack14.1.txz

Slackware -current package: e1c64f133f44b0abac21e0846e39d3c8 n/php-5.6.9-i586-1.txz

Slackware x86_64 -current package: ae51c99af34a4bd8721e7140c38a8c1a n/php-5.6.9-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.4.41-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0268",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.37"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.30"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.36"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.35"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.34"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.33"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.32"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.31"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.18"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.16"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.15"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.14"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.13"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.10"
      },
      {
        "model": "5.4.0rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "php",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "flex system chassis management module 2pet",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.2"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.41"
      },
      {
        "model": "flex system chassis management module 2pet14c-2.5.5c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75056"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-132"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4026"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.40",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4026"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-4026",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-4026",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81987",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4026",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-132",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81987",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-4026",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81987"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4026"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-132"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4026"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. PHP is prone to a security-bypass vulnerability. \nAn attacker can leverage this issue to bypass security restrictions and  perform unauthorized actions. This may aid in further attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A security vulnerability exists in PHP\u0027s implementation of pcntl_exec, which stems from the fact that the program does not allow null bytes in pathnames. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php security and bug fix update\nAdvisory ID:       RHSA-2015:1135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1135.html\nIssue date:        2015-06-23\nCVE Names:         CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 \n                   CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 \n                   CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 \n                   CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 \n                   CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 \n                   CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 \n                   CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption. \n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nppc64:\nphp-5.4.16-36.el7_1.ppc64.rpm\nphp-cli-5.4.16-36.el7_1.ppc64.rpm\nphp-common-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-gd-5.4.16-36.el7_1.ppc64.rpm\nphp-ldap-5.4.16-36.el7_1.ppc64.rpm\nphp-mysql-5.4.16-36.el7_1.ppc64.rpm\nphp-odbc-5.4.16-36.el7_1.ppc64.rpm\nphp-pdo-5.4.16-36.el7_1.ppc64.rpm\nphp-pgsql-5.4.16-36.el7_1.ppc64.rpm\nphp-process-5.4.16-36.el7_1.ppc64.rpm\nphp-recode-5.4.16-36.el7_1.ppc64.rpm\nphp-soap-5.4.16-36.el7_1.ppc64.rpm\nphp-xml-5.4.16-36.el7_1.ppc64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-5.4.16-36.el7_1.s390x.rpm\nphp-cli-5.4.16-36.el7_1.s390x.rpm\nphp-common-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-gd-5.4.16-36.el7_1.s390x.rpm\nphp-ldap-5.4.16-36.el7_1.s390x.rpm\nphp-mysql-5.4.16-36.el7_1.s390x.rpm\nphp-odbc-5.4.16-36.el7_1.s390x.rpm\nphp-pdo-5.4.16-36.el7_1.s390x.rpm\nphp-pgsql-5.4.16-36.el7_1.s390x.rpm\nphp-process-5.4.16-36.el7_1.s390x.rpm\nphp-recode-5.4.16-36.el7_1.s390x.rpm\nphp-soap-5.4.16-36.el7_1.s390x.rpm\nphp-xml-5.4.16-36.el7_1.s390x.rpm\nphp-xmlrpc-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.ael7b_1.src.rpm\n\nppc64le:\nphp-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-cli-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-common-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-gd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-ldap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-odbc-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pdo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-process-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-recode-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-soap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xml-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.el7_1.ppc64.rpm\nphp-dba-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-devel-5.4.16-36.el7_1.ppc64.rpm\nphp-embedded-5.4.16-36.el7_1.ppc64.rpm\nphp-enchant-5.4.16-36.el7_1.ppc64.rpm\nphp-fpm-5.4.16-36.el7_1.ppc64.rpm\nphp-intl-5.4.16-36.el7_1.ppc64.rpm\nphp-mbstring-5.4.16-36.el7_1.ppc64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.ppc64.rpm\nphp-pspell-5.4.16-36.el7_1.ppc64.rpm\nphp-snmp-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.el7_1.s390x.rpm\nphp-dba-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-devel-5.4.16-36.el7_1.s390x.rpm\nphp-embedded-5.4.16-36.el7_1.s390x.rpm\nphp-enchant-5.4.16-36.el7_1.s390x.rpm\nphp-fpm-5.4.16-36.el7_1.s390x.rpm\nphp-intl-5.4.16-36.el7_1.s390x.rpm\nphp-mbstring-5.4.16-36.el7_1.s390x.rpm\nphp-mysqlnd-5.4.16-36.el7_1.s390x.rpm\nphp-pspell-5.4.16-36.el7_1.s390x.rpm\nphp-snmp-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nphp-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-dba-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-devel-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-embedded-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-enchant-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-fpm-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-intl-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pspell-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-snmp-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O\ndtqycPWs+07GhjmZ6NNx5Bg=\n=FREZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ============================================================================\nUbuntu Security Notice USN-2658-1\nJuly 06, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n\nSoftware Description:\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nNeal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL\nbytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled\nfilenames starting with a NULL byte. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\nwhen connecting to remote FTP servers. (CVE-2015-4022,\nCVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed form\ndata. (CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\ndata types. (CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\nthat the uri property is a string. A remote attacker could possibly use these issues to\nobtain sensitive information or cause a denial of service. This issue only affected Ubuntu\n15.04. (CVE-2015-4644)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libapache2-mod-php5             5.6.4+dfsg-4ubuntu6.2\n  php5-cgi                        5.6.4+dfsg-4ubuntu6.2\n  php5-cli                        5.6.4+dfsg-4ubuntu6.2\n  php5-fpm                        5.6.4+dfsg-4ubuntu6.2\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.6\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.6\n  php5-cli                        5.5.12+dfsg-2ubuntu4.6\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.6\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.11\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.11\n  php5-cli                        5.5.9+dfsg-1ubuntu4.11\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.11\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.19\n  php5-cgi                        5.3.10-1ubuntu3.19\n  php5-cli                        5.3.10-1ubuntu3.19\n  php5-fpm                        5.3.10-1ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.41-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes some bugs and security issues. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n5e8d107dba11f8c87693edfdc32f56b7  php-5.4.41-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n24d6895fe6b0e9c88b04ceaccc35383d  php-5.4.41-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n52011eec3a256a365789562b63e8ba84  php-5.4.41-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n82b75af6253121cab6cc84dd714f554c  php-5.4.41-x86_64-1_slack14.1.txz\n\nSlackware -current package:\ne1c64f133f44b0abac21e0846e39d3c8  n/php-5.6.9-i586-1.txz\n\nSlackware x86_64 -current package:\nae51c99af34a4bd8721e7140c38a8c1a  n/php-5.6.9-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.41-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4026"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      },
      {
        "db": "BID",
        "id": "75056"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81987"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4026"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4026",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "75056",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032431",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003052",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-132",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-81987",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4026",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132440",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132406",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132619",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132531",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132442",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132284",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81987"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4026"
      },
      {
        "db": "BID",
        "id": "75056"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-132"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4026"
      }
    ]
  },
  "id": "VAR-201506-0268",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81987"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:36:44.513000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "Sec Bug #68598",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=68598"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "TLSA-2015-15",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-15j.html"
      },
      {
        "title": "Debian Security Advisories: DSA-3280-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=46f85ac4e3abfa7a18e115fb47892db6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-535",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-535"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-534",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-534"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-536",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-536"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2658-1"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-4026"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4026"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=68598"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1186.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1219.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/75056"
      },
      {
        "trust": 1.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "http://www.debian.org/security/2015/dsa-3280"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158616.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/159031.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158915.html"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1032431"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4026"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4026"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223422"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.oracle.com/technetwork/topics/security/bulletinjul2017-3814622.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/6075/security-advisory-alienvault-v5-2-addresses-55-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098669"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4605"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4604"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/19.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39140"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2658-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.11"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2658-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.19"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4024"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7243"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-7243"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2326"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81987"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4026"
      },
      {
        "db": "BID",
        "id": "75056"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-132"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4026"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81987"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4026"
      },
      {
        "db": "BID",
        "id": "75056"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-132"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4026"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81987"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4026"
      },
      {
        "date": "2015-05-14T00:00:00",
        "db": "BID",
        "id": "75056"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      },
      {
        "date": "2015-06-25T14:18:12",
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "date": "2015-06-23T14:07:16",
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "date": "2015-07-09T23:16:26",
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "date": "2015-07-07T00:23:34",
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "date": "2015-06-25T14:18:25",
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "date": "2015-06-12T13:17:49",
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "date": "2015-06-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-132"
      },
      {
        "date": "2015-06-09T18:59:08.597000",
        "db": "NVD",
        "id": "CVE-2015-4026"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81987"
      },
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4026"
      },
      {
        "date": "2017-07-21T13:07:00",
        "db": "BID",
        "id": "75056"
      },
      {
        "date": "2015-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-132"
      },
      {
        "date": "2019-04-22T17:48:00.643000",
        "db": "NVD",
        "id": "CVE-2015-4026"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-132"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  pcntl_exec Vulnerability that can prevent extension restrictions in the implementation of",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003052"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-132"
      }
    ],
    "trust": 0.6
  }
}

var-200504-0063
Vulnerability from variot

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ PHP 4 Later, at compile time --enable-exif By compiling with EXIF ( Image file standards for digital cameras ) Enable support for. This generated by the digital camera JPEG/TIFF In the image EXIF Included in header IFD (Image File Directory) tag ( Information such as image size and type, compression method, color information, copyright ) You can get PHP 4.3.10 Before, 5.0.3 Included before EXIF module (exif.c) Contained within a specific image file IFD The following security issues exist due to inadequate handling of tags. still, PHP Group More distributed PHP By default, EXIF Support will not be activated, Red Hat Enterprise Linux Some as Linux Included with the distribution PHP In the package EXIF Support is enabled. PHP 4.3.11/5.0.4 In addition to the above issues, there are multiple security issues (CAN-2005-0524 And CAN-2005-0525 Such ) , And bugs have been fixed, PHP 4.3.11/5.0.4 Can be updated to PHP Group It is strongly recommended.Please refer to the “Overview” for the impact of this vulnerability. PHP is prone to a denial of service vulnerability. This issue could manifest itself in Web applications that allow users to upload images. PHP is a server-side scripting language designed to be embedded in HTML files and can run on Windows, Linux and many Unix operating systems

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200504-0063",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "suse",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "suse",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "suse",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "suse",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "8.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "6.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "6.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "5.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "5.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "4.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "4.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "4.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "4.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "2.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "1.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "conectiva",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "8.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "conectiva",
        "version": "10.0"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "peachtree",
        "version": "release_1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "4.3.10"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.0.3"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.3"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.3"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.3"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.1x86"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.1"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.1"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.0"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "7.0"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.4"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.4"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.4"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.3"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.3"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "6.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "9.0"
      },
      {
        "model": "linux i686",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "fedora core2",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "fedora core1",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3"
      },
      {
        "model": "linux release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "peachtree",
        "version": "1"
      },
      {
        "model": "s8710 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8710 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8700 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8500 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8300 r2.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "mn100",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "converged communications server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "13164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:peachtree:peachtree_linux:release_1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Martin Pitt  martin.pitt@canonical.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-1043",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2005-1043",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-12252",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-1043",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200504-048",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-12252",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ PHP 4 Later, at compile time --enable-exif By compiling with EXIF ( Image file standards for digital cameras ) Enable support for. This generated by the digital camera JPEG/TIFF In the image EXIF Included in header IFD (Image File Directory) tag ( Information such as image size and type, compression method, color information, copyright ) You can get PHP 4.3.10 Before, 5.0.3 Included before EXIF module (exif.c) Contained within a specific image file IFD The following security issues exist due to inadequate handling of tags. still, PHP Group More distributed PHP By default, EXIF Support will not be activated, Red Hat Enterprise Linux Some as Linux Included with the distribution PHP In the package EXIF Support is enabled. PHP 4.3.11/5.0.4 In addition to the above issues, there are multiple security issues (CAN-2005-0524 And CAN-2005-0525 Such ) , And bugs have been fixed, PHP 4.3.11/5.0.4 Can be updated to PHP Group It is strongly recommended.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. PHP is prone to a denial of service vulnerability. \nThis issue could manifest itself in Web applications that allow users to upload images. PHP is a server-side scripting language designed to be embedded in HTML files and can run on Windows, Linux and many Unix operating systems",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "BID",
        "id": "13164"
      },
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2005-1043",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "13164",
        "trust": 1.2
      },
      {
        "db": "BID",
        "id": "13163",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048",
        "trust": 0.7
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2005:406",
        "trust": 0.6
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200504-15",
        "trust": 0.6
      },
      {
        "db": "UBUNTU",
        "id": "USN-112-1",
        "trust": 0.6
      },
      {
        "db": "MANDRAKE",
        "id": "MDKSA-2005:072",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2005-06-08",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-12252",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "db": "BID",
        "id": "13164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ]
  },
  "id": "VAR-200504-0063",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:49:59.024000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ChangeLog-4",
        "trust": 0.8,
        "url": "http://jp2.php.net/changelog-4.php"
      },
      {
        "title": "ChangeLog-5",
        "trust": 0.8,
        "url": "http://jp2.php.net/changelog-5.php"
      },
      {
        "title": "release notes 4.3.11",
        "trust": 0.8,
        "url": "http://jp2.php.net/release_4_3_11.php"
      },
      {
        "title": "#28451",
        "trust": 0.8,
        "url": "http://bugs.php.net/bug.php?id=28451"
      },
      {
        "title": "#31797",
        "trust": 0.8,
        "url": "http://bugs.php.net/bug.php?id=31797"
      },
      {
        "title": "154021",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021"
      },
      {
        "title": "154025",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025"
      },
      {
        "title": "RHSA-2005:406",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2005-406.html"
      },
      {
        "title": "RHSA-2005:405",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2005-405.html"
      },
      {
        "title": "TLSA-2005-50",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2005/tlsa-2005-50.txt"
      },
      {
        "title": "RHSA-2005:405",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-405j.html"
      },
      {
        "title": "RHSA-2005:406",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-406j.html"
      },
      {
        "title": "TLSA-2005-50",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2005/tlsa-2005-50j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2005/jun/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:072"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2005-406.html"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025"
      },
      {
        "trust": 1.6,
        "url": "http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29\u0026r2=1.118.2.30\u0026ty=u"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/112-1/"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10307"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1043"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-1043"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/13164"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/13163"
      },
      {
        "trust": 0.6,
        "url": "http://www.ubuntulinux.org/support/documentation/usn/usn-112-1"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2005-136_rhsa-2005-405_rhsa-2005-406.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000955"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/changelog-4.php#4.3.11"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-405.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/396618"
      },
      {
        "trust": 0.1,
        "url": "http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29\u0026amp;r2=1.118.2.30\u0026amp;ty=u"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "db": "BID",
        "id": "13164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "db": "BID",
        "id": "13164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1043"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-04-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "date": "2005-04-12T00:00:00",
        "db": "BID",
        "id": "13164"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "date": "2005-04-14T04:00:00",
        "db": "NVD",
        "id": "CVE-2005-1043"
      },
      {
        "date": "2005-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-12252"
      },
      {
        "date": "2009-07-12T12:56:00",
        "db": "BID",
        "id": "13164"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      },
      {
        "date": "2018-10-30T16:25:35.387000",
        "db": "NVD",
        "id": "CVE-2005-1043"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  exif.c Specific in  EXIF Service disruption due to header  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000256"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200504-048"
      }
    ],
    "trust": 0.6
  }
}

var-201607-0657
Vulnerability from variot

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. This vulnerability "httpoxy" Is called a problem. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host.

The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more information:

https://php.net/ChangeLog-5.php#5.6.24

For the stable distribution (jessie), these problems have been fixed in version 5.6.24+dfsg-0+deb8u1.

For the unstable distribution (sid), these problems have been fixed in version 7.0.9-1 of the php7.0 source package.

We recommend that you upgrade your php5 packages.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded. For more information, see: http://php.net/ChangeLog-5.php#5.6.24 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 712cc177c9ac10f3d58e871ff27260dc php-5.6.24-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 47f6ad4a81517f5b2959abc73475742b php-5.6.24-x86_64-1_slack14.0.txz

Slackware 14.1 package: aea6a8869946186781e55c5ecec952b0 php-5.6.24-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: ab16db742762605b9b219b37cdd7e8db php-5.6.24-x86_64-1_slack14.1.txz

Slackware 14.2 package: c88a731667e741443712267d9b30286a php-5.6.24-i586-1_slack14.2.txz

Slackware x86_64 14.2 package: ed5b31c94e2fb91f0e6c40051f51da1c php-5.6.24-x86_64-1_slack14.2.txz

Slackware -current package: c25a85fece34101d35b8785022cef94d n/php-5.6.24-i586-1.txz

Slackware x86_64 -current package: 17f8886fc0901cea6d593170ea00fe7b n/php-5.6.24-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.6.24-i586-1_slack14.2.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: php security and bug fix update Advisory ID: RHSA-2016:1613-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1613.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 =====================================================================

  1. Summary:

An update for php is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. (CVE-2016-5385)

Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.

Bug Fix(es):

  • Previously, an incorrect logic in the SAPI header callback routine caused that the callback counter was not incremented. Consequently, when a script included a header callback, it could terminate unexpectedly with a segmentation fault. With this update, the callback counter is properly managed, and scripts with a header callback implementation work as expected. (BZ#1346758)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1346758 - Segmentation fault while header_register_callback 1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.3.el7_2.src.rpm

x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.3.el7_2.src.rpm

x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.3.el7_2.src.rpm

ppc64: php-5.4.16-36.3.el7_2.ppc64.rpm php-cli-5.4.16-36.3.el7_2.ppc64.rpm php-common-5.4.16-36.3.el7_2.ppc64.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64.rpm php-gd-5.4.16-36.3.el7_2.ppc64.rpm php-ldap-5.4.16-36.3.el7_2.ppc64.rpm php-mysql-5.4.16-36.3.el7_2.ppc64.rpm php-odbc-5.4.16-36.3.el7_2.ppc64.rpm php-pdo-5.4.16-36.3.el7_2.ppc64.rpm php-pgsql-5.4.16-36.3.el7_2.ppc64.rpm php-process-5.4.16-36.3.el7_2.ppc64.rpm php-recode-5.4.16-36.3.el7_2.ppc64.rpm php-soap-5.4.16-36.3.el7_2.ppc64.rpm php-xml-5.4.16-36.3.el7_2.ppc64.rpm php-xmlrpc-5.4.16-36.3.el7_2.ppc64.rpm

ppc64le: php-5.4.16-36.3.el7_2.ppc64le.rpm php-cli-5.4.16-36.3.el7_2.ppc64le.rpm php-common-5.4.16-36.3.el7_2.ppc64le.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64le.rpm php-gd-5.4.16-36.3.el7_2.ppc64le.rpm php-ldap-5.4.16-36.3.el7_2.ppc64le.rpm php-mysql-5.4.16-36.3.el7_2.ppc64le.rpm php-odbc-5.4.16-36.3.el7_2.ppc64le.rpm php-pdo-5.4.16-36.3.el7_2.ppc64le.rpm php-pgsql-5.4.16-36.3.el7_2.ppc64le.rpm php-process-5.4.16-36.3.el7_2.ppc64le.rpm php-recode-5.4.16-36.3.el7_2.ppc64le.rpm php-soap-5.4.16-36.3.el7_2.ppc64le.rpm php-xml-5.4.16-36.3.el7_2.ppc64le.rpm php-xmlrpc-5.4.16-36.3.el7_2.ppc64le.rpm

s390x: php-5.4.16-36.3.el7_2.s390x.rpm php-cli-5.4.16-36.3.el7_2.s390x.rpm php-common-5.4.16-36.3.el7_2.s390x.rpm php-debuginfo-5.4.16-36.3.el7_2.s390x.rpm php-gd-5.4.16-36.3.el7_2.s390x.rpm php-ldap-5.4.16-36.3.el7_2.s390x.rpm php-mysql-5.4.16-36.3.el7_2.s390x.rpm php-odbc-5.4.16-36.3.el7_2.s390x.rpm php-pdo-5.4.16-36.3.el7_2.s390x.rpm php-pgsql-5.4.16-36.3.el7_2.s390x.rpm php-process-5.4.16-36.3.el7_2.s390x.rpm php-recode-5.4.16-36.3.el7_2.s390x.rpm php-soap-5.4.16-36.3.el7_2.s390x.rpm php-xml-5.4.16-36.3.el7_2.s390x.rpm php-xmlrpc-5.4.16-36.3.el7_2.s390x.rpm

x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.3.el7_2.ppc64.rpm php-dba-5.4.16-36.3.el7_2.ppc64.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64.rpm php-devel-5.4.16-36.3.el7_2.ppc64.rpm php-embedded-5.4.16-36.3.el7_2.ppc64.rpm php-enchant-5.4.16-36.3.el7_2.ppc64.rpm php-fpm-5.4.16-36.3.el7_2.ppc64.rpm php-intl-5.4.16-36.3.el7_2.ppc64.rpm php-mbstring-5.4.16-36.3.el7_2.ppc64.rpm php-mysqlnd-5.4.16-36.3.el7_2.ppc64.rpm php-pspell-5.4.16-36.3.el7_2.ppc64.rpm php-snmp-5.4.16-36.3.el7_2.ppc64.rpm

ppc64le: php-bcmath-5.4.16-36.3.el7_2.ppc64le.rpm php-dba-5.4.16-36.3.el7_2.ppc64le.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64le.rpm php-devel-5.4.16-36.3.el7_2.ppc64le.rpm php-embedded-5.4.16-36.3.el7_2.ppc64le.rpm php-enchant-5.4.16-36.3.el7_2.ppc64le.rpm php-fpm-5.4.16-36.3.el7_2.ppc64le.rpm php-intl-5.4.16-36.3.el7_2.ppc64le.rpm php-mbstring-5.4.16-36.3.el7_2.ppc64le.rpm php-mysqlnd-5.4.16-36.3.el7_2.ppc64le.rpm php-pspell-5.4.16-36.3.el7_2.ppc64le.rpm php-snmp-5.4.16-36.3.el7_2.ppc64le.rpm

s390x: php-bcmath-5.4.16-36.3.el7_2.s390x.rpm php-dba-5.4.16-36.3.el7_2.s390x.rpm php-debuginfo-5.4.16-36.3.el7_2.s390x.rpm php-devel-5.4.16-36.3.el7_2.s390x.rpm php-embedded-5.4.16-36.3.el7_2.s390x.rpm php-enchant-5.4.16-36.3.el7_2.s390x.rpm php-fpm-5.4.16-36.3.el7_2.s390x.rpm php-intl-5.4.16-36.3.el7_2.s390x.rpm php-mbstring-5.4.16-36.3.el7_2.s390x.rpm php-mysqlnd-5.4.16-36.3.el7_2.s390x.rpm php-pspell-5.4.16-36.3.el7_2.s390x.rpm php-snmp-5.4.16-36.3.el7_2.s390x.rpm

x86_64: php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.3.el7_2.src.rpm

x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXrPgaXlSAg2UNWIIRAjn0AJ9+uobkj268+7awLhgQLyNGujzgkgCgp8+D ggdX4EUo7inKwJDZgGYrNok= =Zn6M -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-3045-1 August 02, 2016

php5, php7.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description: - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain SplMinHeap::compar e operations. A remote attacker could use this issue to cause PHP to crash,

resulting in a denial of service, or possibly execute arbitrary code. Thi s issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116 )

It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873)

It was discovered that PHP incorrectly validated certain Exception object s when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2015-8876)

It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use thi s issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935)

It was discovered that PHP incorrectly handled certain locale operations.

An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093)

It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to

cause PHP to crash, resulting in a denial of service, or possibly execute

arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2016-5094, CVE-2016-5095)

It was discovered that the PHP fread() function incorrectly handled certa in lengths. An attacker could use this issue to cause PHP to crash, resultin g in a denial of service, or possibly execute arbitrary code. This issue on ly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)

It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker cou ld use this issue to cause PHP to crash, resulting in a denial of service, o r possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)

It was discovered that PHP would not protect applications from contents o f the HTTP_PROXY environment variable when based on the contents of the Pro xy header from HTTP requests. A remote attacker could possibly use this issu e in combination with scripts that honour the HTTP_PROXY variable to redire ct outgoing HTTP requests. (CVE-2016-5385)

Hans Jerry Illikainen discovered that the PHP bzread() function incorrect ly performed error handling. A remote attacker could use this issue to cause

PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399)

It was discovered that certain PHP multibyte string functions incorrectly

handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)

It was discovered that the PHP Mcrypt extension incorrectly handled memor y. A remote attacker could use this issue to cause PHP to crash, resulting i n a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769)

It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker coul d use this issue to cause PHP to crash, resulting in a denial of service, o r possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)

It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP t o crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772)

It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cau se PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2016-6288)

It was discovered that PHP incorrectly handled path lengths when extracti ng certain Zip archives. A remote attacker could use this issue to cause PHP

to crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2016-6289)

It was discovered that PHP incorrectly handled session deserialization. A

remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290)

It was discovered that PHP incorrectly handled exif headers when processi ng certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292)

It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294)

It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use

this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LT S and Ubuntu 16.04 LTS. (CVE-2016-6295)

It was discovered that the PHP xmlrpc_encode_request() function incorrect ly handled certain lengths. An attacker could use this issue to cause PHP to

crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296)

It was discovered that the PHP php_stream_zip_opener() function incorrect ly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.2 php7.0-cgi 7.0.8-0ubuntu0.16.04.2 php7.0-cli 7.0.8-0ubuntu0.16.04.2 php7.0-fpm 7.0.8-0ubuntu0.16.04.2

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.19 php5-cgi 5.5.9+dfsg-1ubuntu4.19 php5-cli 5.5.9+dfsg-1ubuntu4.19 php5-fpm 5.5.9+dfsg-1ubuntu4.19

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.24 php5-cgi 5.3.10-1ubuntu3.24 php5-cli 5.3.10-1ubuntu3.24 php5-fpm 5.3.10-1ubuntu3.24

In general, a standard system update will make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-3045-1 CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935, CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096, CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768, CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297

Package Information: https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19 https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05333297

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05333297 Version: 2

HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-01-14 Last Updated: 2017-01-13

Potential Security Impact: Remote: Denial of Service (DoS), Unauthorized Disclosure of Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY A security vulnerability in PHP was addressed by the HPE StoreEver MSL6480 Tape Library firmware version 5.10. The vulnerability could be exploited remotely to allow Unauthorized Disclosure of Information or Denial of Service via the Ethernet Management Interface. Please note that the Management Interface cannot access data stored on tape media, so this vulnerability does not allow for remote unauthorized disclosure of data stored on tape media or remote denial of service.

References:

  • CVE-2016-5385 - PHP, HTTPoxy
  • CVE-2016-3074 - PHP
  • CVE-2013-7456 - PHP
  • CVE-2016-5093 - PHP
  • CVE-2016-5094 - PHP
  • CVE-2016-5096 - PHP
  • CVE-2016-5766 - PHP
  • CVE-2016-5767 - PHP
  • CVE-2016-5768 - PHP
  • CVE-2016-5769 - PHP
  • CVE-2016-5770 - PHP
  • CVE-2016-5771 - PHP
  • CVE-2016-5772 - PHP
  • CVE-2016-5773 - PHP
  • CVE-2016-6207 - GD Graphics Library
  • CVE-2016-6289 - PHP
  • CVE-2016-6290 - PHP
  • CVE-2016-6291 - PHP
  • CVE-2016-6292 - PHP
  • CVE-2016-6293 - PHP
  • CVE-2016-6294 - PHP
  • CVE-2016-6295 - PHP
  • CVE-2016-6296 - PHP
  • CVE-2016-6297 - PHP
  • CVE-2016-5399 - PHP

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • HP StoreEver MSL6480 Tape Library prior to 5.10

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2013-7456
  7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-3074
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5093
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5094
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5096
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5385
  8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVE-2016-5399
  8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVE-2016-5766
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5767
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5768
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5769
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5770
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5771
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5772
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5773
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-6207
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2016-6289
  7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-6290
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-6291
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-6292
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2016-6293
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-6294
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-6295
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-6296
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-6297
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has provided the following software update to resolve the vulnerabilities for the impacted versions of the HPE StoreEver MSL6480 Tape Library:

HISTORY

Version:1 (rev.1) - 15 November 2016 Initial release

Version:2 (rev.2) - 13 January 2017 Updating CVE list

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0657",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "storeever msl6480 tape library",
        "scope": null,
        "trust": 1.6,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "drupal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "drupal",
        "version": "8.1.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "24"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.24"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "23"
      },
      {
        "model": "communications user data repository",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.0.1"
      },
      {
        "model": "drupal",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "drupal",
        "version": "8.0.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "communications user data repository",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.0.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.8"
      },
      {
        "model": "communications user data repository",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "storeever msl6480 tape library",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "5.09"
      },
      {
        "model": "system management homepage",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "7.5.5.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.38"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apache http server",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "go programming language",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "haproxy",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hhvm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "python",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "the php group",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "lighttpd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nginx",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.0.8"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v4.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v4.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "development environment  v6.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.4"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v7.1 to  v8.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "webotx developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "\"(with developers studio) v8.2 to  v9.4\""
      },
      {
        "model": "webotx developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1 to  v8.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.3"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.3"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v7.1 to  v8.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#797896"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003800"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-538"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5385"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:storeever_msl6480_tape_library_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.09",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:storeever_msl6480_tape_library:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.24",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.38",
                "versionStartIncluding": "5.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.8",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.1.7",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5385"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138070"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2016-5385",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-5385",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-94204",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-5385",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-5385",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201607-538",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-94204",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-5385",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-94204"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5385"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003800"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-538"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5385"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. This vulnerability \"httpoxy\" Is called a problem. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host. \n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.24, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\nhttps://php.net/ChangeLog-5.php#5.6.24\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.24+dfsg-0+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.9-1 of the php7.0 source package. \n\nWe recommend that you upgrade your php5 packages. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/php-5.6.24-i586-1_slack14.2.txz:  Upgraded. \n  For more information, see:\n    http://php.net/ChangeLog-5.php#5.6.24\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n712cc177c9ac10f3d58e871ff27260dc  php-5.6.24-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n47f6ad4a81517f5b2959abc73475742b  php-5.6.24-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\naea6a8869946186781e55c5ecec952b0  php-5.6.24-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nab16db742762605b9b219b37cdd7e8db  php-5.6.24-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc88a731667e741443712267d9b30286a  php-5.6.24-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\ned5b31c94e2fb91f0e6c40051f51da1c  php-5.6.24-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc25a85fece34101d35b8785022cef94d  n/php-5.6.24-i586-1.txz\n\nSlackware x86_64 -current package:\n17f8886fc0901cea6d593170ea00fe7b  n/php-5.6.24-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.6.24-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: php security and bug fix update\nAdvisory ID:       RHSA-2016:1613-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1613.html\nIssue date:        2016-08-11\nCVE Names:         CVE-2016-5385 \n=====================================================================\n\n1. Summary:\n\nAn update for php is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. (CVE-2016-5385)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue. \n\nBug Fix(es):\n\n* Previously, an incorrect logic in the SAPI header callback routine caused\nthat the callback counter was not incremented. Consequently, when a script\nincluded a header callback, it could terminate unexpectedly with a\nsegmentation fault. With this update, the callback counter is properly\nmanaged, and scripts with a header callback implementation work as\nexpected. (BZ#1346758)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1346758 - Segmentation fault while header_register_callback\n1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.3.el7_2.src.rpm\n\nx86_64:\nphp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-bcmath-5.4.16-36.3.el7_2.x86_64.rpm\nphp-cli-5.4.16-36.3.el7_2.x86_64.rpm\nphp-common-5.4.16-36.3.el7_2.x86_64.rpm\nphp-dba-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-devel-5.4.16-36.3.el7_2.x86_64.rpm\nphp-embedded-5.4.16-36.3.el7_2.x86_64.rpm\nphp-enchant-5.4.16-36.3.el7_2.x86_64.rpm\nphp-fpm-5.4.16-36.3.el7_2.x86_64.rpm\nphp-gd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-intl-5.4.16-36.3.el7_2.x86_64.rpm\nphp-ldap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mbstring-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-odbc-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pdo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pgsql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-process-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pspell-5.4.16-36.3.el7_2.x86_64.rpm\nphp-recode-5.4.16-36.3.el7_2.x86_64.rpm\nphp-snmp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-soap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xml-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.3.el7_2.src.rpm\n\nx86_64:\nphp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-bcmath-5.4.16-36.3.el7_2.x86_64.rpm\nphp-cli-5.4.16-36.3.el7_2.x86_64.rpm\nphp-common-5.4.16-36.3.el7_2.x86_64.rpm\nphp-dba-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-devel-5.4.16-36.3.el7_2.x86_64.rpm\nphp-embedded-5.4.16-36.3.el7_2.x86_64.rpm\nphp-enchant-5.4.16-36.3.el7_2.x86_64.rpm\nphp-fpm-5.4.16-36.3.el7_2.x86_64.rpm\nphp-gd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-intl-5.4.16-36.3.el7_2.x86_64.rpm\nphp-ldap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mbstring-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-odbc-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pdo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pgsql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-process-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pspell-5.4.16-36.3.el7_2.x86_64.rpm\nphp-recode-5.4.16-36.3.el7_2.x86_64.rpm\nphp-snmp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-soap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xml-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.3.el7_2.src.rpm\n\nppc64:\nphp-5.4.16-36.3.el7_2.ppc64.rpm\nphp-cli-5.4.16-36.3.el7_2.ppc64.rpm\nphp-common-5.4.16-36.3.el7_2.ppc64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.ppc64.rpm\nphp-gd-5.4.16-36.3.el7_2.ppc64.rpm\nphp-ldap-5.4.16-36.3.el7_2.ppc64.rpm\nphp-mysql-5.4.16-36.3.el7_2.ppc64.rpm\nphp-odbc-5.4.16-36.3.el7_2.ppc64.rpm\nphp-pdo-5.4.16-36.3.el7_2.ppc64.rpm\nphp-pgsql-5.4.16-36.3.el7_2.ppc64.rpm\nphp-process-5.4.16-36.3.el7_2.ppc64.rpm\nphp-recode-5.4.16-36.3.el7_2.ppc64.rpm\nphp-soap-5.4.16-36.3.el7_2.ppc64.rpm\nphp-xml-5.4.16-36.3.el7_2.ppc64.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.ppc64.rpm\n\nppc64le:\nphp-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-cli-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-common-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-gd-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-ldap-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-mysql-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-odbc-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-pdo-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-pgsql-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-process-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-recode-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-soap-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-xml-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.ppc64le.rpm\n\ns390x:\nphp-5.4.16-36.3.el7_2.s390x.rpm\nphp-cli-5.4.16-36.3.el7_2.s390x.rpm\nphp-common-5.4.16-36.3.el7_2.s390x.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.s390x.rpm\nphp-gd-5.4.16-36.3.el7_2.s390x.rpm\nphp-ldap-5.4.16-36.3.el7_2.s390x.rpm\nphp-mysql-5.4.16-36.3.el7_2.s390x.rpm\nphp-odbc-5.4.16-36.3.el7_2.s390x.rpm\nphp-pdo-5.4.16-36.3.el7_2.s390x.rpm\nphp-pgsql-5.4.16-36.3.el7_2.s390x.rpm\nphp-process-5.4.16-36.3.el7_2.s390x.rpm\nphp-recode-5.4.16-36.3.el7_2.s390x.rpm\nphp-soap-5.4.16-36.3.el7_2.s390x.rpm\nphp-xml-5.4.16-36.3.el7_2.s390x.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-cli-5.4.16-36.3.el7_2.x86_64.rpm\nphp-common-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-gd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-ldap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-odbc-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pdo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pgsql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-process-5.4.16-36.3.el7_2.x86_64.rpm\nphp-recode-5.4.16-36.3.el7_2.x86_64.rpm\nphp-soap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xml-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.3.el7_2.ppc64.rpm\nphp-dba-5.4.16-36.3.el7_2.ppc64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.ppc64.rpm\nphp-devel-5.4.16-36.3.el7_2.ppc64.rpm\nphp-embedded-5.4.16-36.3.el7_2.ppc64.rpm\nphp-enchant-5.4.16-36.3.el7_2.ppc64.rpm\nphp-fpm-5.4.16-36.3.el7_2.ppc64.rpm\nphp-intl-5.4.16-36.3.el7_2.ppc64.rpm\nphp-mbstring-5.4.16-36.3.el7_2.ppc64.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.ppc64.rpm\nphp-pspell-5.4.16-36.3.el7_2.ppc64.rpm\nphp-snmp-5.4.16-36.3.el7_2.ppc64.rpm\n\nppc64le:\nphp-bcmath-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-dba-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-devel-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-embedded-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-enchant-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-fpm-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-intl-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-mbstring-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-pspell-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-snmp-5.4.16-36.3.el7_2.ppc64le.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.3.el7_2.s390x.rpm\nphp-dba-5.4.16-36.3.el7_2.s390x.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.s390x.rpm\nphp-devel-5.4.16-36.3.el7_2.s390x.rpm\nphp-embedded-5.4.16-36.3.el7_2.s390x.rpm\nphp-enchant-5.4.16-36.3.el7_2.s390x.rpm\nphp-fpm-5.4.16-36.3.el7_2.s390x.rpm\nphp-intl-5.4.16-36.3.el7_2.s390x.rpm\nphp-mbstring-5.4.16-36.3.el7_2.s390x.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.s390x.rpm\nphp-pspell-5.4.16-36.3.el7_2.s390x.rpm\nphp-snmp-5.4.16-36.3.el7_2.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.3.el7_2.x86_64.rpm\nphp-dba-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-devel-5.4.16-36.3.el7_2.x86_64.rpm\nphp-embedded-5.4.16-36.3.el7_2.x86_64.rpm\nphp-enchant-5.4.16-36.3.el7_2.x86_64.rpm\nphp-fpm-5.4.16-36.3.el7_2.x86_64.rpm\nphp-intl-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mbstring-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pspell-5.4.16-36.3.el7_2.x86_64.rpm\nphp-snmp-5.4.16-36.3.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.3.el7_2.src.rpm\n\nx86_64:\nphp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-cli-5.4.16-36.3.el7_2.x86_64.rpm\nphp-common-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-gd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-ldap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-odbc-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pdo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pgsql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-process-5.4.16-36.3.el7_2.x86_64.rpm\nphp-recode-5.4.16-36.3.el7_2.x86_64.rpm\nphp-soap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xml-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.3.el7_2.x86_64.rpm\nphp-dba-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-devel-5.4.16-36.3.el7_2.x86_64.rpm\nphp-embedded-5.4.16-36.3.el7_2.x86_64.rpm\nphp-enchant-5.4.16-36.3.el7_2.x86_64.rpm\nphp-fpm-5.4.16-36.3.el7_2.x86_64.rpm\nphp-intl-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mbstring-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pspell-5.4.16-36.3.el7_2.x86_64.rpm\nphp-snmp-5.4.16-36.3.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXrPgaXlSAg2UNWIIRAjn0AJ9+uobkj268+7awLhgQLyNGujzgkgCgp8+D\nggdX4EUo7inKwJDZgGYrNok=\n=Zn6M\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n=========================================================================\nUbuntu Security Notice USN-3045-1\nAugust 02, 2016\n\nphp5, php7.0 vulnerabilities\n=========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n\nSoftware Description:\n- php7.0: HTML-embedded scripting language interpreter\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nIt was discovered that PHP incorrectly handled certain SplMinHeap::compar\ne\noperations. A remote attacker could use this issue to cause PHP to crash,\n\nresulting in a denial of service, or possibly execute arbitrary code. Thi\ns\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116\n)\n\nIt was discovered that PHP incorrectly handled recursive method calls. A\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2015-8873)\n\nIt was discovered that PHP incorrectly validated certain Exception object\ns\nwhen unserializing data. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2015-8876)\n\nIt was discovered that PHP header() function performed insufficient\nfiltering for Internet Explorer. A remote attacker could possibly use thi\ns\nissue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2015-8935)\n\nIt was discovered that PHP incorrectly handled certain locale operations. \n\nAn attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2016-5093)\n\nIt was discovered that the PHP php_html_entities() function incorrectly\nhandled certain string lengths. A remote attacker could use this issue to\n\ncause PHP to crash, resulting in a denial of service, or possibly execute\n\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2016-5094, CVE-2016-5095)\n\nIt was discovered that the PHP fread() function incorrectly handled certa\nin\nlengths. An attacker could use this issue to cause PHP to crash, resultin\ng\nin a denial of service, or possibly execute arbitrary code. This issue on\nly\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)\n\nIt was discovered that the PHP FastCGI Process Manager (FPM) SAPI\nincorrectly handled memory in the access logging feature. An attacker cou\nld\nuse this issue to cause PHP to crash, resulting in a denial of service, o\nr\npossibly expose sensitive information. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)\n\nIt was discovered that PHP would not protect applications from contents o\nf\nthe HTTP_PROXY environment variable when based on the contents of the Pro\nxy\nheader from HTTP requests. A remote attacker could possibly use this issu\ne\nin combination with scripts that honour the HTTP_PROXY variable to redire\nct\noutgoing HTTP requests. (CVE-2016-5385)\n\nHans Jerry Illikainen discovered that the PHP bzread() function incorrect\nly\nperformed error handling. A remote attacker could use this issue to cause\n\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-5399)\n\nIt was discovered that certain PHP multibyte string functions incorrectly\n\nhandled memory. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)\n\nIt was discovered that the PHP Mcrypt extension incorrectly handled memor\ny. \nA remote attacker could use this issue to cause PHP to crash, resulting i\nn\na denial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769)\n\nIt was discovered that the PHP garbage collector incorrectly handled\ncertain objects when unserializing malicious data. A remote attacker coul\nd\nuse this issue to cause PHP to crash, resulting in a denial of service, o\nr\npossibly execute arbitrary code. This issue was only addressed in Ubuntu\nUbuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)\n\nIt was discovered that PHP incorrectly handled memory when unserializing\nmalicious xml data. A remote attacker could use this issue to cause PHP t\no\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2016-5772)\n\nIt was discovered that the PHP php_url_parse_ex() function incorrectly\nhandled string termination. A remote attacker could use this issue to cau\nse\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2016-6288)\n\nIt was discovered that PHP incorrectly handled path lengths when extracti\nng\ncertain Zip archives. A remote attacker could use this issue to cause PHP\n\nto crash, resulting in a denial of service, or possibly execute arbitrary\n\ncode. (CVE-2016-6289)\n\nIt was discovered that PHP incorrectly handled session deserialization. A\n\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service, or possibly execute arbitrary code. (CVE-2016-6290)\n\nIt was discovered that PHP incorrectly handled exif headers when processi\nng\ncertain JPEG images. A remote attacker could use this issue to cause PHP \nto\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-6291, CVE-2016-6292)\n\nIt was discovered that PHP incorrectly handled certain locale operations. \n A\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service, or possibly execute arbitrary code. (CVE-2016-6294)\n\nIt was discovered that the PHP garbage collector incorrectly handled\ncertain objects when unserializing SNMP data. A remote attacker could use\n\nthis issue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. This issue only affected Ubuntu 14.04 LT\nS\nand Ubuntu 16.04 LTS. (CVE-2016-6295)\n\nIt was discovered that the PHP xmlrpc_encode_request() function incorrect\nly\nhandled certain lengths. An attacker could use this issue to cause PHP to\n\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-6296)\n\nIt was discovered that the PHP php_stream_zip_opener() function incorrect\nly\nhandled memory. An attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2016-6297)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libapache2-mod-php7.0           7.0.8-0ubuntu0.16.04.2\n  php7.0-cgi                      7.0.8-0ubuntu0.16.04.2\n  php7.0-cli                      7.0.8-0ubuntu0.16.04.2\n  php7.0-fpm                      7.0.8-0ubuntu0.16.04.2\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.19\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.19\n  php5-cli                        5.5.9+dfsg-1ubuntu4.19\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.19\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.24\n  php5-cgi                        5.3.10-1ubuntu3.24\n  php5-cli                        5.3.10-1ubuntu3.24\n  php5-fpm                        5.3.10-1ubuntu3.24\n\nIn general, a standard system update will make all the necessary changes. \n\n\nReferences:\n  http://www.ubuntu.com/usn/usn-3045-1\n  CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935,\n  CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096,\n  CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768,\n  CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773,\n  CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291,\n  CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296,\n  CVE-2016-6297\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2\n  https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19\n  https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05333297\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05333297\nVersion: 2\n\nHPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface,\nMultiple Remote Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-01-14\nLast Updated: 2017-01-13\n\nPotential Security Impact: Remote: Denial of Service (DoS), Unauthorized\nDisclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA security vulnerability in PHP was addressed by the HPE StoreEver MSL6480\nTape Library firmware version 5.10. The vulnerability could be exploited\nremotely to allow Unauthorized Disclosure of Information or Denial of Service\nvia the Ethernet Management Interface.  Please note that the Management\nInterface cannot access data stored on tape media, so this vulnerability does\nnot allow for remote unauthorized disclosure of data stored on tape media or\nremote denial of service. \n\nReferences:\n\n  - CVE-2016-5385 - PHP, HTTPoxy\n  - CVE-2016-3074 - PHP\n  - CVE-2013-7456 - PHP\n  - CVE-2016-5093 - PHP\n  - CVE-2016-5094 - PHP\n  - CVE-2016-5096 - PHP\n  - CVE-2016-5766 - PHP\n  - CVE-2016-5767 - PHP\n  - CVE-2016-5768 - PHP\n  - CVE-2016-5769 - PHP\n  - CVE-2016-5770 - PHP\n  - CVE-2016-5771 - PHP\n  - CVE-2016-5772 - PHP\n  - CVE-2016-5773 - PHP\n  - CVE-2016-6207 - GD Graphics Library\n  - CVE-2016-6289 - PHP\n  - CVE-2016-6290 - PHP\n  - CVE-2016-6291 - PHP\n  - CVE-2016-6292 - PHP\n  - CVE-2016-6293 - PHP\n  - CVE-2016-6294 - PHP\n  - CVE-2016-6295 - PHP\n  - CVE-2016-6296 - PHP\n  - CVE-2016-6297 - PHP\n  - CVE-2016-5399 - PHP\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - HP StoreEver MSL6480 Tape Library prior to 5.10\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2013-7456\n      7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-3074\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5093\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5094\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5096\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5385\n      8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n      5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5399\n      8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n      5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5766\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5767\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5768\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5769\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5770\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5771\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5772\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5773\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-6207\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-6289\n      7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-6290\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-6291\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-6292\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-6293\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-6294\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-6295\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-6296\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-6297\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software update to resolve the vulnerabilities\nfor the impacted versions of the HPE StoreEver MSL6480 Tape Library:\n\n * \u003chttp://www.hpe.com/support/msl6480\u003e\n\nHISTORY\n\nVersion:1 (rev.1) - 15 November 2016 Initial release\n\nVersion:2 (rev.2) - 13 January 2017 Updating CVE list\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5385"
      },
      {
        "db": "CERT/CC",
        "id": "VU#797896"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003800"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94204"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5385"
      },
      {
        "db": "PACKETSTORM",
        "id": "138070"
      },
      {
        "db": "PACKETSTORM",
        "id": "138014"
      },
      {
        "db": "PACKETSTORM",
        "id": "138299"
      },
      {
        "db": "PACKETSTORM",
        "id": "138136"
      },
      {
        "db": "PACKETSTORM",
        "id": "140515"
      }
    ],
    "trust": 2.97
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-94204",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-94204"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#797896",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5385",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "91821",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1036335",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91485132",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003800",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-538",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "138299",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "138014",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "138070",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "138295",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143933",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138298",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139744",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138297",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138296",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-94204",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5385",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138136",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140515",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#797896"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94204"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5385"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003800"
      },
      {
        "db": "PACKETSTORM",
        "id": "138070"
      },
      {
        "db": "PACKETSTORM",
        "id": "138014"
      },
      {
        "db": "PACKETSTORM",
        "id": "138299"
      },
      {
        "db": "PACKETSTORM",
        "id": "138136"
      },
      {
        "db": "PACKETSTORM",
        "id": "140515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-538"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5385"
      }
    ]
  },
  "id": "VAR-201607-0657",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-94204"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:03:59.307000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FEDORA-2016-4e7db3d437",
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/"
      },
      {
        "title": "FEDORA-2016-8eb11666aa",
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/"
      },
      {
        "title": "FEDORA-2016-9c8cf5912c",
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/"
      },
      {
        "title": "HPSBMU03653",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
      },
      {
        "title": "HPSBST03671",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05333297"
      },
      {
        "title": "NV16-020",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-020.html"
      },
      {
        "title": "Oracle Linux Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "title": "Bug 1353794",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
      },
      {
        "title": "RHSA-2016:1609",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1609.html"
      },
      {
        "title": "RHSA-2016:1610",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1610.html"
      },
      {
        "title": "RHSA-2016:1611",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1611.html"
      },
      {
        "title": "RHSA-2016:1612",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1612.html"
      },
      {
        "title": "RHSA-2016:1613",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1613.html"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://php.net/"
      },
      {
        "title": "TLSA-2016-19",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-19j.html"
      },
      {
        "title": "PHP CGI Web server httpoxy Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=62998"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/18/httpoxy_hole/"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-728",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-728"
      },
      {
        "title": "Ubuntu Security Notice: php5, php7.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3045-1"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
      },
      {
        "title": "Forcepoint Security Advisories: HTTPoxy CGI HTTP_PROXY Variable Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=47734ce563632c9864b0b698ae37ddf9"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "bach",
        "trust": 0.1,
        "url": "https://github.com/sonatype-nexus-community/bach "
      },
      {
        "title": "bach",
        "trust": 0.1,
        "url": "https://github.com/ossindex/bach "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2016-5385 "
      },
      {
        "title": "jbot",
        "trust": 0.1,
        "url": "https://github.com/jschauma/jbot "
      },
      {
        "title": "CVE-2016-5385",
        "trust": 0.1,
        "url": "https://github.com/aipocai/cve-2016-5385 "
      },
      {
        "title": "nginx-proxy",
        "trust": 0.1,
        "url": "https://github.com/chaplean/nginx-proxy "
      },
      {
        "title": "nginx-proxy2",
        "trust": 0.1,
        "url": "https://github.com/corzel/nginx-proxy2 "
      },
      {
        "title": "Test",
        "trust": 0.1,
        "url": "https://github.com/abhinav4git/test "
      },
      {
        "title": "nginx-proxy",
        "trust": 0.1,
        "url": "https://github.com/jwilder/nginx-proxy "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/gloveofgames/hehe "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/jquepi/nginx-proxy-2 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/lemonhope-mz/replica_nginx-proxy "
      },
      {
        "title": "reto-ejercicio1",
        "trust": 0.1,
        "url": "https://github.com/quiriancordova/reto-ejercicio1 "
      },
      {
        "title": "nginx",
        "trust": 0.1,
        "url": "https://github.com/ratika-web/nginx "
      },
      {
        "title": "docker-nginx-proxy",
        "trust": 0.1,
        "url": "https://github.com/codekoalas/docker-nginx-proxy "
      },
      {
        "title": "jwilder-nginx-proxy",
        "trust": 0.1,
        "url": "https://github.com/linguamerica/jwilder-nginx-proxy "
      },
      {
        "title": "nginx-proxy",
        "trust": 0.1,
        "url": "https://github.com/abhi1693/nginx-proxy "
      },
      {
        "title": "DockerProject",
        "trust": 0.1,
        "url": "https://github.com/antoinechab/dockerproject "
      },
      {
        "title": "plonevhost",
        "trust": 0.1,
        "url": "https://github.com/alteroo/plonevhost "
      },
      {
        "title": "nginx-proxy-docker-image-builder",
        "trust": 0.1,
        "url": "https://github.com/expoli/nginx-proxy-docker-image-builder "
      },
      {
        "title": "reto-ejercicio3",
        "trust": 0.1,
        "url": "https://github.com/quiriancordova/reto-ejercicio3 "
      },
      {
        "title": "nginx",
        "trust": 0.1,
        "url": "https://github.com/isaiahweeks/nginx "
      },
      {
        "title": "docker-dev-tools-proxy",
        "trust": 0.1,
        "url": "https://github.com/antimatter-studios/docker-dev-tools-proxy "
      },
      {
        "title": "nginx-proxy",
        "trust": 0.1,
        "url": "https://github.com/nginx-proxy/nginx-proxy "
      },
      {
        "title": "nginx-proxy",
        "trust": 0.1,
        "url": "https://github.com/bfirestone/nginx-proxy "
      },
      {
        "title": "nginx-oidc-proxy",
        "trust": 0.1,
        "url": "https://github.com/garnser/nginx-oidc-proxy "
      },
      {
        "title": "nginx-proxy",
        "trust": 0.1,
        "url": "https://github.com/vitasl/nginx-proxy "
      },
      {
        "title": "nginx-proxy-docker-image-builder",
        "trust": 0.1,
        "url": "https://github.com/expoli/nginx-proxy-docker-image "
      },
      {
        "title": "docker-proxy",
        "trust": 0.1,
        "url": "https://github.com/antimatter-studios/docker-proxy "
      },
      {
        "title": "nginx-proxy",
        "trust": 0.1,
        "url": "https://github.com/junkl-solbox/nginx-proxy "
      },
      {
        "title": "nginxProxy",
        "trust": 0.1,
        "url": "https://github.com/moewsystem/nginxproxy "
      },
      {
        "title": "kube-active-proxy",
        "trust": 0.1,
        "url": "https://github.com/adi90x/kube-active-proxy "
      },
      {
        "title": "nginx-proxy",
        "trust": 0.1,
        "url": "https://github.com/antimatter-studios/nginx-proxy "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/6d617274696e73/nginx-waf-proxy "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/mikediamanto/nginx-proxy "
      },
      {
        "title": "rancher-active-proxy",
        "trust": 0.1,
        "url": "https://github.com/adi90x/rancher-active-proxy "
      },
      {
        "title": "algm-php-vulnerability-checker",
        "trust": 0.1,
        "url": "https://github.com/timclifford/algm-php-vulnerability-checker "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/t0m4too/t0m4to "
      },
      {
        "title": "github_aquasecurity_trivy",
        "trust": 0.1,
        "url": "https://github.com/back8/github_aquasecurity_trivy "
      },
      {
        "title": "TrivyWeb",
        "trust": 0.1,
        "url": "https://github.com/korayagaya/trivyweb "
      },
      {
        "title": "Vulnerability-Scanner-for-Containers",
        "trust": 0.1,
        "url": "https://github.com/t31m0/vulnerability-scanner-for-containers "
      },
      {
        "title": "security",
        "trust": 0.1,
        "url": "https://github.com/umahari/security "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/mohzeela/external-secret "
      },
      {
        "title": "trivy",
        "trust": 0.1,
        "url": "https://github.com/simiyo/trivy "
      },
      {
        "title": "trivy",
        "trust": 0.1,
        "url": "https://github.com/aquasecurity/trivy "
      },
      {
        "title": "trivy",
        "trust": 0.1,
        "url": "https://github.com/knqyf263/trivy "
      },
      {
        "title": "trivy",
        "trust": 0.1,
        "url": "https://github.com/siddharthraopotukuchi/trivy "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/cgi-script-vulnerability-httpoxy-allows-man-in-the-middle-attacks/119345/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5385"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003800"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-538"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-601",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-94204"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003800"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5385"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.kb.cert.org/vuls/id/797896"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/91821"
      },
      {
        "trust": 2.4,
        "url": "http://www.debian.org/security/2016/dsa-3631"
      },
      {
        "trust": 2.0,
        "url": "https://httpoxy.org/"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1613.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1036335"
      },
      {
        "trust": 1.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/"
      },
      {
        "trust": 1.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/"
      },
      {
        "trust": 1.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201611-22"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1609.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1610.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1611.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1612.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 1.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05333297"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.8,
        "url": "https://www.drupal.org/sa-core-2016-003"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03770en_us"
      },
      {
        "trust": 1.6,
        "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5385"
      },
      {
        "trust": 0.8,
        "url": "https://tools.ietf.org/html/rfc3875"
      },
      {
        "trust": 0.8,
        "url": "https://httpoxy.org"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/807.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/454.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu91485132"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5385"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2016-5385"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2016:1613"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2016:1612"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2016:1611"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2016:1610"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2016:1609"
      },
      {
        "trust": 0.6,
        "url": "httpoxy.org/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5399"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6294"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6289"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6297"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6291"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6292"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6295"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6296"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6290"
      },
      {
        "trust": 0.2,
        "url": "https://php.net/changelog-5.php#5.6.24"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6207"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5093"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5772"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5771"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5768"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5094"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5769"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5773"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5096"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03770en_us"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/601.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/sonatype-nexus-community/bach"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6207"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6288"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8935"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4116"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3045-1"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05333297"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5770"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5767"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6293"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/msl6480\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#797896"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94204"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5385"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003800"
      },
      {
        "db": "PACKETSTORM",
        "id": "138070"
      },
      {
        "db": "PACKETSTORM",
        "id": "138014"
      },
      {
        "db": "PACKETSTORM",
        "id": "138299"
      },
      {
        "db": "PACKETSTORM",
        "id": "138136"
      },
      {
        "db": "PACKETSTORM",
        "id": "140515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-538"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5385"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#797896"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94204"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5385"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003800"
      },
      {
        "db": "PACKETSTORM",
        "id": "138070"
      },
      {
        "db": "PACKETSTORM",
        "id": "138014"
      },
      {
        "db": "PACKETSTORM",
        "id": "138299"
      },
      {
        "db": "PACKETSTORM",
        "id": "138136"
      },
      {
        "db": "PACKETSTORM",
        "id": "140515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-538"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5385"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#797896"
      },
      {
        "date": "2016-07-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94204"
      },
      {
        "date": "2016-07-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5385"
      },
      {
        "date": "2016-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003800"
      },
      {
        "date": "2016-07-27T14:25:39",
        "db": "PACKETSTORM",
        "id": "138070"
      },
      {
        "date": "2016-07-22T22:42:48",
        "db": "PACKETSTORM",
        "id": "138014"
      },
      {
        "date": "2016-08-12T18:03:29",
        "db": "PACKETSTORM",
        "id": "138299"
      },
      {
        "date": "2016-08-02T22:59:53",
        "db": "PACKETSTORM",
        "id": "138136"
      },
      {
        "date": "2017-01-15T23:24:00",
        "db": "PACKETSTORM",
        "id": "140515"
      },
      {
        "date": "2016-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-538"
      },
      {
        "date": "2016-07-19T02:00:17.773000",
        "db": "NVD",
        "id": "CVE-2016-5385"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#797896"
      },
      {
        "date": "2023-02-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94204"
      },
      {
        "date": "2023-02-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5385"
      },
      {
        "date": "2016-12-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003800"
      },
      {
        "date": "2023-04-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-538"
      },
      {
        "date": "2023-02-12T23:23:28.023000",
        "db": "NVD",
        "id": "CVE-2016-5385"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138299"
      },
      {
        "db": "PACKETSTORM",
        "id": "138136"
      },
      {
        "db": "PACKETSTORM",
        "id": "140515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-538"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#797896"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-538"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0456
Vulnerability from variot

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. PHP is prone to a heap-memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A security vulnerability exists in the 'phar_parse_metadata' function in PHP's ext/phar/phar.c file. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. 6) - i386, x86_64

  1. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

This update also fixes the following bugs:

  • The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305)

  • When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299)

  • Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm

s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.ael7b_1.src.rpm

ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm

s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg= =FREZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0456",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.24"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74703"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-312"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3307"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP",
    "sources": [
      {
        "db": "BID",
        "id": "74703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-312"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-3307",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3307",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81268",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3307",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-312",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81268",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3307",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81268"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-312"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. PHP is prone to a heap-memory-corruption vulnerability. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A security vulnerability exists in the \u0027phar_parse_metadata\u0027 function in PHP\u0027s ext/phar/phar.c file. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. 6) - i386, x86_64\n\n3. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php security and bug fix update\nAdvisory ID:       RHSA-2015:1135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1135.html\nIssue date:        2015-06-23\nCVE Names:         CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 \n                   CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 \n                   CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 \n                   CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 \n                   CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 \n                   CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 \n                   CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption. \n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nppc64:\nphp-5.4.16-36.el7_1.ppc64.rpm\nphp-cli-5.4.16-36.el7_1.ppc64.rpm\nphp-common-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-gd-5.4.16-36.el7_1.ppc64.rpm\nphp-ldap-5.4.16-36.el7_1.ppc64.rpm\nphp-mysql-5.4.16-36.el7_1.ppc64.rpm\nphp-odbc-5.4.16-36.el7_1.ppc64.rpm\nphp-pdo-5.4.16-36.el7_1.ppc64.rpm\nphp-pgsql-5.4.16-36.el7_1.ppc64.rpm\nphp-process-5.4.16-36.el7_1.ppc64.rpm\nphp-recode-5.4.16-36.el7_1.ppc64.rpm\nphp-soap-5.4.16-36.el7_1.ppc64.rpm\nphp-xml-5.4.16-36.el7_1.ppc64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-5.4.16-36.el7_1.s390x.rpm\nphp-cli-5.4.16-36.el7_1.s390x.rpm\nphp-common-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-gd-5.4.16-36.el7_1.s390x.rpm\nphp-ldap-5.4.16-36.el7_1.s390x.rpm\nphp-mysql-5.4.16-36.el7_1.s390x.rpm\nphp-odbc-5.4.16-36.el7_1.s390x.rpm\nphp-pdo-5.4.16-36.el7_1.s390x.rpm\nphp-pgsql-5.4.16-36.el7_1.s390x.rpm\nphp-process-5.4.16-36.el7_1.s390x.rpm\nphp-recode-5.4.16-36.el7_1.s390x.rpm\nphp-soap-5.4.16-36.el7_1.s390x.rpm\nphp-xml-5.4.16-36.el7_1.s390x.rpm\nphp-xmlrpc-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.ael7b_1.src.rpm\n\nppc64le:\nphp-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-cli-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-common-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-gd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-ldap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-odbc-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pdo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-process-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-recode-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-soap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xml-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.el7_1.ppc64.rpm\nphp-dba-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-devel-5.4.16-36.el7_1.ppc64.rpm\nphp-embedded-5.4.16-36.el7_1.ppc64.rpm\nphp-enchant-5.4.16-36.el7_1.ppc64.rpm\nphp-fpm-5.4.16-36.el7_1.ppc64.rpm\nphp-intl-5.4.16-36.el7_1.ppc64.rpm\nphp-mbstring-5.4.16-36.el7_1.ppc64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.ppc64.rpm\nphp-pspell-5.4.16-36.el7_1.ppc64.rpm\nphp-snmp-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.el7_1.s390x.rpm\nphp-dba-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-devel-5.4.16-36.el7_1.s390x.rpm\nphp-embedded-5.4.16-36.el7_1.s390x.rpm\nphp-enchant-5.4.16-36.el7_1.s390x.rpm\nphp-fpm-5.4.16-36.el7_1.s390x.rpm\nphp-intl-5.4.16-36.el7_1.s390x.rpm\nphp-mbstring-5.4.16-36.el7_1.s390x.rpm\nphp-mysqlnd-5.4.16-36.el7_1.s390x.rpm\nphp-pspell-5.4.16-36.el7_1.s390x.rpm\nphp-snmp-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nphp-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-dba-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-devel-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-embedded-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-enchant-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-fpm-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-intl-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pspell-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-snmp-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O\ndtqycPWs+07GhjmZ6NNx5Bg=\n=FREZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      },
      {
        "db": "BID",
        "id": "74703"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81268"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3307"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3307",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "74703",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003045",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-312",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-81268",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3307",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132440",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132406",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132442",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81268"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3307"
      },
      {
        "db": "BID",
        "id": "74703"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-312"
      }
    ]
  },
  "id": "VAR-201506-0456",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81268"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:35:26.862000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "Sec Bug #69443",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69443"
      },
      {
        "title": "Bug 1223441",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223441"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81268"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3307"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1186.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/74703"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=69443"
      },
      {
        "trust": 1.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223441"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3307"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3307"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/6075/security-advisory-alienvault-v5-2-addresses-55-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4605"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4604"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39486"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81268"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3307"
      },
      {
        "db": "BID",
        "id": "74703"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-312"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81268"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3307"
      },
      {
        "db": "BID",
        "id": "74703"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-312"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81268"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3307"
      },
      {
        "date": "2015-05-18T00:00:00",
        "db": "BID",
        "id": "74703"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      },
      {
        "date": "2015-06-25T14:18:12",
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "date": "2015-07-09T23:16:17",
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "date": "2015-06-23T14:07:16",
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "date": "2015-06-25T14:18:25",
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "date": "2015-06-09T18:59:01.253000",
        "db": "NVD",
        "id": "CVE-2015-3307"
      },
      {
        "date": "2015-05-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-312"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81268"
      },
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3307"
      },
      {
        "date": "2016-07-05T21:28:00",
        "db": "BID",
        "id": "74703"
      },
      {
        "date": "2015-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      },
      {
        "date": "2019-04-22T17:48:00.643000",
        "db": "NVD",
        "id": "CVE-2015-3307"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-312"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-312"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/phar/phar.c of  phar_parse_metadata Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003045"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-312"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0118
Vulnerability from variot

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c. PHP is prone to a denial-of-service vulnerability. Successful exploits will allow attackers to cause a denial of service condition. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. A security vulnerability exists in PHP's PHAR extension. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5. ============================================================================ Ubuntu Security Notice USN-2984-1 May 24, 2016

php5, php7.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)

Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3078)

It was discovered that PHP incorrectly handled invalid indexes in the SplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)

It was discovered that the PHP rawurlencode() function incorrectly handled large strings. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4070)

It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)

It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)

It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)

It was discovered that the PHP phar extension incorrectly handled certain archive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343)

It was discovered that the PHP bcpowmod() function incorrectly handled memory. (CVE-2016-4537, CVE-2016-4538)

It was discovered that the PHP XML parser incorrectly handled certain malformed XML data. (CVE-2016-4539)

It was discovered that certain PHP grapheme functions incorrectly handled negative offsets. (CVE-2016-4540, CVE-2016-4541)

It was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.4-7ubuntu2.1 php7.0-cgi 7.0.4-7ubuntu2.1 php7.0-cli 7.0.4-7ubuntu2.1 php7.0-fpm 7.0.4-7ubuntu2.1

Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.4 php5-cgi 5.6.11+dfsg-1ubuntu3.4 php5-cli 5.6.11+dfsg-1ubuntu3.4 php5-fpm 5.6.11+dfsg-1ubuntu3.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.17 php5-cgi 5.5.9+dfsg-1ubuntu4.17 php5-cli 5.5.9+dfsg-1ubuntu4.17 php5-fpm 5.5.9+dfsg-1ubuntu4.17

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.23 php5-cgi 5.3.10-1ubuntu3.23 php5-cli 5.3.10-1ubuntu3.23 php5-fpm 5.3.10-1ubuntu3.23

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update Advisory ID: RHSA-2016:2750-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html Issue date: 2016-11-15 CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 =====================================================================

  1. Summary:

An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.

The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)

Security Fixes in the rh-php56-php component:

  • Several Moderate and Low impact security issues were found in PHP. Under certain circumstances, these issues could cause PHP to crash, disclose portions of its memory, execute arbitrary code, or impact PHP application integrity. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)

  • Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)

Red Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch() 1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23) 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19) 1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3) 1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) 1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36) 1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c 1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated 1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent 1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives 1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile() 1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data 1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd 1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method 1323103 - CVE-2016-4073 php: Negative size parameter in memcpy 1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name 1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error() 1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode 1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file 1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads 1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure 1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream() 1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition 1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input 1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used 1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used 1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow 1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c 1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects 1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches 1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns 1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal 1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread 1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc 1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities() 1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file() 1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow 1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow 1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec 1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread 1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize 1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351603 - CVE-2016-6128 gd: Invalid color index not properly handled 1358395 - CVE-2016-5399 php: Improper error handling in bzread() 1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex 1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization 1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE 1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment 1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc() 1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http 1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize() 1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c 1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener 1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex 1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object 1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability 1374699 - CVE-2016-7126 php: select_colors write out-of-bounds 1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access 1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF 1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access 1374707 - CVE-2016-7130 php: wddx_deserialize null dereference 1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml 1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-7456 https://access.redhat.com/security/cve/CVE-2014-9767 https://access.redhat.com/security/cve/CVE-2015-2325 https://access.redhat.com/security/cve/CVE-2015-2326 https://access.redhat.com/security/cve/CVE-2015-2327 https://access.redhat.com/security/cve/CVE-2015-2328 https://access.redhat.com/security/cve/CVE-2015-3210 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8381 https://access.redhat.com/security/cve/CVE-2015-8383 https://access.redhat.com/security/cve/CVE-2015-8384 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2015-8392 https://access.redhat.com/security/cve/CVE-2015-8395 https://access.redhat.com/security/cve/CVE-2015-8835 https://access.redhat.com/security/cve/CVE-2015-8865 https://access.redhat.com/security/cve/CVE-2015-8866 https://access.redhat.com/security/cve/CVE-2015-8867 https://access.redhat.com/security/cve/CVE-2015-8873 https://access.redhat.com/security/cve/CVE-2015-8874 https://access.redhat.com/security/cve/CVE-2015-8876 https://access.redhat.com/security/cve/CVE-2015-8877 https://access.redhat.com/security/cve/CVE-2015-8879 https://access.redhat.com/security/cve/CVE-2016-1903 https://access.redhat.com/security/cve/CVE-2016-2554 https://access.redhat.com/security/cve/CVE-2016-3074 https://access.redhat.com/security/cve/CVE-2016-3141 https://access.redhat.com/security/cve/CVE-2016-3142 https://access.redhat.com/security/cve/CVE-2016-4070 https://access.redhat.com/security/cve/CVE-2016-4071 https://access.redhat.com/security/cve/CVE-2016-4072 https://access.redhat.com/security/cve/CVE-2016-4073 https://access.redhat.com/security/cve/CVE-2016-4342 https://access.redhat.com/security/cve/CVE-2016-4343 https://access.redhat.com/security/cve/CVE-2016-4473 https://access.redhat.com/security/cve/CVE-2016-4537 https://access.redhat.com/security/cve/CVE-2016-4538 https://access.redhat.com/security/cve/CVE-2016-4539 https://access.redhat.com/security/cve/CVE-2016-4540 https://access.redhat.com/security/cve/CVE-2016-4541 https://access.redhat.com/security/cve/CVE-2016-4542 https://access.redhat.com/security/cve/CVE-2016-4543 https://access.redhat.com/security/cve/CVE-2016-4544 https://access.redhat.com/security/cve/CVE-2016-5093 https://access.redhat.com/security/cve/CVE-2016-5094 https://access.redhat.com/security/cve/CVE-2016-5096 https://access.redhat.com/security/cve/CVE-2016-5114 https://access.redhat.com/security/cve/CVE-2016-5399 https://access.redhat.com/security/cve/CVE-2016-5766 https://access.redhat.com/security/cve/CVE-2016-5767 https://access.redhat.com/security/cve/CVE-2016-5768 https://access.redhat.com/security/cve/CVE-2016-5770 https://access.redhat.com/security/cve/CVE-2016-5771 https://access.redhat.com/security/cve/CVE-2016-5772 https://access.redhat.com/security/cve/CVE-2016-5773 https://access.redhat.com/security/cve/CVE-2016-6128 https://access.redhat.com/security/cve/CVE-2016-6207 https://access.redhat.com/security/cve/CVE-2016-6288 https://access.redhat.com/security/cve/CVE-2016-6289 https://access.redhat.com/security/cve/CVE-2016-6290 https://access.redhat.com/security/cve/CVE-2016-6291 https://access.redhat.com/security/cve/CVE-2016-6292 https://access.redhat.com/security/cve/CVE-2016-6294 https://access.redhat.com/security/cve/CVE-2016-6295 https://access.redhat.com/security/cve/CVE-2016-6296 https://access.redhat.com/security/cve/CVE-2016-6297 https://access.redhat.com/security/cve/CVE-2016-7124 https://access.redhat.com/security/cve/CVE-2016-7125 https://access.redhat.com/security/cve/CVE-2016-7126 https://access.redhat.com/security/cve/CVE-2016-7127 https://access.redhat.com/security/cve/CVE-2016-7128 https://access.redhat.com/security/cve/CVE-2016-7129 https://access.redhat.com/security/cve/CVE-2016-7130 https://access.redhat.com/security/cve/CVE-2016-7131 https://access.redhat.com/security/cve/CVE-2016-7132 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs UCuj+0gWfBsWXOgFhgH0uL8= =FcPG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


Debian Security Advisory DSA-3560-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2016 https://www.debian.org/security/faq


Package : php5 CVE ID : CVE-2015-8865 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. Please refer to the upstream changelog for more information:

https://php.net/ChangeLog-5.php#5.6.20

For the stable distribution (jessie), these problems have been fixed in version 5.6.20+dfsg-0+deb8u1.

We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05240731 Version: 1

HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-08-19 Last Updated: 2016-08-19

Potential Security Impact: Local Denial of Service (DoS), Elevation of Privilege, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Disclosure of Information, Unauthorized Modification

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory.

References:

- CVE-2016-1238 - Perl Local Elevation of Privilege
- CVE-2016-2381 - Perl Remote Unauthorized Modification
- CVE-2014-4330 - Perl Local Denial of Service (DoS)

    **Note:** applies only for the H/J-series SPR. Fix was already

provided in a previous L-series SPR. OSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and T1203L01^AAC

*Impacted releases:*

- L15.02
- L15.08.00, L15.08.01
- L16.05.00

- J06.14 through J06.16.02
- J06.17.00, J06.17.01
- J06.18.00, J06.18.01
- J06.19.00, J06.19.01, J06.19.02
- J06.20.00

- H06.25 through H06.26.01
- H06.27.00, H06.27.01
- H06.28.00, H06.28.01
- H06.29.00, H06.29.01

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2013-7456
  7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-4330
  4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-8383
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8386
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8387
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8389
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8390
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8391
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

CVE-2015-8393
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-8394
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8607
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8853
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-8865
  7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8874
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-1238
  6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
  6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)

CVE-2016-1903
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE-2016-2381
  6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-2016-2554
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-3074
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4070
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-4071
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4072
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4073
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4342
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVE-2016-4343
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-4537
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4538
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4539
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4540
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4541
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4542
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4543
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4544
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5093
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5094
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5096
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5114
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE-2016-5766
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5767
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5768
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5769
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5770
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5771
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5772
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5773
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has released the following software updates to resolve the vulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP.

Install one of the SPRs below as appropriate for the system's release version:

  • L-Series:

    • T1203L01^AAE (OSS Scripting Languages) - already available

      This SPR already is present in these RVUs: None

      This SPR is usable with the following RVUs:

      • L15.02 through L16.05.00
  • H and J-Series:

    • T1203H01^AAF (OSS Scripting Languages) - already available

      This SPR already is present in these RVUs: None

      This SPR is usable with the following RVUs:

      • J06.14 through J06.20.00

      • H06.25 through H06.29.01

Note: Please refer to NonStop Hotstuff HS03333 for more information.

HISTORY Version:1 (rev.1) - 19 August 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 5.6.28 >= 5.6.28

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.28"

References

[ 1 ] CVE-2015-8865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865 [ 2 ] CVE-2016-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074 [ 3 ] CVE-2016-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071 [ 4 ] CVE-2016-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072 [ 5 ] CVE-2016-4073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073 [ 6 ] CVE-2016-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537 [ 7 ] CVE-2016-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538 [ 8 ] CVE-2016-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539 [ 9 ] CVE-2016-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540 [ 10 ] CVE-2016-4541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541 [ 11 ] CVE-2016-4542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542 [ 12 ] CVE-2016-4543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543 [ 13 ] CVE-2016-4544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544 [ 14 ] CVE-2016-5385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385 [ 15 ] CVE-2016-6289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289 [ 16 ] CVE-2016-6290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290 [ 17 ] CVE-2016-6291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291 [ 18 ] CVE-2016-6292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292 [ 19 ] CVE-2016-6294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294 [ 20 ] CVE-2016-6295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295 [ 21 ] CVE-2016-6296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296 [ 22 ] CVE-2016-6297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297 [ 23 ] CVE-2016-7124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124 [ 24 ] CVE-2016-7125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125 [ 25 ] CVE-2016-7126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126 [ 26 ] CVE-2016-7127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127 [ 27 ] CVE-2016-7128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128 [ 28 ] CVE-2016-7129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129 [ 29 ] CVE-2016-7130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130 [ 30 ] CVE-2016-7131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131 [ 31 ] CVE-2016-7132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132 [ 32 ] CVE-2016-7133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133 [ 33 ] CVE-2016-7134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134 [ 34 ] CVE-2016-7411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411 [ 35 ] CVE-2016-7412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412 [ 36 ] CVE-2016-7413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413 [ 37 ] CVE-2016-7414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414 [ 38 ] CVE-2016-7416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416 [ 39 ] CVE-2016-7417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417 [ 40 ] CVE-2016-7418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201611-22

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0118",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.33"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.32"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.31"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.30"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.16"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.15"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.0.5"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.20"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "mac os security update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016-0020"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "7.0.5"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.20"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.34"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.6"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016-0030"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "85993"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-559"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4072"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matthias Geerdsen",
    "sources": [
      {
        "db": "BID",
        "id": "85993"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-4072",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4072",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-92891",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-4072",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4072",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-559",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-92891",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-4072",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92891"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-559"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \\0 characters by the phar_analyze_path function in ext/phar/phar.c. PHP is prone to a denial-of-service vulnerability. \nSuccessful exploits will allow attackers to cause a denial of service condition. Due to the nature of this issue, arbitrary code  execution may be possible; this has not been confirmed. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. A security vulnerability exists in PHP\u0027s PHAR extension. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5. ============================================================================\nUbuntu Security Notice USN-2984-1\nMay 24, 2016\n\nphp5, php7.0 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)\n\nHans Jerry Illikainen discovered that the PHP Zip extension incorrectly\nhandled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. \n(CVE-2016-3078)\n\nIt was discovered that PHP incorrectly handled invalid indexes in the\nSplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)\n\nIt was discovered that the PHP rawurlencode() function incorrectly handled\nlarge strings. This issue only affected Ubuntu\n16.04 LTS. (CVE-2016-4070)\n\nIt was discovered that the PHP php_snmp_error() function incorrectly\nhandled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\nfilenames in archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)\n\nIt was discovered that the PHP mb_strcut() function incorrectly handled\nstring formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\narchive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2016-4342, CVE-2016-4343)\n\nIt was discovered that the PHP bcpowmod() function incorrectly handled\nmemory. \n(CVE-2016-4537, CVE-2016-4538)\n\nIt was discovered that the PHP XML parser incorrectly handled certain\nmalformed XML data. (CVE-2016-4539)\n\nIt was discovered that certain PHP grapheme functions incorrectly handled\nnegative offsets. (CVE-2016-4540,\nCVE-2016-4541)\n\nIt was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543,\nCVE-2016-4544)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libapache2-mod-php7.0           7.0.4-7ubuntu2.1\n  php7.0-cgi                      7.0.4-7ubuntu2.1\n  php7.0-cli                      7.0.4-7ubuntu2.1\n  php7.0-fpm                      7.0.4-7ubuntu2.1\n\nUbuntu 15.10:\n  libapache2-mod-php5             5.6.11+dfsg-1ubuntu3.4\n  php5-cgi                        5.6.11+dfsg-1ubuntu3.4\n  php5-cli                        5.6.11+dfsg-1ubuntu3.4\n  php5-fpm                        5.6.11+dfsg-1ubuntu3.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.17\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.17\n  php5-cli                        5.5.9+dfsg-1ubuntu4.17\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.17\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.23\n  php5-cgi                        5.3.10-1ubuntu3.23\n  php5-cli                        5.3.10-1ubuntu3.23\n  php5-fpm                        5.3.10-1ubuntu3.23\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rh-php56 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2016:2750-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2750.html\nIssue date:        2016-11-15\nCVE Names:         CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 \n                   CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 \n                   CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 \n                   CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 \n                   CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 \n                   CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 \n                   CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 \n                   CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 \n                   CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 \n                   CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 \n                   CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 \n                   CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 \n                   CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 \n                   CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 \n                   CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 \n                   CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 \n                   CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 \n                   CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 \n                   CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 \n                   CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 \n                   CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 \n                   CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 \n                   CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 \n                   CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 \n                   CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 \n                   CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 \n                   CVE-2016-7132 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php56, rh-php56-php, and rh-php56-php-pear is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The rh-php56 packages provide a recent stable release of PHP\nwith PEAR 1.9.5 and enhanced language features including constant\nexpressions, variadic functions, arguments unpacking, and the interactive\ndebuger. The memcache, mongo, and XDebug extensions are also included. \n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which\nprovides a number of bug fixes and enhancements over the previous version. \n(BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Under\ncertain circumstances, these issues could cause PHP to crash, disclose\nportions of its memory, execute arbitrary code, or impact PHP application\nintegrity. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-7456,\nCVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867,\nCVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879,\nCVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142,\nCVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342,\nCVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539,\nCVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544,\nCVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399,\nCVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771,\nCVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288,\nCVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294,\nCVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125,\nCVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130,\nCVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the\nrh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,\nCVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383,\nCVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391,\nCVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-3074, CVE-2016-4473, and CVE-2016-5399. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch()\n1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23)\n1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)\n1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)\n1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories\n1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)\n1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)\n1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)\n1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)\n1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)\n1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)\n1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)\n1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)\n1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)\n1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c\n1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated\n1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent\n1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives\n1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile()\n1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data\n1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd\n1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method\n1323103 - CVE-2016-4073 php: Negative size parameter in memcpy\n1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \\0 inside name\n1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error()\n1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode\n1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file\n1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads\n1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure\n1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream()\n1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition\n1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input\n1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used\n1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used\n1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow\n1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c\n1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects\n1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches\n1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns\n1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal\n1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread\n1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc\n1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities()\n1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file()\n1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow\n1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec\n1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread\n1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize\n1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351603 - CVE-2016-6128 gd: Invalid color index not properly handled\n1358395 - CVE-2016-5399 php: Improper error handling in bzread()\n1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex\n1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization\n1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment\n1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()\n1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http\n1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize()\n1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c\n1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex\n1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object\n1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability\n1374699 - CVE-2016-7126 php: select_colors write out-of-bounds\n1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access\n1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF\n1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access\n1374707 - CVE-2016-7130 php: wddx_deserialize null dereference\n1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml\n1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-7456\nhttps://access.redhat.com/security/cve/CVE-2014-9767\nhttps://access.redhat.com/security/cve/CVE-2015-2325\nhttps://access.redhat.com/security/cve/CVE-2015-2326\nhttps://access.redhat.com/security/cve/CVE-2015-2327\nhttps://access.redhat.com/security/cve/CVE-2015-2328\nhttps://access.redhat.com/security/cve/CVE-2015-3210\nhttps://access.redhat.com/security/cve/CVE-2015-3217\nhttps://access.redhat.com/security/cve/CVE-2015-5073\nhttps://access.redhat.com/security/cve/CVE-2015-8381\nhttps://access.redhat.com/security/cve/CVE-2015-8383\nhttps://access.redhat.com/security/cve/CVE-2015-8384\nhttps://access.redhat.com/security/cve/CVE-2015-8385\nhttps://access.redhat.com/security/cve/CVE-2015-8386\nhttps://access.redhat.com/security/cve/CVE-2015-8388\nhttps://access.redhat.com/security/cve/CVE-2015-8391\nhttps://access.redhat.com/security/cve/CVE-2015-8392\nhttps://access.redhat.com/security/cve/CVE-2015-8395\nhttps://access.redhat.com/security/cve/CVE-2015-8835\nhttps://access.redhat.com/security/cve/CVE-2015-8865\nhttps://access.redhat.com/security/cve/CVE-2015-8866\nhttps://access.redhat.com/security/cve/CVE-2015-8867\nhttps://access.redhat.com/security/cve/CVE-2015-8873\nhttps://access.redhat.com/security/cve/CVE-2015-8874\nhttps://access.redhat.com/security/cve/CVE-2015-8876\nhttps://access.redhat.com/security/cve/CVE-2015-8877\nhttps://access.redhat.com/security/cve/CVE-2015-8879\nhttps://access.redhat.com/security/cve/CVE-2016-1903\nhttps://access.redhat.com/security/cve/CVE-2016-2554\nhttps://access.redhat.com/security/cve/CVE-2016-3074\nhttps://access.redhat.com/security/cve/CVE-2016-3141\nhttps://access.redhat.com/security/cve/CVE-2016-3142\nhttps://access.redhat.com/security/cve/CVE-2016-4070\nhttps://access.redhat.com/security/cve/CVE-2016-4071\nhttps://access.redhat.com/security/cve/CVE-2016-4072\nhttps://access.redhat.com/security/cve/CVE-2016-4073\nhttps://access.redhat.com/security/cve/CVE-2016-4342\nhttps://access.redhat.com/security/cve/CVE-2016-4343\nhttps://access.redhat.com/security/cve/CVE-2016-4473\nhttps://access.redhat.com/security/cve/CVE-2016-4537\nhttps://access.redhat.com/security/cve/CVE-2016-4538\nhttps://access.redhat.com/security/cve/CVE-2016-4539\nhttps://access.redhat.com/security/cve/CVE-2016-4540\nhttps://access.redhat.com/security/cve/CVE-2016-4541\nhttps://access.redhat.com/security/cve/CVE-2016-4542\nhttps://access.redhat.com/security/cve/CVE-2016-4543\nhttps://access.redhat.com/security/cve/CVE-2016-4544\nhttps://access.redhat.com/security/cve/CVE-2016-5093\nhttps://access.redhat.com/security/cve/CVE-2016-5094\nhttps://access.redhat.com/security/cve/CVE-2016-5096\nhttps://access.redhat.com/security/cve/CVE-2016-5114\nhttps://access.redhat.com/security/cve/CVE-2016-5399\nhttps://access.redhat.com/security/cve/CVE-2016-5766\nhttps://access.redhat.com/security/cve/CVE-2016-5767\nhttps://access.redhat.com/security/cve/CVE-2016-5768\nhttps://access.redhat.com/security/cve/CVE-2016-5770\nhttps://access.redhat.com/security/cve/CVE-2016-5771\nhttps://access.redhat.com/security/cve/CVE-2016-5772\nhttps://access.redhat.com/security/cve/CVE-2016-5773\nhttps://access.redhat.com/security/cve/CVE-2016-6128\nhttps://access.redhat.com/security/cve/CVE-2016-6207\nhttps://access.redhat.com/security/cve/CVE-2016-6288\nhttps://access.redhat.com/security/cve/CVE-2016-6289\nhttps://access.redhat.com/security/cve/CVE-2016-6290\nhttps://access.redhat.com/security/cve/CVE-2016-6291\nhttps://access.redhat.com/security/cve/CVE-2016-6292\nhttps://access.redhat.com/security/cve/CVE-2016-6294\nhttps://access.redhat.com/security/cve/CVE-2016-6295\nhttps://access.redhat.com/security/cve/CVE-2016-6296\nhttps://access.redhat.com/security/cve/CVE-2016-6297\nhttps://access.redhat.com/security/cve/CVE-2016-7124\nhttps://access.redhat.com/security/cve/CVE-2016-7125\nhttps://access.redhat.com/security/cve/CVE-2016-7126\nhttps://access.redhat.com/security/cve/CVE-2016-7127\nhttps://access.redhat.com/security/cve/CVE-2016-7128\nhttps://access.redhat.com/security/cve/CVE-2016-7129\nhttps://access.redhat.com/security/cve/CVE-2016-7130\nhttps://access.redhat.com/security/cve/CVE-2016-7131\nhttps://access.redhat.com/security/cve/CVE-2016-7132\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs\nUCuj+0gWfBsWXOgFhgH0uL8=\n=FcPG\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3560-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nApril 27, 2016                        https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : php5\nCVE ID         : CVE-2015-8865 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072\n                 CVE-2016-4073\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. Please refer to the\nupstream changelog for more information:\n\n https://php.net/ChangeLog-5.php#5.6.20\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.20+dfsg-0+deb8u1. \n\nWe recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05240731\nVersion: 1\n\nHPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and\nPHP, Multiple Local and Remote Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-08-19\nLast Updated: 2016-08-19\n\nPotential Security Impact: Local Denial of Service (DoS), Elevation of\nPrivilege, Remote Denial of Service (DoS), Execution of Arbitrary Code,\nUnauthorized Disclosure of Information, Unauthorized Modification\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential remote and local vulnerabilities impacting Perl and PHP\nhave been addressed by HPE NonStop Servers OSS Script Languages. The\nvulnerabilities include Perl\u0027s opportunistic loading of optional modules\nwhich might allow local users to gain elevation of privilege via a Trojan\nhorse library under the current working directory. \n\nReferences:\n\n    - CVE-2016-1238 - Perl Local Elevation of Privilege\n    - CVE-2016-2381 - Perl Remote Unauthorized Modification\n    - CVE-2014-4330 - Perl Local Denial of Service (DoS)\n\n        **Note:** applies only for the H/J-series SPR. Fix was already\nprovided in a previous L-series SPR. \nOSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and\nT1203L01^AAC\n\n    *Impacted releases:*\n\n    - L15.02\n    - L15.08.00, L15.08.01\n    - L16.05.00\n\n    - J06.14 through J06.16.02\n    - J06.17.00, J06.17.01\n    - J06.18.00, J06.18.01\n    - J06.19.00, J06.19.01, J06.19.02\n    - J06.20.00\n\n    - H06.25 through H06.26.01\n    - H06.27.00, H06.27.01\n    - H06.28.00, H06.28.01\n    - H06.29.00, H06.29.01\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2013-7456\n      7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-4330\n      4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-8383\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8386\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8387\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8389\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8390\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8391\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)\n\n    CVE-2015-8393\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-8394\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8607\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8853\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-8865\n      7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8874\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-1238\n      6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\n      6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-1903\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    CVE-2016-2381\n      6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\n      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n    CVE-2016-2554\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-3074\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4070\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-4071\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4072\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4073\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4342\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)\n\n    CVE-2016-4343\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4537\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4538\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4539\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4540\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4541\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4542\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4543\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4544\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5093\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5094\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5096\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5114\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    CVE-2016-5766\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5767\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5768\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5769\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5770\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5771\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5772\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5773\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has released the following software updates to resolve the\nvulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP. \n\nInstall one of the SPRs below as appropriate for the system\u0027s release\nversion:\n\n  + L-Series:\n\n    * T1203L01^AAE (OSS Scripting Languages) - already available\n\n        This SPR already is present in these RVUs: None\n\n        This SPR is usable with the following RVUs:\n\n        - L15.02 through L16.05.00\n\n  + H and J-Series:\n\n    * T1203H01^AAF (OSS Scripting Languages) - already available\n\n        This SPR already is present in these RVUs: None\n\n        This SPR is usable with the following RVUs:\n\n         - J06.14 through J06.20.00\n\n         - H06.25 through H06.29.01\n\n**Note:** Please refer to *NonStop Hotstuff HS03333* for more information. \n\nHISTORY\nVersion:1 (rev.1) - 19 August 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/php                 \u003c 5.6.28                  \u003e= 5.6.28\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.28\"\n\nReferences\n==========\n\n[  1 ] CVE-2015-8865\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865\n[  2 ] CVE-2016-3074\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074\n[  3 ] CVE-2016-4071\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071\n[  4 ] CVE-2016-4072\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072\n[  5 ] CVE-2016-4073\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073\n[  6 ] CVE-2016-4537\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537\n[  7 ] CVE-2016-4538\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538\n[  8 ] CVE-2016-4539\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539\n[  9 ] CVE-2016-4540\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540\n[ 10 ] CVE-2016-4541\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541\n[ 11 ] CVE-2016-4542\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542\n[ 12 ] CVE-2016-4543\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543\n[ 13 ] CVE-2016-4544\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544\n[ 14 ] CVE-2016-5385\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385\n[ 15 ] CVE-2016-6289\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289\n[ 16 ] CVE-2016-6290\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290\n[ 17 ] CVE-2016-6291\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291\n[ 18 ] CVE-2016-6292\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292\n[ 19 ] CVE-2016-6294\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294\n[ 20 ] CVE-2016-6295\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295\n[ 21 ] CVE-2016-6296\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296\n[ 22 ] CVE-2016-6297\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297\n[ 23 ] CVE-2016-7124\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124\n[ 24 ] CVE-2016-7125\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125\n[ 25 ] CVE-2016-7126\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126\n[ 26 ] CVE-2016-7127\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127\n[ 27 ] CVE-2016-7128\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128\n[ 28 ] CVE-2016-7129\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129\n[ 29 ] CVE-2016-7130\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130\n[ 30 ] CVE-2016-7131\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131\n[ 31 ] CVE-2016-7132\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132\n[ 32 ] CVE-2016-7133\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133\n[ 33 ] CVE-2016-7134\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134\n[ 34 ] CVE-2016-7411\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411\n[ 35 ] CVE-2016-7412\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412\n[ 36 ] CVE-2016-7413\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413\n[ 37 ] CVE-2016-7414\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414\n[ 38 ] CVE-2016-7416\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416\n[ 39 ] CVE-2016-7417\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417\n[ 40 ] CVE-2016-7418\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201611-22\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      },
      {
        "db": "BID",
        "id": "85993"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92891"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4072"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4072",
        "trust": 3.5
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/04/24/1",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "85993",
        "trust": 1.5
      },
      {
        "db": "JVN",
        "id": "JVNVU91632741",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002853",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-559",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-92891",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4072",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137174",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139729",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136841",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138463",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139379",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139968",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92891"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4072"
      },
      {
        "db": "BID",
        "id": "85993"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-559"
      }
    ]
  },
  "id": "VAR-201605-0118",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92891"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:52:25.565000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206567"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206567"
      },
      {
        "title": "HPSBNS03635",
        "trust": 0.8,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05240731"
      },
      {
        "title": "Sec Bug #71860",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=71860"
      },
      {
        "title": "Fix bug #71860: Require valid paths for phar filenames",
        "trust": 0.8,
        "url": "https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a"
      },
      {
        "title": "PHP 7 ChangeLog",
        "trust": 0.8,
        "url": "http://www.php.net/changelog-7.php"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "title": "PHP PHAR Fixing measures to extend security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61242"
      },
      {
        "title": "Red Hat: CVE-2016-4072",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-4072"
      },
      {
        "title": "Debian Security Advisories: DSA-3560-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f33dfec360e1186a6d0f52314de3ce6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-698",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-698"
      },
      {
        "title": "Ubuntu Security Notice: php5, php7.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2984-1"
      },
      {
        "title": "Apple: OS X El Capitan v10.11.5 and Security Update 2016-003",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3c550201b398ce302f3a9adf27215fda"
      },
      {
        "title": "Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162750 - security advisory"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-4072"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-559"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4072"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=71860"
      },
      {
        "trust": 2.1,
        "url": "https://gist.github.com/smalyshev/80b5c2909832872f2ba2"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-7.php"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206567"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2016/04/24/1"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/85993"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201611-22"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2750.html"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05240731"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.2,
        "url": "http://www.debian.org/security/2016/dsa-3560"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2952-1"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2952-2"
      },
      {
        "trust": 1.1,
        "url": "https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a"
      },
      {
        "trust": 1.0,
        "url": "https://git.php.net/?p=php-src.git%3ba=commit%3bh=1e9b175204e3286d64dfd6c9f09151c31b5e099a"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4072"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91632741/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4072"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8865"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4073"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/oss-sec/2016/q2/55"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-4072"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4544"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8386"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8391"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8383"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8874"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.2,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2984-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/./dsa-3560"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3132"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.4-7ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3078"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.23"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.17"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2984-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6288"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5093"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4342"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4473"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5096"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4070"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://php.net/changelog-5.php#5.6.20"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8853"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05240731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8393"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8389"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8390"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4393"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4396"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4395"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7417"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7416"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5385"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7134"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7411"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7413"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7414"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7133"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7418"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3074"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92891"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4072"
      },
      {
        "db": "BID",
        "id": "85993"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-559"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-92891"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4072"
      },
      {
        "db": "BID",
        "id": "85993"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-559"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92891"
      },
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4072"
      },
      {
        "date": "2016-04-12T00:00:00",
        "db": "BID",
        "id": "85993"
      },
      {
        "date": "2016-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      },
      {
        "date": "2016-05-24T23:31:17",
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "date": "2016-11-15T16:44:45",
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "date": "2016-04-28T15:45:53",
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "date": "2016-08-22T18:18:17",
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "date": "2016-10-27T19:22:00",
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "date": "2016-12-01T16:38:01",
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "date": "2016-05-20T11:00:16.663000",
        "db": "NVD",
        "id": "CVE-2016-4072"
      },
      {
        "date": "2016-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-559"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92891"
      },
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4072"
      },
      {
        "date": "2016-12-20T00:05:00",
        "db": "BID",
        "id": "85993"
      },
      {
        "date": "2016-10-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      },
      {
        "date": "2023-11-07T02:32:33.650000",
        "db": "NVD",
        "id": "CVE-2016-4072"
      },
      {
        "date": "2016-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-559"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-559"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  Phar An arbitrary code execution vulnerability in the extension",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002853"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-559"
      }
    ],
    "trust": 0.6
  }
}

var-202010-1571
Vulnerability from variot

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. PHP Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in PHP versions 7.2.0, 7.3.0 and 7.4.0 due to the fact that the 'mbfl_filt_conv_big5_wchar' function does not check bounds properly. A remote attacker could exploit this vulnerability with specially crafted parameters to execute arbitrary code on the system or cause an application to crash. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2021:2992-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2992 Issue date: 2021-08-03 CVE Names: CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21705 ==================================================================== 1. Summary:

An update for rh-php73-php is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.29). (BZ#1977764)

Security Fix(es):

  • php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069)

  • php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071)

  • php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)

  • php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068)

  • php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070)

  • php: NULL pointer dereference in SoapClient (CVE-2021-21702)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function 1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV 1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server 1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo 1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient 1977764 - PDO ODBC truncates BLOB records at every 256th byte [rhscl-3.7.z] 1978755 - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php73-php-7.3.29-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source: rh-php73-php-7.3.29-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php73-php-7.3.29-1.el7.src.rpm

x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-7068 https://access.redhat.com/security/cve/CVE-2020-7069 https://access.redhat.com/security/cve/CVE-2020-7070 https://access.redhat.com/security/cve/CVE-2020-7071 https://access.redhat.com/security/cve/CVE-2021-21702 https://access.redhat.com/security/cve/CVE-2021-21705 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYQkJj9zjgjWX9erEAQgi0w/9HBV5SuB3M7vK1ssSWffk2HuyWHLVm+wV Wy96rIvzD1KrNeLTn3HAByHCIgHew6KD1mnoEawc5DItVY6oRlfW8ldX2P8fsk0C 2xzmNy8jAzA0BjYZeYXfMQROpqiqCQVkPhAfeeWaVxn6jRH28oSwmF2U60HOoqLW tWsNmX+kyzWdUhvDSJ2Z/pmftpvWgR8m2hbQDiNF6j7VTUcBB5Ft1CZ5AH5TFkO2 T/35iXqS3imgf6MVfS4fIZHmK7j59B93xv4XCLbsoFJ+YLrzESu1xouZOsU0REdw AGHnGQX/37DcBm3qdMH3DE0aBltk2AgzKdhwxG+gAREVVA2seeJSS9u6N368FSIW 4Q1mLY0bQtdXc9XjmbTnA5sorQoeMdoM8P5DRxvGPG7armFisdhqqNuymcVTmwvz obgIIpuhM1ZOWrMZ5MyWTMKM1/5YdZk1F5wUgto1/DdTfeBOy/grNR1FKSiFcWYH x85ziJdRZK4nQmTeMIXLQvv9ZsDS4k1eRfil9Sq7WQdPjlm1mwYyhdAay/dNSdtd WCruH54kv/dZlv52jZqC1Fr7IzQY48Y2pvknRmCJgitHum6WaKkjaQC+iKR/N0wq ZzINH2j1osQ381u+uJc4wYPHIFw/oWOosDWiuUYX+4oO7+0lAuEYQltmN5qF3z25 OwqKXJAGJYo=waMi -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-16


                                        https://security.gentoo.org/

Severity: Low Title: PHP: Multiple vulnerabilities Date: December 23, 2020 Bugs: #711140, #745993, #756775 ID: 202012-16


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition.

Background

PHP is an open source general-purpose scripting language that is especially suited for web development.

Affected packages

 -------------------------------------------------------------------
  Package              /     Vulnerable     /            Unaffected
 -------------------------------------------------------------------

1 dev-lang/php < 8.0.0 >= 7.2.34-r1:7.2 >= 7.3.25:7.3 >= 7.4.13:7.4

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers and change log referenced below for details.

Impact

An attacker could cause a Denial of Service condition or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All PHP 7.2.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.34-r1:7.2"

All PHP 7.3.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.25:7.3"

All PHP 7.4.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.13:7.4"

References

[ 1 ] CVE-2020-7069 https://nvd.nist.gov/vuln/detail/CVE-2020-7069 [ 2 ] CVE-2020-7070 https://nvd.nist.gov/vuln/detail/CVE-2020-7070 [ 3 ] PHP 7.4.13 Change Log https://www.php.net/ChangeLog-7.php#7.4.13

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202012-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4583-2 October 27, 2020

php7.4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.10

Summary:

Several security issues were fixed in PHP. This update provides the corresponding update for Ubuntu 20.10.

Original advisory details:

It was discovered that PHP incorrectly handled certain encrypt ciphers. (CVE-2020-7069)

It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. (CVE-2020-7070)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10: libapache2-mod-php7.4 7.4.9-1ubuntu1.1 php7.4-cgi 7.4.9-1ubuntu1.1 php7.4-cli 7.4.9-1ubuntu1.1 php7.4-curl 7.4.9-1ubuntu1.1 php7.4-fpm 7.4.9-1ubuntu1.1

In general, a standard system update will make all the necessary changes.

For the stable distribution (buster), these problems have been fixed in version 7.3.27-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8 TjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef PCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH DAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3 AWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl 8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv /lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY YDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En vzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR 0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd 622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX lbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ= =9Q7e -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1571",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.34"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "tenable.sc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.19.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "20.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.11"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "31"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.23"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.2"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.5.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "php",
        "scope": null,
        "trust": 0.8,
        "vendor": "the php group",
        "version": null
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "clustered data ontap",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "leap",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.11",
                "versionStartIncluding": "7.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.23",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.34",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.0",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-7069",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-7069",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-185194",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security@php.net",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2020-7069",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-7069",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "security@php.net",
            "id": "CVE-2020-7069",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202005-435",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-185194",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-7069",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. PHP Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in PHP versions 7.2.0, 7.3.0 and 7.4.0 due to the fact that the \u0027mbfl_filt_conv_big5_wchar\u0027 function does not check bounds properly. A remote attacker could exploit this vulnerability with specially crafted parameters to execute arbitrary code on the system or cause an application to crash. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: rh-php73-php security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2021:2992-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2992\nIssue date:        2021-08-03\nCVE Names:         CVE-2020-7068 CVE-2020-7069 CVE-2020-7070\n                   CVE-2020-7071 CVE-2021-21702 CVE-2021-21705\n====================================================================\n1. Summary:\n\nAn update for rh-php73-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nThe following packages have been upgraded to a later upstream version:\nrh-php73-php (7.3.29). (BZ#1977764)\n\nSecurity Fix(es):\n\n* php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV\n(CVE-2020-7069)\n\n* php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo\n(CVE-2020-7071)\n\n* php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)\n\n* php: Use of freed hash key in the phar_parse_zipfile function\n(CVE-2020-7068)\n\n* php: URL decoding of cookie names can lead to different interpretation of\ncookies between browser and server (CVE-2020-7070)\n\n* php: NULL pointer dereference in SoapClient (CVE-2021-21702)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function\n1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV\n1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server\n1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo\n1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient\n1977764 - PDO ODBC truncates BLOB records at every 256th byte [rhscl-3.7.z]\n1978755 - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.29-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.29-1.el7.s390x.rpm\nrh-php73-php-common-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.29-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.29-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.29-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.29-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.29-1.el7.s390x.rpm\nrh-php73-php-json-7.3.29-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm\nrh-php73-php-process-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.29-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.29-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.29-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.29-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.29-1.el7.s390x.rpm\nrh-php73-php-common-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.29-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.29-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.29-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.29-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.29-1.el7.s390x.rpm\nrh-php73-php-json-7.3.29-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm\nrh-php73-php-process-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.29-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.29-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.29-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-7068\nhttps://access.redhat.com/security/cve/CVE-2020-7069\nhttps://access.redhat.com/security/cve/CVE-2020-7070\nhttps://access.redhat.com/security/cve/CVE-2020-7071\nhttps://access.redhat.com/security/cve/CVE-2021-21702\nhttps://access.redhat.com/security/cve/CVE-2021-21705\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYQkJj9zjgjWX9erEAQgi0w/9HBV5SuB3M7vK1ssSWffk2HuyWHLVm+wV\nWy96rIvzD1KrNeLTn3HAByHCIgHew6KD1mnoEawc5DItVY6oRlfW8ldX2P8fsk0C\n2xzmNy8jAzA0BjYZeYXfMQROpqiqCQVkPhAfeeWaVxn6jRH28oSwmF2U60HOoqLW\ntWsNmX+kyzWdUhvDSJ2Z/pmftpvWgR8m2hbQDiNF6j7VTUcBB5Ft1CZ5AH5TFkO2\nT/35iXqS3imgf6MVfS4fIZHmK7j59B93xv4XCLbsoFJ+YLrzESu1xouZOsU0REdw\nAGHnGQX/37DcBm3qdMH3DE0aBltk2AgzKdhwxG+gAREVVA2seeJSS9u6N368FSIW\n4Q1mLY0bQtdXc9XjmbTnA5sorQoeMdoM8P5DRxvGPG7armFisdhqqNuymcVTmwvz\nobgIIpuhM1ZOWrMZ5MyWTMKM1/5YdZk1F5wUgto1/DdTfeBOy/grNR1FKSiFcWYH\nx85ziJdRZK4nQmTeMIXLQvv9ZsDS4k1eRfil9Sq7WQdPjlm1mwYyhdAay/dNSdtd\nWCruH54kv/dZlv52jZqC1Fr7IzQY48Y2pvknRmCJgitHum6WaKkjaQC+iKR/N0wq\nZzINH2j1osQ381u+uJc4wYPHIFw/oWOosDWiuUYX+4oO7+0lAuEYQltmN5qF3z25\nOwqKXJAGJYo=waMi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202012-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Low\n     Title: PHP: Multiple vulnerabilities\n      Date: December 23, 2020\n      Bugs: #711140, #745993, #756775\n        ID: 202012-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nPHP is an open source general-purpose scripting language that is\nespecially suited for web development. \n\nAffected packages\n=================\n\n     -------------------------------------------------------------------\n      Package              /     Vulnerable     /            Unaffected\n     -------------------------------------------------------------------\n   1  dev-lang/php                 \u003c 8.0.0            \u003e= 7.2.34-r1:7.2\n                                                         \u003e= 7.3.25:7.3\n                                                         \u003e= 7.4.13:7.4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers and change log referenced below for details. \n\nImpact\n======\n\nAn attacker could cause a Denial of Service condition or obtain\nsensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 7.2.x users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.2.34-r1:7.2\"\n\nAll PHP 7.3.x users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.3.25:7.3\"\n\nAll PHP 7.4.x users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.4.13:7.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-7069\n       https://nvd.nist.gov/vuln/detail/CVE-2020-7069\n[ 2 ] CVE-2020-7070\n       https://nvd.nist.gov/vuln/detail/CVE-2020-7070\n[ 3 ] PHP 7.4.13 Change Log\n       https://www.php.net/ChangeLog-7.php#7.4.13\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  https://security.gentoo.org/glsa/202012-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-4583-2\nOctober 27, 2020\n\nphp7.4 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n\nSummary:\n\nSeveral security issues were fixed in PHP. This update provides\nthe corresponding update for Ubuntu 20.10. \n\nOriginal advisory details:\n\n It was discovered that PHP incorrectly handled certain encrypt ciphers. (CVE-2020-7069)\n\n It was discorevered that PHP incorrectly handled certain HTTP cookies. \n An attacker could possibly use this issue to forge cookie which is supposed to\n be secure. (CVE-2020-7070)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n  libapache2-mod-php7.4           7.4.9-1ubuntu1.1\n  php7.4-cgi                      7.4.9-1ubuntu1.1\n  php7.4-cli                      7.4.9-1ubuntu1.1\n  php7.4-curl                     7.4.9-1ubuntu1.1\n  php7.4-fpm                      7.4.9-1ubuntu1.1\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.27-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8\nTjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef\nPCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH\nDAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3\nAWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl\n8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv\n/lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY\nYDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En\nvzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR\n0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd\n622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX\nlbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ=\n=9Q7e\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159564"
      },
      {
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "db": "PACKETSTORM",
        "id": "159722"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-7069",
        "trust": 3.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-14",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159722",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160708",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "164839",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159564",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "163727",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080321",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072292",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3787",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2608",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0606",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6055",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3671",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3541",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2515",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3581",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-33149",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-185194",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168990",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159564"
      },
      {
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "db": "PACKETSTORM",
        "id": "159722"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "id": "VAR-202010-1571",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-02-12T23:37:29.184000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openSUSE\u00a0Leap\u00a015.2 The\u00a0PHP\u00a0GroupPHP\u00a0Bugs",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/4583-1/"
      },
      {
        "title": "PHP Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=118684"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1440",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1440"
      },
      {
        "title": "Debian Security Advisories: DSA-4856-1 php7.3 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=02a4cb271948bb2c8ad70e07948c2253"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-14"
      },
      {
        "title": "OpenSSL-CVE-lib",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/openssl-cve-lib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.1
      },
      {
        "problemtype": "Inadequate encryption strength (CWE-326) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7069"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202012-16"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20201016-0001/"
      },
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2021-14"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2021/dsa-4856"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=79601"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html"
      },
      {
        "trust": 1.8,
        "url": "https://usn.ubuntu.com/4583-1/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rru57n3osyzpomfwprdnvh7emyotsz66/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7evdn7d3ib4eai4d3zom2ojkq5sd7k4e/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/p2j3zzdhcsx65t5qwv4ahbn7mojxbekg/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rru57n3osyzpomfwprdnvh7emyotsz66/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7evdn7d3ib4eai4d3zom2ojkq5sd7k4e/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/p2j3zzdhcsx65t5qwv4ahbn7mojxbekg/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7070"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0606"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2608"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-information-disclosure-via-aes-ccm-encryption-33466"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164839/red-hat-security-advisory-2021-4213-03.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159564/ubuntu-security-notice-usn-4583-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163727/red-hat-security-advisory-2021-2992-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-buffer-overflow-via-mbfl-filt-conv-big5-wchar-32228"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160708/gentoo-linux-security-advisory-202012-16.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159722/ubuntu-security-notice-usn-4583-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3787"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6055"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3671/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080321"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3581/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3541/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7068"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21702"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7071"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7070"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7069"
      },
      {
        "trust": 0.2,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21702"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7071"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7068"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/4583-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/326.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/alas-2020-1440.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4213"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2992"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21705"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://www.php.net/changelog-7.php#7.4.13"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.9-1ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4583-2"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.3"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159564"
      },
      {
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "db": "PACKETSTORM",
        "id": "159722"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159564"
      },
      {
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "db": "PACKETSTORM",
        "id": "159722"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "date": "2020-10-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "date": "2021-04-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "date": "2021-11-10T17:05:06",
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "date": "2021-08-03T14:47:43",
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "date": "2020-10-14T20:14:14",
        "db": "PACKETSTORM",
        "id": "159564"
      },
      {
        "date": "2020-12-24T17:17:47",
        "db": "PACKETSTORM",
        "id": "160708"
      },
      {
        "date": "2020-10-27T14:12:34",
        "db": "PACKETSTORM",
        "id": "159722"
      },
      {
        "date": "2021-02-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "date": "2020-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2020-10-02T15:15:12.670000",
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185194"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7069"
      },
      {
        "date": "2021-04-23T08:59:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      },
      {
        "date": "2022-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2023-11-07T03:25:41.900000",
        "db": "NVD",
        "id": "CVE-2020-7069"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP\u00a0 Vulnerability in cryptography",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012092"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-435"
      }
    ],
    "trust": 0.6
  }
}

var-201311-0379
Vulnerability from variot

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. PHP is prone to a denial-of-service vulnerability due to a heap-based buffer over-read error. Successful exploits will allow attackers to cause a denial of service condition. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in the 'scan' function in the ext/date/lib/parse_iso_intervals.c file in PHP 5.5.6 and earlier versions. The vulnerability is caused by the program not properly restricting the creation of DateInterval objects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-11


                                        http://security.gentoo.org/

Severity: High Title: PHP: Multiple vulnerabilities Date: August 29, 2014 Bugs: #459904, #472204, #472558, #474656, #476570, #481004, #483212, #485252, #492784, #493982, #501312, #503630, #503670, #505172, #505712, #509132, #512288, #512492, #513032, #516994, #519932, #520134, #520438 ID: 201408-11


Synopsis

Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 5.5.16 >= 5.5.16 >= 5.4.32 >= 5.3.29

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.16"

All PHP 5.4 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.32"

All PHP 5.3 users should upgrade to the latest version. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively.

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29"

References

[ 1 ] CVE-2011-4718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718 [ 2 ] CVE-2013-1635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635 [ 3 ] CVE-2013-1643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643 [ 4 ] CVE-2013-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824 [ 5 ] CVE-2013-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110 [ 6 ] CVE-2013-3735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735 [ 7 ] CVE-2013-4113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113 [ 8 ] CVE-2013-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248 [ 9 ] CVE-2013-4635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635 [ 10 ] CVE-2013-4636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636 [ 11 ] CVE-2013-6420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420 [ 12 ] CVE-2013-6712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712 [ 13 ] CVE-2013-7226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226 [ 14 ] CVE-2013-7327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327 [ 15 ] CVE-2013-7345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345 [ 16 ] CVE-2014-0185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185 [ 17 ] CVE-2014-0237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237 [ 18 ] CVE-2014-0238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238 [ 19 ] CVE-2014-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943 [ 20 ] CVE-2014-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270 [ 21 ] CVE-2014-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497 [ 22 ] CVE-2014-3597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597 [ 23 ] CVE-2014-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981 [ 24 ] CVE-2014-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049 [ 25 ] CVE-2014-4670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670 [ 26 ] CVE-2014-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201408-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

Additionally, the PECL packages which requires so has been rebuilt for php-5.5.8 and some has been upgraded to their latest versions. The verification of md5 checksums and GPG signatures is performed automatically for you. ============================================================================ Ubuntu Security Notice USN-2055-1 December 12, 2013

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP. (CVE-2013-6420)

It was discovered that PHP incorrectly handled DateInterval objects. (CVE-2013-6712)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10: libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.1 php5-cgi 5.5.3+dfsg-1ubuntu2.1 php5-cli 5.5.3+dfsg-1ubuntu2.1

Ubuntu 13.04: libapache2-mod-php5 5.4.9-4ubuntu2.4 php5-cgi 5.4.9-4ubuntu2.4 php5-cli 5.4.9-4ubuntu2.4

Ubuntu 12.10: libapache2-mod-php5 5.4.6-1ubuntu1.5 php5-cgi 5.4.6-1ubuntu1.5 php5-cli 5.4.6-1ubuntu1.5

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.9 php5-cgi 5.3.10-1ubuntu3.9 php5-cli 5.3.10-1ubuntu3.9

Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.22 php5-cgi 5.3.2-1ubuntu4.22 php5-cli 5.3.2-1ubuntu4.22

In general, a standard system update will make all the necessary changes.

Release Date: 2014-09-30 Last Updated: 2014-09-30

Potential Security Impact: Cross-site scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking.

References:

CVE-2013-4545 Unauthorized modification CVE-2013-6420 (SSRT101447) Unauthorized disclosure of information CVE-2013-6422 Unauthorized disclosure of information CVE-2013-6712 (SSRT101447) Denial of Service (DoS) CVE-2014-2640 (SSRT101633, SSRT101438) Cross-site Scripting (XSS) CVE-2014-2641 (SSRT101438) Cross-site Request Forgery (CSRF) CVE-2014-2642 (SSRT101701) Clickjacking

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) for Linux and Windows prior to version 7.4

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2013-4545 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-6420 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-6422 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2013-6712 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-2640 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-2641 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2014-2642 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH) for Linux and Windows:

http://h18013.www1.hp.com/products/servers/management/agents/

HISTORY Version:1 (rev.1) - 30 September 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. 6) - i386, x86_64

  1. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004

OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following:

Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec

apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523

ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero

Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller

CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)

CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli

CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple

FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld

Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team

Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple

IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco

IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team

Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative

Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io

LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142

LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple

libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.

ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298

OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy

OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204

Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple

PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120

QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein

SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team

Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple

Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146

UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple

WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative

Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.

OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658

OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- . The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2013-6420

Stefan Esser reported possible memory corruption in
openssl_x509_parse().

In addition, the update for Debian 7 "Wheezy" contains several bugfixes originally targeted for the upcoming Wheezy point release.

For the oldstable distribution (squeeze), these problems have been fixed in version 5.3.3-7+squeeze18.

For the stable distribution (wheezy), these problems have been fixed in version 5.4.4-14+deb7u7.

For the unstable distribution (sid), these problems have been fixed in version 5.5.6+dfsg-2.

We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php54-php security update Advisory ID: RHSA-2014:1765-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1765.html Issue date: 2014-10-30 CVE Names: CVE-2013-6712 CVE-2013-7345 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5120 =====================================================================

  1. Summary:

Updated php54-php packages that fix multiple security issues are now available for Red Hat Software Collections 1.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. (CVE-2014-3670)

Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function. (CVE-2014-4049, CVE-2014-3597)

Multiple denial of service flaws were found in the File Information (fileinfo) extension. A remote attacker could use these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU and possibly crash. (CVE-2013-7345, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-3538)

Multiple boundary check flaws were found in the File Information (fileinfo) extension. A remote attacker could use these flaws to cause a PHP application using fileinfo to crash. (CVE-2014-0207, CVE-2014-2270, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587, CVE-2014-3710)

A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721)

A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515)

Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698)

An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669)

It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120)

A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497)

A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712)

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668)

The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluža of the Red Hat Web Stack Team; the CVE-2014-3597 issue was discovered by David Kutálek of Red Hat BaseOS QE.

All php54-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd service must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1035670 - CVE-2013-6712 php: heap-based buffer over-read in DateInterval 1065836 - CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules 1072220 - CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file 1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm() 1079846 - CVE-2013-7345 file: extensive backtracking in awk rule regular expression 1091842 - CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check 1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop 1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS 1098222 - CVE-2014-3538 file: unrestricted regular expression matching 1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check 1104863 - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size 1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check 1107544 - CVE-2014-3487 file: cdf_read_property_info insufficient boundary check 1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing 1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw 1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak 1120259 - CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting 1120266 - CVE-2014-4670 php: SPL Iterators use-after-free 1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info 1132589 - CVE-2014-3597 php: multiple buffer over-reads in php_parserr 1132793 - CVE-2014-5120 php: gd extension NUL byte injection in file names 1154500 - CVE-2014-3669 php: integer overflow in unserialize() 1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail() 1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() 1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers

  1. Package List:

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6):

Source: php54-php-5.4.16-22.el6.src.rpm

x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4):

Source: php54-php-5.4.16-22.el6.src.rpm

x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5):

Source: php54-php-5.4.16-22.el6.src.rpm

x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source: php54-php-5.4.16-22.el6.src.rpm

x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6):

Source: php54-php-5.4.16-22.el6.src.rpm

x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7):

Source: php54-php-5.4.16-22.el7.src.rpm

x86_64: php54-php-5.4.16-22.el7.x86_64.rpm php54-php-bcmath-5.4.16-22.el7.x86_64.rpm php54-php-cli-5.4.16-22.el7.x86_64.rpm php54-php-common-5.4.16-22.el7.x86_64.rpm php54-php-dba-5.4.16-22.el7.x86_64.rpm php54-php-debuginfo-5.4.16-22.el7.x86_64.rpm php54-php-devel-5.4.16-22.el7.x86_64.rpm php54-php-enchant-5.4.16-22.el7.x86_64.rpm php54-php-fpm-5.4.16-22.el7.x86_64.rpm php54-php-gd-5.4.16-22.el7.x86_64.rpm php54-php-intl-5.4.16-22.el7.x86_64.rpm php54-php-ldap-5.4.16-22.el7.x86_64.rpm php54-php-mbstring-5.4.16-22.el7.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm php54-php-odbc-5.4.16-22.el7.x86_64.rpm php54-php-pdo-5.4.16-22.el7.x86_64.rpm php54-php-pgsql-5.4.16-22.el7.x86_64.rpm php54-php-process-5.4.16-22.el7.x86_64.rpm php54-php-pspell-5.4.16-22.el7.x86_64.rpm php54-php-recode-5.4.16-22.el7.x86_64.rpm php54-php-snmp-5.4.16-22.el7.x86_64.rpm php54-php-soap-5.4.16-22.el7.x86_64.rpm php54-php-xml-5.4.16-22.el7.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm

Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7):

Source: php54-php-5.4.16-22.el7.src.rpm

x86_64: php54-php-5.4.16-22.el7.x86_64.rpm php54-php-bcmath-5.4.16-22.el7.x86_64.rpm php54-php-cli-5.4.16-22.el7.x86_64.rpm php54-php-common-5.4.16-22.el7.x86_64.rpm php54-php-dba-5.4.16-22.el7.x86_64.rpm php54-php-debuginfo-5.4.16-22.el7.x86_64.rpm php54-php-devel-5.4.16-22.el7.x86_64.rpm php54-php-enchant-5.4.16-22.el7.x86_64.rpm php54-php-fpm-5.4.16-22.el7.x86_64.rpm php54-php-gd-5.4.16-22.el7.x86_64.rpm php54-php-intl-5.4.16-22.el7.x86_64.rpm php54-php-ldap-5.4.16-22.el7.x86_64.rpm php54-php-mbstring-5.4.16-22.el7.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm php54-php-odbc-5.4.16-22.el7.x86_64.rpm php54-php-pdo-5.4.16-22.el7.x86_64.rpm php54-php-pgsql-5.4.16-22.el7.x86_64.rpm php54-php-process-5.4.16-22.el7.x86_64.rpm php54-php-pspell-5.4.16-22.el7.x86_64.rpm php54-php-recode-5.4.16-22.el7.x86_64.rpm php54-php-snmp-5.4.16-22.el7.x86_64.rpm php54-php-soap-5.4.16-22.el7.x86_64.rpm php54-php-xml-5.4.16-22.el7.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-6712 https://access.redhat.com/security/cve/CVE-2013-7345 https://access.redhat.com/security/cve/CVE-2014-0207 https://access.redhat.com/security/cve/CVE-2014-0237 https://access.redhat.com/security/cve/CVE-2014-0238 https://access.redhat.com/security/cve/CVE-2014-1943 https://access.redhat.com/security/cve/CVE-2014-2270 https://access.redhat.com/security/cve/CVE-2014-2497 https://access.redhat.com/security/cve/CVE-2014-3478 https://access.redhat.com/security/cve/CVE-2014-3479 https://access.redhat.com/security/cve/CVE-2014-3480 https://access.redhat.com/security/cve/CVE-2014-3487 https://access.redhat.com/security/cve/CVE-2014-3515 https://access.redhat.com/security/cve/CVE-2014-3538 https://access.redhat.com/security/cve/CVE-2014-3587 https://access.redhat.com/security/cve/CVE-2014-3597 https://access.redhat.com/security/cve/CVE-2014-3668 https://access.redhat.com/security/cve/CVE-2014-3669 https://access.redhat.com/security/cve/CVE-2014-3670 https://access.redhat.com/security/cve/CVE-2014-3710 https://access.redhat.com/security/cve/CVE-2014-4049 https://access.redhat.com/security/cve/CVE-2014-4670 https://access.redhat.com/security/cve/CVE-2014-4698 https://access.redhat.com/security/cve/CVE-2014-4721 https://access.redhat.com/security/cve/CVE-2014-5120 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFUUqUKXlSAg2UNWIIRAjOVAKCpGLdlKkkekepN6kcFJZMPAAABIQCeOxaS CZNh+ke6Be93ZKCSwqWDm+c= =YZgO -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0379",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.3"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.24"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "13.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "13.10"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.2"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.10"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.29"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "10.04"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "12.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "11.4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "12.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "13.1"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64018"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.29",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.24",
                "versionStartIncluding": "5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.8",
                "versionStartIncluding": "5.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Oden Eriksson",
    "sources": [
      {
        "db": "BID",
        "id": "64018"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6712",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-66714",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-6712",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201311-464",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66714",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. PHP is prone to a denial-of-service vulnerability due to a heap-based buffer over-read error. \nSuccessful exploits will allow attackers to cause a denial of service condition. Due to the nature of this issue, arbitrary code  execution may be possible; this has not been confirmed. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in the \u0027scan\u0027 function in the ext/date/lib/parse_iso_intervals.c file in PHP 5.5.6 and earlier versions. The vulnerability is caused by the program not properly restricting the creation of DateInterval objects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201408-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: PHP: Multiple vulnerabilities\n     Date: August 29, 2014\n     Bugs: #459904, #472204, #472558, #474656, #476570, #481004,\n           #483212, #485252, #492784, #493982, #501312, #503630,\n           #503670, #505172, #505712, #509132, #512288, #512492,\n           #513032, #516994, #519932, #520134, #520438\n       ID: 201408-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in PHP, the worst of\nwhich could lead to remote execution of arbitrary code. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/php                 \u003c 5.5.16                  \u003e= 5.5.16\n                                                           *\u003e= 5.4.32\n                                                           *\u003e= 5.3.29\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker can cause arbitrary code execution, create\na Denial of Service condition, read or write arbitrary files,\nimpersonate other servers, hijack a web session, or have other\nunspecified impact. Additionally, a local attacker could gain escalated\nprivileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.5.16\"\n\nAll PHP 5.4 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.4.32\"\n\nAll PHP 5.3 users should upgrade to the latest version. This release\nmarks the end of life of the PHP 5.3 series. Future releases of this\nseries are not planned. All PHP 5.3 users are encouraged to upgrade to\nthe current stable version of PHP 5.5 or previous stable version of PHP\n5.4, which are supported till at least 2016 and 2015 respectively. \n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.3.29\"\n\nReferences\n==========\n\n[  1 ] CVE-2011-4718\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718\n[  2 ] CVE-2013-1635\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635\n[  3 ] CVE-2013-1643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643\n[  4 ] CVE-2013-1824\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824\n[  5 ] CVE-2013-2110\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110\n[  6 ] CVE-2013-3735\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735\n[  7 ] CVE-2013-4113\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113\n[  8 ] CVE-2013-4248\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248\n[  9 ] CVE-2013-4635\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635\n[ 10 ] CVE-2013-4636\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636\n[ 11 ] CVE-2013-6420\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420\n[ 12 ] CVE-2013-6712\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712\n[ 13 ] CVE-2013-7226\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226\n[ 14 ] CVE-2013-7327\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327\n[ 15 ] CVE-2013-7345\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345\n[ 16 ] CVE-2014-0185\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185\n[ 17 ] CVE-2014-0237\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237\n[ 18 ] CVE-2014-0238\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238\n[ 19 ] CVE-2014-1943\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943\n[ 20 ] CVE-2014-2270\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270\n[ 21 ] CVE-2014-2497\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497\n[ 22 ] CVE-2014-3597\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597\n[ 23 ] CVE-2014-3981\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981\n[ 24 ] CVE-2014-4049\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049\n[ 25 ] CVE-2014-4670\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670\n[ 26 ] CVE-2014-5120\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201408-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n Additionally, the PECL packages which requires so has been rebuilt\n for php-5.5.8 and some has been upgraded to their latest versions.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. ============================================================================\nUbuntu Security Notice USN-2055-1\nDecember 12, 2013\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 13.04\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. (CVE-2013-6420)\n\nIt was discovered that PHP incorrectly handled DateInterval objects. (CVE-2013-6712)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n  libapache2-mod-php5             5.5.3+dfsg-1ubuntu2.1\n  php5-cgi                        5.5.3+dfsg-1ubuntu2.1\n  php5-cli                        5.5.3+dfsg-1ubuntu2.1\n\nUbuntu 13.04:\n  libapache2-mod-php5             5.4.9-4ubuntu2.4\n  php5-cgi                        5.4.9-4ubuntu2.4\n  php5-cli                        5.4.9-4ubuntu2.4\n\nUbuntu 12.10:\n  libapache2-mod-php5             5.4.6-1ubuntu1.5\n  php5-cgi                        5.4.6-1ubuntu1.5\n  php5-cli                        5.4.6-1ubuntu1.5\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.9\n  php5-cgi                        5.3.10-1ubuntu3.9\n  php5-cli                        5.3.10-1ubuntu3.9\n\nUbuntu 10.04 LTS:\n  libapache2-mod-php5             5.3.2-1ubuntu4.22\n  php5-cgi                        5.3.2-1ubuntu4.22\n  php5-cli                        5.3.2-1ubuntu4.22\n\nIn general, a standard system update will make all the necessary changes. \n\nRelease Date: 2014-09-30\nLast Updated: 2014-09-30\n\nPotential Security Impact: Cross-site scripting (XSS), Cross-site Request\nForgery (CSRF), unauthorized disclosure of information, Denial of Service\n(DoS), and Clickjacking\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) on Linux and Windows. The vulnerabilities could be\nexploited remotely resulting in Cross-site Scripting (XSS), Cross-site\nRequest Forgery (CSRF), unauthorized disclosure of information, Denial of\nService (DoS), and Clickjacking. \n\nReferences:\n\nCVE-2013-4545 Unauthorized modification\nCVE-2013-6420 (SSRT101447) Unauthorized disclosure of information\nCVE-2013-6422 Unauthorized disclosure of information\nCVE-2013-6712 (SSRT101447) Denial of Service (DoS)\nCVE-2014-2640 (SSRT101633, SSRT101438) Cross-site Scripting (XSS)\nCVE-2014-2641 (SSRT101438) Cross-site Request Forgery (CSRF)\nCVE-2014-2642 (SSRT101701) Clickjacking\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) for Linux and Windows prior to version\n7.4\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-4545    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2013-6420    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2013-6422    (AV:N/AC:H/Au:N/C:P/I:P/A:N)       4.0\nCVE-2013-6712    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-2640    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2014-2641    (AV:N/AC:M/Au:S/C:P/I:P/A:P)       6.0\nCVE-2014-2642    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH) for Linux and Windows:\n\nhttp://h18013.www1.hp.com/products/servers/management/agents/\n\nHISTORY\nVersion:1 (rev.1) - 30 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. 6) - i386, x86_64\n\n3. PHP\u0027s fileinfo module provides functions used to identify a\nparticular file according to the type of data contained by the file. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\nand address the following:\n\nAdmin Framework\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A process may gain admin privileges without properly\nauthenticating\nDescription:  An issue existed when checking XPC entitlements. This\nissue was addressed with improved entitlement checking. \nCVE-ID\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\n\napache\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in Apache\nDescription:  Multiple vulnerabilities existed in Apache versions\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\nattacker to execute arbitrary code. These issues were addressed by\nupdating Apache to versions 2.4.10 and 2.2.29\nCVE-ID\nCVE-2013-0118\nCVE-2013-5704\nCVE-2013-6438\nCVE-2014-0098\nCVE-2014-0117\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-3523\n\nATS\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Multiple input validation issues existed in fontd. \nThese issues were addressed through improved input validation. \nCVE-ID\nCVE-2015-1131 : Ian Beer of Google Project Zero\nCVE-2015-1132 : Ian Beer of Google Project Zero\nCVE-2015-1133 : Ian Beer of Google Project Zero\nCVE-2015-1134 : Ian Beer of Google Project Zero\nCVE-2015-1135 : Ian Beer of Google Project Zero\n\nCertificate Trust Policy\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPProtocol\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Cookies belonging to one origin may be sent to another\norigin\nDescription:  A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork Session\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Authentication credentials may be sent to a server on\nanother origin\nDescription:  A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088 : Luigi Galli\n\nCoreAnimation\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A use-after-free issue existed in CoreAnimation. This\nissue was addressed through improved mutex management. \nCVE-ID\nCVE-2015-1136 : Apple\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nGraphics Driver\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A NULL pointer dereference existed in NVIDIA graphics\ndriver\u0027s handling of certain IOService userclient types. This issue\nwas addressed through additional context validation. \nCVE-ID\nCVE-2015-1137 :\nFrank Graziano and John Villamil of the Yahoo Pentest Team\n\nHypervisor\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local application may be able to cause a denial of service\nDescription:  An input validation issue existed in the hypervisor\nframework. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-1138 : Izik Eidus and Alex Fishman\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted .sgi file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\n.sgi files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1139 : Apple\n\nIOHIDFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A malicious HID device may be able to cause arbitrary code\nexecution\nDescription:  A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1140 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative,\nLuca Todesco\n\nIOHIDFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A heap buffer overflow existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact:  A user may be able to execute arbitrary code with system\nprivileges\nDescription:  An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause unexpected system shutdown\nDescription:  An issue existed in the handling of virtual memory\noperations within the kernel. The issue is fixed through improved\nhandling of the mach_vm_read operation. \nCVE-ID\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription:  setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription:  ICMP redirects were enabled by default on OS X. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  An attacker with a privileged network position may be able\nto cause a denial of service\nDescription:  A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription:  A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may be able to bypass network filters\nDescription:  The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nLaunchServices\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to cause the Finder to crash\nDescription:  An input validation issue existed in LaunchServices\u0027s\nhandling of application localization data. This issue was addressed\nthrough improved validation of localization data. \nCVE-ID\nCVE-2015-1142\n\nLaunchServices\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A type confusion issue existed in LaunchServices\u0027s\nhandling of localized strings. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2015-1143 : Apple\n\nlibnetcore\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription:  A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nntp\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A remote attacker may brute force ntpd authentication keys\nDescription:  The config_auth function in ntpd generated a weak key\nwhen an authentication key was not configured. This issue was\naddressed by improved key generation. \nCVE-ID\nCVE-2014-9298\n\nOpenLDAP\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A remote unauthenticated client may be able to cause a\ndenial of service\nDescription:  Multiple input validation issues existed in OpenLDAP. \nThese issues were addressed by improved input validation. \nCVE-ID\nCVE-2015-1545 : Ryan Tandy\nCVE-2015-1546 : Ryan Tandy\n\nOpenSSL\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\nincluding one that may allow an attacker to intercept connections to\na server that supports export-grade ciphers. These issues were\naddressed by updating OpenSSL to version 0.9.8zd. \nCVE-ID\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\n\nOpen Directory Client\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A password might be sent unencrypted over the network when\nusing Open Directory from OS X Server\nDescription:  If an Open Directory client was bound to an OS X Server\nbut did not install the certificates of the OS X Server, and then a\nuser on that client changed their password, the password change\nrequest was sent over the network without encryption. This issue was\naddressed by having the client require encryption for this case. \nCVE-ID\nCVE-2015-1147 : Apple\n\nPHP\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\narbitrary code execution. This update addresses the issues by\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20. \nCVE-ID\nCVE-2013-6712\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-2497\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3538\nCVE-2014-3587\nCVE-2014-3597\nCVE-2014-3668\nCVE-2014-3669\nCVE-2014-3670\nCVE-2014-3710\nCVE-2014-3981\nCVE-2014-4049\nCVE-2014-4670\nCVE-2014-4698\nCVE-2014-5120\n\nQuickLook\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nSceneKit\nAvailable for:  OS X Mountain Lion v10.8.5\nImpact:  Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription:  A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. This issue was addressed through\nimproved validation of accessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nScreen Sharing\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  A user\u0027s password may be logged to a local file\nDescription:  In some circumstances, Screen Sharing may log a user\u0027s\npassword that is not readable by other users on the system. This\nissue was addressed by removing logging of credential. \nCVE-ID\nCVE-2015-1148 : Apple\n\nSecurity - Code Signing\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  Tampered applications may not be prevented from launching\nDescription:  Applications containing specially crafted bundles may\nhave been able to launch without a completely valid signature. This\nissue was addressed by adding additional checks. \nCVE-ID\nCVE-2015-1145\nCVE-2015-1146\n\nUniformTypeIdentifiers\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A buffer overflow existed in the way Uniform Type\nIdentifiers were handled. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2015-1144 : Apple\n\nWebKit\nAvailable for:  OS X Yosemite v10.10 to v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in WebKit. This\nissues was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\nRemote Apple Events clients on any version from connecting to the\nRemote Apple Events server. In default configurations, Remote Apple\nEvents is not enabled. \n\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. \nhttps://support.apple.com/en-us/HT204658\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\nvVE37tYUU4PnLfwlcazq\n=MOsT\n-----END PGP SIGNATURE-----\n. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2013-6420\n\n    Stefan Esser reported possible memory corruption in\n    openssl_x509_parse(). \n\nIn addition, the update for Debian 7 \"Wheezy\" contains several bugfixes\noriginally targeted for the upcoming Wheezy point release. \n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 5.3.3-7+squeeze18. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.4-14+deb7u7. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.5.6+dfsg-2. \n\nWe recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php54-php security update\nAdvisory ID:       RHSA-2014:1765-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1765.html\nIssue date:        2014-10-30\nCVE Names:         CVE-2013-6712 CVE-2013-7345 CVE-2014-0207 \n                   CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 \n                   CVE-2014-2270 CVE-2014-2497 CVE-2014-3478 \n                   CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 \n                   CVE-2014-3515 CVE-2014-3538 CVE-2014-3587 \n                   CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 \n                   CVE-2014-3670 CVE-2014-3710 CVE-2014-4049 \n                   CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 \n                   CVE-2014-5120 \n=====================================================================\n\n1. Summary:\n\nUpdated php54-php packages that fix multiple security issues are now\navailable for Red Hat Software Collections 1. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA buffer overflow flaw was found in the Exif extension. A specially crafted\nJPEG or TIFF file could cause a PHP application using the exif_thumbnail()\nfunction to crash or, possibly, execute arbitrary code. (CVE-2014-3670)\n\nMultiple buffer overflow flaws were found in the way PHP parsed DNS\nresponses. A malicious DNS server or a man-in-the-middle attacker could\nuse these flaws to crash or, possibly, execute arbitrary code with the\nprivileges of a PHP application that uses the dns_get_record() function. \n(CVE-2014-4049, CVE-2014-3597)\n\nMultiple denial of service flaws were found in the File Information\n(fileinfo) extension. A remote attacker could use these flaws to cause a\nPHP application using fileinfo to consume an excessive amount of CPU and\npossibly crash. (CVE-2013-7345, CVE-2014-0237, CVE-2014-0238,\nCVE-2014-1943, CVE-2014-3538)\n\nMultiple boundary check flaws were found in the File Information\n(fileinfo) extension. A remote attacker could use these flaws to cause a\nPHP application using fileinfo to crash. (CVE-2014-0207, CVE-2014-2270,\nCVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587,\nCVE-2014-3710)\n\nA type confusion issue was found in PHP\u0027s phpinfo() function. A malicious\nscript author could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2014-4721)\n\nA type confusion issue was found in the SPL ArrayObject and\nSPLObjectStorage classes\u0027 unserialize() method. A remote attacker able to\nsubmit specially crafted input to a PHP application, which would then\nunserialize this input using one of the aforementioned methods, could use\nthis flaw to execute arbitrary code with the privileges of the user running\nthat PHP application. (CVE-2014-3515)\n\nTwo use-after-free flaws were found in the way PHP handled certain Standard\nPHP Library (SPL) Iterators and ArrayIterators. A malicious script author\ncould possibly use either of these flaws to disclose certain portions of\nserver memory. (CVE-2014-4670, CVE-2014-4698)\n\nAn integer overflow flaw was found in the way custom objects were\nunserialized. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash. (CVE-2014-3669)\n\nIt was found that PHP\u0027s gd extension did not properly handle file names\nwith a null character. A remote attacker could possibly use this flaw to\nmake a PHP application access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2014-5120)\n\nA NULL pointer dereference flaw was found in the gdImageCreateFromXpm()\nfunction of PHP\u0027s gd extension. A remote attacker could use this flaw to\ncrash a PHP application using gd via a specially crafted X PixMap (XPM)\nfile. (CVE-2014-2497)\n\nA buffer over-read flaw was found in the way the DateInterval class parsed\ninterval specifications. An attacker able to make a PHP application parse a\nspecially crafted specification using DateInterval could possibly cause the\nPHP interpreter to crash. (CVE-2013-6712)\n\nAn out of bounds read flaw was found in the way the xmlrpc extension parsed\ndates in the ISO 8601 format. A specially crafted XML-RPC request or\nresponse could possibly cause a PHP application to crash. (CVE-2014-3668)\n\nThe CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478,\nCVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were\ndiscovered by Francisco Alonso of Red Hat Product Security; the\nCVE-2014-3538 issue was discovered by Jan Kalu\u017ea of the Red Hat Web Stack\nTeam; the CVE-2014-3597 issue was discovered by David Kut\u00e1lek of Red Hat\nBaseOS QE. \n\nAll php54-php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd service must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1035670 - CVE-2013-6712 php: heap-based buffer over-read in DateInterval\n1065836 - CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules\n1072220 - CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file\n1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm()\n1079846 - CVE-2013-7345 file: extensive backtracking in awk rule regular expression\n1091842 - CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check\n1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop\n1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS\n1098222 - CVE-2014-3538 file: unrestricted regular expression matching\n1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check\n1104863 - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size\n1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check\n1107544 - CVE-2014-3487 file: cdf_read_property_info insufficient boundary check\n1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing\n1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw\n1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak\n1120259 - CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting\n1120266 - CVE-2014-4670 php: SPL Iterators use-after-free\n1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info\n1132589 - CVE-2014-3597 php: multiple buffer over-reads in php_parserr\n1132793 - CVE-2014-5120 php: gd extension NUL byte injection in file names\n1154500 - CVE-2014-3669 php: integer overflow in unserialize()\n1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail()\n1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()\n1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers\n\n6. Package List:\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp54-php-5.4.16-22.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el6.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el6.x86_64.rpm\nphp54-php-cli-5.4.16-22.el6.x86_64.rpm\nphp54-php-common-5.4.16-22.el6.x86_64.rpm\nphp54-php-dba-5.4.16-22.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el6.x86_64.rpm\nphp54-php-devel-5.4.16-22.el6.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el6.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el6.x86_64.rpm\nphp54-php-gd-5.4.16-22.el6.x86_64.rpm\nphp54-php-imap-5.4.16-22.el6.x86_64.rpm\nphp54-php-intl-5.4.16-22.el6.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el6.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el6.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el6.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el6.x86_64.rpm\nphp54-php-process-5.4.16-22.el6.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el6.x86_64.rpm\nphp54-php-recode-5.4.16-22.el6.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el6.x86_64.rpm\nphp54-php-soap-5.4.16-22.el6.x86_64.rpm\nphp54-php-tidy-5.4.16-22.el6.x86_64.rpm\nphp54-php-xml-5.4.16-22.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4):\n\nSource:\nphp54-php-5.4.16-22.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el6.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el6.x86_64.rpm\nphp54-php-cli-5.4.16-22.el6.x86_64.rpm\nphp54-php-common-5.4.16-22.el6.x86_64.rpm\nphp54-php-dba-5.4.16-22.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el6.x86_64.rpm\nphp54-php-devel-5.4.16-22.el6.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el6.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el6.x86_64.rpm\nphp54-php-gd-5.4.16-22.el6.x86_64.rpm\nphp54-php-imap-5.4.16-22.el6.x86_64.rpm\nphp54-php-intl-5.4.16-22.el6.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el6.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el6.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el6.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el6.x86_64.rpm\nphp54-php-process-5.4.16-22.el6.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el6.x86_64.rpm\nphp54-php-recode-5.4.16-22.el6.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el6.x86_64.rpm\nphp54-php-soap-5.4.16-22.el6.x86_64.rpm\nphp54-php-tidy-5.4.16-22.el6.x86_64.rpm\nphp54-php-xml-5.4.16-22.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nphp54-php-5.4.16-22.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el6.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el6.x86_64.rpm\nphp54-php-cli-5.4.16-22.el6.x86_64.rpm\nphp54-php-common-5.4.16-22.el6.x86_64.rpm\nphp54-php-dba-5.4.16-22.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el6.x86_64.rpm\nphp54-php-devel-5.4.16-22.el6.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el6.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el6.x86_64.rpm\nphp54-php-gd-5.4.16-22.el6.x86_64.rpm\nphp54-php-imap-5.4.16-22.el6.x86_64.rpm\nphp54-php-intl-5.4.16-22.el6.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el6.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el6.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el6.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el6.x86_64.rpm\nphp54-php-process-5.4.16-22.el6.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el6.x86_64.rpm\nphp54-php-recode-5.4.16-22.el6.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el6.x86_64.rpm\nphp54-php-soap-5.4.16-22.el6.x86_64.rpm\nphp54-php-tidy-5.4.16-22.el6.x86_64.rpm\nphp54-php-xml-5.4.16-22.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nphp54-php-5.4.16-22.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el6.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el6.x86_64.rpm\nphp54-php-cli-5.4.16-22.el6.x86_64.rpm\nphp54-php-common-5.4.16-22.el6.x86_64.rpm\nphp54-php-dba-5.4.16-22.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el6.x86_64.rpm\nphp54-php-devel-5.4.16-22.el6.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el6.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el6.x86_64.rpm\nphp54-php-gd-5.4.16-22.el6.x86_64.rpm\nphp54-php-imap-5.4.16-22.el6.x86_64.rpm\nphp54-php-intl-5.4.16-22.el6.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el6.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el6.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el6.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el6.x86_64.rpm\nphp54-php-process-5.4.16-22.el6.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el6.x86_64.rpm\nphp54-php-recode-5.4.16-22.el6.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el6.x86_64.rpm\nphp54-php-soap-5.4.16-22.el6.x86_64.rpm\nphp54-php-tidy-5.4.16-22.el6.x86_64.rpm\nphp54-php-xml-5.4.16-22.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp54-php-5.4.16-22.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el6.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el6.x86_64.rpm\nphp54-php-cli-5.4.16-22.el6.x86_64.rpm\nphp54-php-common-5.4.16-22.el6.x86_64.rpm\nphp54-php-dba-5.4.16-22.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el6.x86_64.rpm\nphp54-php-devel-5.4.16-22.el6.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el6.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el6.x86_64.rpm\nphp54-php-gd-5.4.16-22.el6.x86_64.rpm\nphp54-php-imap-5.4.16-22.el6.x86_64.rpm\nphp54-php-intl-5.4.16-22.el6.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el6.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el6.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el6.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el6.x86_64.rpm\nphp54-php-process-5.4.16-22.el6.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el6.x86_64.rpm\nphp54-php-recode-5.4.16-22.el6.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el6.x86_64.rpm\nphp54-php-soap-5.4.16-22.el6.x86_64.rpm\nphp54-php-tidy-5.4.16-22.el6.x86_64.rpm\nphp54-php-xml-5.4.16-22.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp54-php-5.4.16-22.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el7.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el7.x86_64.rpm\nphp54-php-cli-5.4.16-22.el7.x86_64.rpm\nphp54-php-common-5.4.16-22.el7.x86_64.rpm\nphp54-php-dba-5.4.16-22.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el7.x86_64.rpm\nphp54-php-devel-5.4.16-22.el7.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el7.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el7.x86_64.rpm\nphp54-php-gd-5.4.16-22.el7.x86_64.rpm\nphp54-php-intl-5.4.16-22.el7.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el7.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el7.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el7.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el7.x86_64.rpm\nphp54-php-process-5.4.16-22.el7.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el7.x86_64.rpm\nphp54-php-recode-5.4.16-22.el7.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el7.x86_64.rpm\nphp54-php-soap-5.4.16-22.el7.x86_64.rpm\nphp54-php-xml-5.4.16-22.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm\n\nRed Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp54-php-5.4.16-22.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.16-22.el7.x86_64.rpm\nphp54-php-bcmath-5.4.16-22.el7.x86_64.rpm\nphp54-php-cli-5.4.16-22.el7.x86_64.rpm\nphp54-php-common-5.4.16-22.el7.x86_64.rpm\nphp54-php-dba-5.4.16-22.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.16-22.el7.x86_64.rpm\nphp54-php-devel-5.4.16-22.el7.x86_64.rpm\nphp54-php-enchant-5.4.16-22.el7.x86_64.rpm\nphp54-php-fpm-5.4.16-22.el7.x86_64.rpm\nphp54-php-gd-5.4.16-22.el7.x86_64.rpm\nphp54-php-intl-5.4.16-22.el7.x86_64.rpm\nphp54-php-ldap-5.4.16-22.el7.x86_64.rpm\nphp54-php-mbstring-5.4.16-22.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm\nphp54-php-odbc-5.4.16-22.el7.x86_64.rpm\nphp54-php-pdo-5.4.16-22.el7.x86_64.rpm\nphp54-php-pgsql-5.4.16-22.el7.x86_64.rpm\nphp54-php-process-5.4.16-22.el7.x86_64.rpm\nphp54-php-pspell-5.4.16-22.el7.x86_64.rpm\nphp54-php-recode-5.4.16-22.el7.x86_64.rpm\nphp54-php-snmp-5.4.16-22.el7.x86_64.rpm\nphp54-php-soap-5.4.16-22.el7.x86_64.rpm\nphp54-php-xml-5.4.16-22.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-6712\nhttps://access.redhat.com/security/cve/CVE-2013-7345\nhttps://access.redhat.com/security/cve/CVE-2014-0207\nhttps://access.redhat.com/security/cve/CVE-2014-0237\nhttps://access.redhat.com/security/cve/CVE-2014-0238\nhttps://access.redhat.com/security/cve/CVE-2014-1943\nhttps://access.redhat.com/security/cve/CVE-2014-2270\nhttps://access.redhat.com/security/cve/CVE-2014-2497\nhttps://access.redhat.com/security/cve/CVE-2014-3478\nhttps://access.redhat.com/security/cve/CVE-2014-3479\nhttps://access.redhat.com/security/cve/CVE-2014-3480\nhttps://access.redhat.com/security/cve/CVE-2014-3487\nhttps://access.redhat.com/security/cve/CVE-2014-3515\nhttps://access.redhat.com/security/cve/CVE-2014-3538\nhttps://access.redhat.com/security/cve/CVE-2014-3587\nhttps://access.redhat.com/security/cve/CVE-2014-3597\nhttps://access.redhat.com/security/cve/CVE-2014-3668\nhttps://access.redhat.com/security/cve/CVE-2014-3669\nhttps://access.redhat.com/security/cve/CVE-2014-3670\nhttps://access.redhat.com/security/cve/CVE-2014-3710\nhttps://access.redhat.com/security/cve/CVE-2014-4049\nhttps://access.redhat.com/security/cve/CVE-2014-4670\nhttps://access.redhat.com/security/cve/CVE-2014-4698\nhttps://access.redhat.com/security/cve/CVE-2014-4721\nhttps://access.redhat.com/security/cve/CVE-2014-5120\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUUqUKXlSAg2UNWIIRAjOVAKCpGLdlKkkekepN6kcFJZMPAAABIQCeOxaS\nCZNh+ke6Be93ZKCSwqWDm+c=\n=YZgO\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      },
      {
        "db": "BID",
        "id": "64018"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "124882"
      },
      {
        "db": "PACKETSTORM",
        "id": "124407"
      },
      {
        "db": "PACKETSTORM",
        "id": "128505"
      },
      {
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "124406"
      },
      {
        "db": "PACKETSTORM",
        "id": "128900"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6712",
        "trust": 2.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "64018",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "128900",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-66714",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128049",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124882",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124407",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128505",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127757",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131359",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124406",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "BID",
        "id": "64018"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "124882"
      },
      {
        "db": "PACKETSTORM",
        "id": "124407"
      },
      {
        "db": "PACKETSTORM",
        "id": "128505"
      },
      {
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "124406"
      },
      {
        "db": "PACKETSTORM",
        "id": "128900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "id": "VAR-201311-0379",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:27:48.646000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ext/date/lib/parse_iso_intervals",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=46850"
      },
      {
        "title": "ext/date/lib/parse_iso_intervals",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=46849"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://bugs.php.net/bug.php?id=66060"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1765.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2055-1"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204659"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2013/dsa-2816"
      },
      {
        "trust": 1.7,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04463322"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=12fe4e90be7bfa2a763197079f68f5568a14e071"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6712"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6420"
      },
      {
        "trust": 0.4,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1012.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2055-1/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2497"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4670"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5120"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4248"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4721"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3668"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4635"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4636"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1635"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2110"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2497"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4113"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1635"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5120"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1643"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201408-11.xml"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4718"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1824"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7327"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7327"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1824"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6420"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4636"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7226"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1643"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6712"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7226"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4718"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2110"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4113"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4635"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4248"
      },
      {
        "trust": 0.1,
        "url": "http://www.php.net/changelog-5.php#5.5.8"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6712"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6420"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.4.9-4ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.22"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.5"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2640"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6422"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4545"
      },
      {
        "trust": 0.1,
        "url": "http://h18013.www1.hp.com/products/servers/management/agents/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2642"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-6712.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3480.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-2270.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-4049.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-4721.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0238.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-1571.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-1943.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3479.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3515.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-0237.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1571"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0118"
      },
      {
        "trust": 0.1,
        "url": "https://www.frida.re"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204658"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0117"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
      },
      {
        "trust": 0.1,
        "url": "http://dtorres.me)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3670"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3669"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3587"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3480"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-4670"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3515"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-4721"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3538"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3479"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3487"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-2497"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-6712"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-5120"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3668"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-4698"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "BID",
        "id": "64018"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "124882"
      },
      {
        "db": "PACKETSTORM",
        "id": "124407"
      },
      {
        "db": "PACKETSTORM",
        "id": "128505"
      },
      {
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "124406"
      },
      {
        "db": "PACKETSTORM",
        "id": "128900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "db": "BID",
        "id": "64018"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "124882"
      },
      {
        "db": "PACKETSTORM",
        "id": "124407"
      },
      {
        "db": "PACKETSTORM",
        "id": "128505"
      },
      {
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "db": "PACKETSTORM",
        "id": "124406"
      },
      {
        "db": "PACKETSTORM",
        "id": "128900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "date": "2013-11-27T00:00:00",
        "db": "BID",
        "id": "64018"
      },
      {
        "date": "2014-08-29T22:24:02",
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "date": "2014-01-22T01:55:34",
        "db": "PACKETSTORM",
        "id": "124882"
      },
      {
        "date": "2013-12-14T00:04:46",
        "db": "PACKETSTORM",
        "id": "124407"
      },
      {
        "date": "2014-10-01T19:15:04",
        "db": "PACKETSTORM",
        "id": "128505"
      },
      {
        "date": "2014-08-07T06:20:07",
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "date": "2015-04-09T16:30:50",
        "db": "PACKETSTORM",
        "id": "131359"
      },
      {
        "date": "2013-12-14T00:04:19",
        "db": "PACKETSTORM",
        "id": "124406"
      },
      {
        "date": "2014-10-30T21:44:06",
        "db": "PACKETSTORM",
        "id": "128900"
      },
      {
        "date": "2013-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "date": "2013-11-28T04:37:39.840000",
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66714"
      },
      {
        "date": "2015-04-16T18:05:00",
        "db": "BID",
        "id": "64018"
      },
      {
        "date": "2022-11-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      },
      {
        "date": "2023-11-07T02:17:45.980000",
        "db": "NVD",
        "id": "CVE-2013-6712"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "124882"
      },
      {
        "db": "PACKETSTORM",
        "id": "127757"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP \u2018 scan \u0027function denial of service vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-464"
      }
    ],
    "trust": 0.6
  }
}

var-201205-0246
Vulnerability from variot

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. This vulnerability CVE-2012-1823 Vulnerability due to insufficient fix for.A third party could execute arbitrary code by placing command line options in the query string. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-03


                                        http://security.gentoo.org/

Severity: High Title: PHP: Multiple vulnerabilities Date: September 24, 2012 Bugs: #384301, #396311, #396533, #399247, #399567, #399573, #401997, #410957, #414553, #421489, #427354, #429630 ID: 201209-03


Synopsis

Multiple vulnerabilities were found in PHP, the worst of which lead to remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 5.3.15 >= 5.3.15 < 5.4.5 >= 5.4.5 ------------------------------------------------------------------- # Package 1 only applies to users of these architectures: arm

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.15"

All PHP users on ARM should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.5"

References

[ 1 ] CVE-2011-1398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1398 [ 2 ] CVE-2011-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3379 [ 3 ] CVE-2011-4566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4566 [ 4 ] CVE-2011-4885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4885 [ 5 ] CVE-2012-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0057 [ 6 ] CVE-2012-0788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0788 [ 7 ] CVE-2012-0789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0789 [ 8 ] CVE-2012-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0830 [ 9 ] CVE-2012-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0831 [ 10 ] CVE-2012-1172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1172 [ 11 ] CVE-2012-1823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1823 [ 12 ] CVE-2012-2143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2143 [ 13 ] CVE-2012-2311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2311 [ 14 ] CVE-2012-2335 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2335 [ 15 ] CVE-2012-2336 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2336 [ 16 ] CVE-2012-2386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2386 [ 17 ] CVE-2012-2688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2688 [ 18 ] CVE-2012-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3365 [ 19 ] CVE-2012-3450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3450

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201209-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows. ----------------------------------------------------------------------

Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch


TITLE: Ubuntu update for php

SECUNIA ADVISORY ID: SA49097

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49097/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49097

RELEASE DATE: 2012-05-07

DISCUSS ADVISORY: http://secunia.com/advisories/49097/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/49097/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=49097

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Ubuntu has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.

For more information: SA49014

SOLUTION: Apply updated packages.

Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

ORIGINAL ADVISORY: USN-1437-1: http://www.ubuntu.com/usn/usn-1437-1/

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03368475

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03368475 Version: 1

HPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-06-14 Last Updated: 2012-06-14

Potential Security Impact: Remote execution of arbitrary code, privilege elevation, or Denial of Service (DoS).

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS).

References: CVE-2011-4153, CVE-2012-0830, CVE-2012-0883, CVE-2012-1172, CVE-2012-1823, CVE-2012-2311

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.24 or earlier

BACKGROUND For a PGP signed

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-1172 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com

HP-UX Web Server Suite v.3.24 containing Apache v2.2.15.13 and PHP v5.2.17 HP-UX 11i Release Apache Depot name

B.11.23 (32-bit) HPUXWS22ATW-B324-32

B.11.23 (64-bit) HPUXWS22ATW-B324-64

B.11.31 (32-bit) HPUXWS22ATW-B324-32

B.11.31 (64-bit) HPUXWS22ATW-B324-64

MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.24 or subsequent.

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant. HP-UX Web Server Suite v3.24 AFFECTED VERSIONS

HP-UX B.11.23

hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.13 or subsequent

HP-UX B.11.31

hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2

action: install revision B.2.2.15.13 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 14 June 2012 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk/f0GcACgkQ4B86/C0qfVnCEwCfWX2UX+TvBNeJawjexLmPtwjt 1TEAnj7Q3fqZkor5ilSKlW2dNHa1f4aO =pEB+ -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004

OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following:

Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053

BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313

BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667

CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation

Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates.

DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative

ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048

ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative

Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. This issue does not affect Mac OS X 10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-0652

International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599

Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0643 : iOS Jailbreak Dream Team

LoginWindow Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A local user may be able to obtain other user's login passwords Description: A user-installed input method could intercept password keystrokes from Login Window or Screen Saver Unlock. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher

Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC

Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc.

PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: Multiple vulnerabilities in PHP Description: >PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688

PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048

Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation

QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL)

QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative

QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC

QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative

Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389

USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure

Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502

OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004.

For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33

For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c

For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532

For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b

For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a

For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e

For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7

For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201205-0246",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.2.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.2.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.2.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.2.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.2.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.2.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.2.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.2.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.2.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.2.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "2.0b10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.4.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.2.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.2.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.2.3"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.2"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "the php group",
        "version": null
      },
      {
        "model": "hp system management homepage",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "7.2.0 and earlier  (linux    windows)"
      },
      {
        "model": "hp-ux web server suite",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "3.24 and earlier"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.8.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.7 to  v10.7.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.8"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.4.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.7 to  v10.7.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.4.3"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.5.4"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "enterprise linux server eus 6.1.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux long life server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.3"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "3.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.6"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "linux enterprise sdk sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.3"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ctpview 7.0r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "lotus foundations start 1.2.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise linux eus 5.6.z server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "lotus foundations start 1.2.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux enterprise server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux enterprise sdk sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux server optional eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "110"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "linux enterprise server for vmware sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "3.0x64"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2008"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "8.6"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "lotus foundations start",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "11x64"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "enterprise linux server optional eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.13"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#520827"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-109"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2311"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2311"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "115853"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2012-2311",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2012-2311",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-2311",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201205-109",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-109"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2311"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the \u0027d\u0027 case.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. This vulnerability CVE-2012-1823 Vulnerability due to insufficient fix for.A third party could execute arbitrary code by placing command line options in the query string. PHP is prone to an information-disclosure vulnerability. \nExploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201209-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: PHP: Multiple vulnerabilities\n     Date: September 24, 2012\n     Bugs: #384301, #396311, #396533, #399247, #399567, #399573,\n           #401997, #410957, #414553, #421489, #427354, #429630\n       ID: 201209-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in PHP, the worst of which lead to\nremote execution of arbitrary code. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/php                 \u003c 5.3.15                  \u003e= 5.3.15\n                                  \u003c 5.4.5                    \u003e= 5.4.5\n    -------------------------------------------------------------------\n     # Package 1 only applies to users of these architectures:\n       arm\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.3.15\"\n\nAll PHP users on ARM should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.4.5\"\n\nReferences\n==========\n\n[  1 ] CVE-2011-1398\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1398\n[  2 ] CVE-2011-3379\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3379\n[  3 ] CVE-2011-4566\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4566\n[  4 ] CVE-2011-4885\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4885\n[  5 ] CVE-2012-0057\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0057\n[  6 ] CVE-2012-0788\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0788\n[  7 ] CVE-2012-0789\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0789\n[  8 ] CVE-2012-0830\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0830\n[  9 ] CVE-2012-0831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0831\n[ 10 ] CVE-2012-1172\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1172\n[ 11 ] CVE-2012-1823\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1823\n[ 12 ] CVE-2012-2143\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2143\n[ 13 ] CVE-2012-2311\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2311\n[ 14 ] CVE-2012-2335\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2335\n[ 15 ] CVE-2012-2336\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2336\n[ 16 ] CVE-2012-2386\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2386\n[ 17 ] CVE-2012-2688\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2688\n[ 18 ] CVE-2012-3365\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3365\n[ 19 ] CVE-2012-3450\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201209-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \nHP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and\nWindows. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nUbuntu update for php\n\nSECUNIA ADVISORY ID:\nSA49097\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49097/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49097\n\nRELEASE DATE:\n2012-05-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49097/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49097/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49097\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nUbuntu has issued an update for php. This fixes a vulnerability,\nwhich can be exploited by malicious people to disclose certain\nsensitive information or compromise a vulnerable system. \n\nFor more information:\nSA49014\n\nSOLUTION:\nApply updated packages. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nORIGINAL ADVISORY:\nUSN-1437-1:\nhttp://www.ubuntu.com/usn/usn-1437-1/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03368475\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03368475\nVersion: 1\n\nHPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote\nExecution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-06-14\nLast Updated: 2012-06-14\n\nPotential Security Impact: Remote execution of arbitrary code, privilege\nelevation, or Denial of Service (DoS). \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache Web\nServer running PHP. These vulnerabilities could be exploited remotely to\nexecute arbitrary code, elevate privileges, or create a Denial of Service\n(DoS). \n\nReferences: CVE-2011-4153, CVE-2012-0830, CVE-2012-0883, CVE-2012-1172,\nCVE-2012-1823, CVE-2012-2311\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.24 or earlier\n\nBACKGROUND\nFor a PGP signed\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-4153    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-0830    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-0883    (AV:L/AC:M/Au:N/C:C/I:C/A:C)       6.9\nCVE-2012-1172    (AV:N/AC:M/Au:N/C:N/I:P/A:P)       5.8\nCVE-2012-1823    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-2311    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the\nvulnerabilities. \nThe updates are available for download from http://software.hp.com\n\nHP-UX Web Server Suite v.3.24 containing Apache v2.2.15.13 and PHP v5.2.17\nHP-UX 11i Release\n Apache Depot name\n\nB.11.23 (32-bit)\n HPUXWS22ATW-B324-32\n\nB.11.23 (64-bit)\n HPUXWS22ATW-B324-64\n\nB.11.31 (32-bit)\n HPUXWS22ATW-B324-32\n\nB.11.31 (64-bit)\n HPUXWS22ATW-B324-64\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.24 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \nHP-UX Web Server Suite v3.24\nAFFECTED VERSIONS\n\nHP-UX B.11.23\n==============\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.15.13 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\n\naction: install revision B.2.2.15.13 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 14 June 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk/f0GcACgkQ4B86/C0qfVnCEwCfWX2UX+TvBNeJawjexLmPtwjt\n1TEAnj7Q3fqZkor5ilSKlW2dNHa1f4aO\n=pEB+\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and\nSecurity Update 2012-004\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 are now available and address the following:\n\nApache\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Multiple vulnerabilities in Apache\nDescription:  Apache is updated to version 2.2.22 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/. This issue does not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3368\nCVE-2011-3607\nCVE-2011-4317\nCVE-2012-0021\nCVE-2012-0031\nCVE-2012-0053\n\nBIND\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact:  A remote attacker may be able to cause a denial of service\nin systems configured to run BIND as a DNS nameserver\nDescription:  A reachable assertion issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1. \nThis issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4313\n\nBIND\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact:  A remote attacker may be able to cause a denial of service,\ndata corruption, or obtain sensitive information from process memory\nin systems configured to run BIND as a DNS nameserver\nDescription:  A memory management issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1 on\nOS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-1667\n\nCoreText\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact:  Applications that use CoreText may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription:  A bounds checking issue existed in the handling of text\nglyphs, which may lead to out of bounds memory reads or writes. This\nissue was addressed through improved bounds checking. This issue does\nnot affect Mac OS X v10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3716 : Jesse Ruderman of Mozilla Corporation\n\nData Security\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact:  An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription:  TrustWave, a trusted root CA, has issued, and\nsubsequently revoked, a sub-CA certificate from one of its trusted\nanchors. This sub-CA facilitated the interception of communications\nsecured by Transport Layer Security (TLS). This update adds the\ninvolved sub-CA certificate to OS X\u0027s list of untrusted certificates. \n\nDirectoryService\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8\nImpact:  If the DirectoryService Proxy is used, a remote attacker may\ncause a denial of service or arbitrary code execution\nDescription:  A buffer overflow existed in the DirectoryService\nProxy. This issue was addressed through improved bounds checking. \nThis issue does not affect OS X Lion and Mountain Lion systems. \nCVE-ID\nCVE-2012-0650 : aazubel working with HP\u0027s Zero Day Initiative\n\nImageIO\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in libpng\u0027s\nhandling of PNG images. These issues were addressed through improved\nvalidation of PNG images. These issues do not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3026 : Juri Aedla\nCVE-2011-3048\n\nImageIO\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An integer overflow issue existed in libTIFF\u0027s handling\nof TIFF images. This issue was addressed through improved validation\nof TIFF images. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-1173 : Alexander Gavrun working with HP\u0027s Zero Day\nInitiative\n\nInstaller\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact:  Remote admins and persons with physical access to the system\nmay obtain account information\nDescription:  The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented\nuser passwords from being recorded in the system log, but did not\nremove the old log entries. This issue was addressed by deleting log\nfiles that contained passwords. This issue does not affect Mac OS X\n10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0652\n\nInternational Components for Unicode\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription:  A stack buffer overflow existed in the handling of ICU\nlocale IDs. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4599\n\nKernel\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact:  A malicious program could bypass sandbox restrictions\nDescription:  A logic issue existed in the handling of debug system\ncalls. This may allow a malicious program to gain code execution in\nother programs with the same user privileges. This issue was\naddressed by disabling handling of addresses in PT_STEP and\nPT_CONTINUE. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0643 : iOS Jailbreak Dream Team\n\nLoginWindow\nAvailable for:  OS X Mountain Lion v10.8 and v10.8.1\nImpact:  A local user may be able to obtain other user\u0027s login\npasswords\nDescription:  A user-installed input method could intercept password\nkeystrokes from Login Window or Screen Saver Unlock. This issue was\naddressed by preventing user-installed methods from being used when\nthe system is handling login information. \nCVE-ID\nCVE-2012-3718 : An anonymous researcher\n\nMail\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing an e-mail message may lead to execution of web\nplugins\nDescription:  An input validation issue existed in Mail\u0027s handling of\nembedded web plugins. This issue was addressed by disabling third-\nparty plug-ins in Mail. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3719 : Will Dormann of the CERT/CC\n\nMobile Accounts\nAvailable for:  OS X Mountain Lion v10.8 and v10.8.1\nImpact:  A user with access to the contents of a mobile account may\nobtain the account password\nDescription:  Creating a mobile account saved a hash of the password\nin the account, which was used to login when the mobile account was\nused as an external account. The password hash could be used to\ndetermine the user\u0027s password. This issue was addressed by creating\nthe password hash only if external accounts are enabled on the system\nwhere the mobile account is created. \nCVE-ID\nCVE-2012-3720 : Harald Wagener of Google, Inc. \n\nPHP\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact:  Multiple vulnerabilities in PHP\nDescription:  \u003ePHP is updated to version 5.3.15 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2012-0831\nCVE-2012-1172\nCVE-2012-1823\nCVE-2012-2143\nCVE-2012-2311\nCVE-2012-2386\nCVE-2012-2688\n\nPHP\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  PHP scripts which use libpng may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\nPNG files. This issue was addressed by updating PHP\u0027s copy of libpng\nto version 1.5.10. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3048\n\nProfile Manager\nAvailable for:  OS X Lion Server v10.7 to v10.7.4\nImpact:  An unauthenticated user could enumerate managed devices\nDescription:  An authentication issue existed in the Device\nManagement private interface. This issue was addressed by removing\nthe interface. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3721 : Derick Cassidy of XEquals Corporation\n\nQuickLook\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted .pict file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\n.pict files. This issue was addressed through improved validation of\n.pict files. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the\nQualys Vulnerability \u0026 Malware Research Labs (VMRL)\n\nQuickTime\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An integer overflow existed in QuickTime\u0027s handling of\nsean atoms. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An uninitialized memory access existed in the handling\nof Sorenson encoded movie files. This issue was addressed through\nimproved memory initialization. This issue does not affect OS X\nMountain Lion systems. \nCVE-ID\nCVE-2012-3722 : Will Dormann of the CERT/CC\n\nQuickTime\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of RLE\nencoded movie files. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0668 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nRuby\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nThe Ruby OpenSSL module disabled the \u0027empty fragment\u0027 countermeasure\nwhich prevented these attacks. This issue was addressed by enabling\nempty fragments. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3389\n\nUSB\nAvailable for:  OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact:  Attaching a USB device may lead to an unexpected system\ntermination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\nUSB hub descriptors. This issue was addressed through improved\nhandling of the bNbrPorts descriptor field. This issue does not\naffect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3723 : Andy Davis of NGS Secure\n\nNote: OS X Mountain Lion v10.8.2 includes the content of\nSafari 6.0.1. For further details see \"About the security content\nof Safari 6.0.1\" at http://http//support.apple.com/kb/HT5502\n\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 may be obtained from the Software Update pane in System\nPreferences, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update\n2012-004. \n\nFor OS X Mountain Lion v10.8.1\nThe download file is named: OSXUpd10.8.2.dmg\nIts SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33\n\nFor OS X Mountain Lion v10.8\nThe download file is named: OSXUpdCombo10.8.2.dmg\nIts SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c\n\nFor OS X Lion v10.7.4\nThe download file is named: MacOSXUpd10.7.5.dmg\nIts SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532\n\nFor OS X Lion v10.7 and v10.7.3\nThe download file is named: MacOSXUpdCombo10.7.5.dmg\nIts SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b\n\nFor OS X Lion Server v10.7.4\nThe download file is named: MacOSXServerUpd10.7.5.dmg\nIts SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a\n\nFor OS X Lion Server v10.7 and v10.7.3\nThe download file is named: MacOSXServerUpdCombo10.7.5.dmg\nIts SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-004.dmg\nIts SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-004.dmg\nIts SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e\nQm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW\npc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE\nDQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO\nQyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n\n7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm\n7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO\nBOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5\nw4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3\n+9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK\nq5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2\nxyBfrQfG/dsif6jGHaot\n=8joH\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2311"
      },
      {
        "db": "CERT/CC",
        "id": "VU#520827"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002392"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "112515"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "115853"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116792"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-2311",
        "trust": 4.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#520827",
        "trust": 3.5
      },
      {
        "db": "SECUNIA",
        "id": "49014",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "49085",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1027022",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002392",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-109",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10658",
        "trust": 0.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#673343",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "53388",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "123310",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116800",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "122468",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "49097",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112515",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "113905",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "115853",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "122482",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116792",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#520827"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002392"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "112515"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "115853"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116792"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-109"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2311"
      }
    ]
  },
  "id": "VAR-201205-0246",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.47077376
  },
  "last_update_date": "2024-07-23T19:45:16.206000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2012-09-19-2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
      },
      {
        "title": "HT5501",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht5501"
      },
      {
        "title": "HT5501",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht5501?viewlocale=ja_jp"
      },
      {
        "title": "HPSBMU02900 SSRT100992",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03839862"
      },
      {
        "title": "HPSBUX02791 SSRT100856",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03368475"
      },
      {
        "title": "openSUSE-SU-2012:0866",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00027.html"
      },
      {
        "title": "Sec Bug #61910",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=61910"
      },
      {
        "title": "Return to Bug #61910",
        "trust": 0.8,
        "url": "https://bugs.php.net/patch-display.php?bug_id=61910\u0026patch=cgi.diff-fix-check.patch\u0026revision=1336093719\u0026display=1"
      },
      {
        "title": "PHP 5.3.12 and PHP 5.4.2 Released!",
        "trust": 0.8,
        "url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
      },
      {
        "title": "PHP 5 ChangeLog - Version 5.4.3",
        "trust": 0.8,
        "url": "http://www.php.net/changelog-5.php#5.4.3"
      },
      {
        "title": "PHP 5.4.3",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=43186"
      },
      {
        "title": "PHP 5.4.3",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=43185"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-109"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002392"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2311"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
      },
      {
        "trust": 2.7,
        "url": "http://www.kb.cert.org/vuls/id/520827"
      },
      {
        "trust": 2.4,
        "url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
      },
      {
        "trust": 2.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id?1027022"
      },
      {
        "trust": 1.6,
        "url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"
      },
      {
        "trust": 1.6,
        "url": "https://bugs.php.net/bug.php?id=61910"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
      },
      {
        "trust": 1.6,
        "url": "http://support.apple.com/kb/ht5501"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/49085"
      },
      {
        "trust": 1.6,
        "url": "http://www.php.net/changelog-5.php#5.4.3"
      },
      {
        "trust": 1.6,
        "url": "https://bugs.php.net/patch-display.php?bug_id=61910\u0026patch=cgi.diff-fix-check.patch\u0026revision=1336093719\u0026display=1"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2012/dsa-2465"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/49014"
      },
      {
        "trust": 1.1,
        "url": "http://www.php.net/"
      },
      {
        "trust": 1.1,
        "url": "http://www.php.net/archive/2012.php#id2012-05-03-1"
      },
      {
        "trust": 0.8,
        "url": "http://www.php.net/manual/en/security.cgi-bin.php"
      },
      {
        "trust": 0.8,
        "url": "http://www.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices"
      },
      {
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2311"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu520827/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu381963/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2311"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2311"
      },
      {
        "trust": 0.5,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2335"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2336"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1172"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
      },
      {
        "trust": 0.3,
        "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hmj%2asm..t.a4jy.6o9k.bw89mq%5f%5fdmtsfto0"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/software/lotus/products/foundations/start/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.parallels.com/en/113818"
      },
      {
        "trust": 0.3,
        "url": "kb.parallels.com/en/116241"
      },
      {
        "trust": 0.3,
        "url": "https://community.rapid7.com/thread/5174"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/fulldisclosure/2013/jun/21"
      },
      {
        "trust": 0.3,
        "url": "http://ompldr.org/vzgxxaq"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10658\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100162699"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100165255"
      },
      {
        "trust": 0.3,
        "url": "http://www.h-online.com/security/news/item/critical-open-hole-in-php-creates-risks-update-1567532.html"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620314"
      },
      {
        "trust": 0.3,
        "url": "http://www.turbolinux.co.jp/security-e/2012/tlsa-2012-14.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/673343"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2358"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2357"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2362"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2361"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2364"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2363"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2359"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2329"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2356"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
      },
      {
        "trust": 0.3,
        "url": "http://h18013.www1.hp.com/products/servers/management/agents/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2355"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2360"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5217"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2688"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0831"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2143"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2386"
      },
      {
        "trust": 0.2,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153"
      },
      {
        "trust": 0.2,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.2,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4821"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201209-03.xml"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4566"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2688"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1398"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0789"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1398"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2336"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2335"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0057"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3450"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0830"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4566"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1172"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1823"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0788"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2311"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0789"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3365"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2143"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3365"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2386"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5217"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-1437-1/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49097/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/psi_30_beta_launch"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49097"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49097/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4313"
      },
      {
        "trust": 0.1,
        "url": "http://http//support.apple.com/kb/ht5502"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3048"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0668"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1173"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0652"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4599"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1667"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0650"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://httpd.apache.org/."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3716"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#520827"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002392"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "112515"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "115853"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116792"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-109"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2311"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#520827"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002392"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "112515"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "115853"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "db": "PACKETSTORM",
        "id": "116792"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-109"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2311"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-05-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#520827"
      },
      {
        "date": "2012-05-04T00:00:00",
        "db": "BID",
        "id": "53388"
      },
      {
        "date": "2012-05-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002392"
      },
      {
        "date": "2013-09-19T22:22:00",
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "date": "2012-09-24T15:02:14",
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "date": "2013-07-18T18:51:07",
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "date": "2012-05-08T04:16:46",
        "db": "PACKETSTORM",
        "id": "112515"
      },
      {
        "date": "2012-06-19T18:22:00",
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "date": "2012-08-24T01:40:32",
        "db": "PACKETSTORM",
        "id": "115853"
      },
      {
        "date": "2013-07-19T19:33:00",
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "date": "2012-09-22T06:30:43",
        "db": "PACKETSTORM",
        "id": "116792"
      },
      {
        "date": "2012-05-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-109"
      },
      {
        "date": "2012-05-11T10:15:48.107000",
        "db": "NVD",
        "id": "CVE-2012-2311"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#520827"
      },
      {
        "date": "2015-04-13T22:15:00",
        "db": "BID",
        "id": "53388"
      },
      {
        "date": "2014-02-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002392"
      },
      {
        "date": "2023-04-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-109"
      },
      {
        "date": "2023-11-07T02:10:29.747000",
        "db": "NVD",
        "id": "CVE-2012-2311"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-109"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP-CGI query string parameter vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#520827"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "arbitrary",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "115853"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      }
    ],
    "trust": 0.6
  }
}

var-201603-0112
Vulnerability from variot

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. WDDX is one of the XML-based Web distributed data exchange extension modules. The wddx.c file in the WDDX extension of PHP 5.5.32 and earlier versions and 5.6.x versions prior to 5.6.19 has a reuse-after-free vulnerability. ============================================================================ Ubuntu Security Notice USN-2952-2 April 27, 2016

php5 regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10

Summary:

USN-2952-1 caused a regression in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. (CVE-2014-9767) It was discovered that the PHP Soap client incorrectly validated data types. (CVE-2015-8835, CVE-2016-3185) It was discovered that the PHP MySQL native driver incorrectly handled TLS connections to MySQL databases. A man in the middle attacker could possibly use this issue to downgrade and snoop on TLS connections. This vulnerability is known as BACKRONYM. (CVE-2015-8838) It was discovered that PHP incorrectly handled the imagerotate function. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903) Hans Jerry Illikainen discovered that the PHP phar extension incorrectly handled certain tar archives. (CVE-2016-2554) It was discovered that the PHP WDDX extension incorrectly handled certain malformed XML data. (CVE-2016-3141) It was discovered that the PHP phar extension incorrectly handled certain zip files. (CVE-2016-3142) It was discovered that the PHP libxml_disable_entity_loader() setting was shared between threads. When running under PHP-FPM, this could result in XML external entity injection and entity expansion issues. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number) It was discovered that the PHP openssl_random_pseudo_bytes() function did not return cryptographically strong pseudo-random bytes. (No CVE number) It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. (CVE number pending) It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE number pending) It was discovered that the PHP rawurlencode() function incorrectly handled large strings. (CVE number pending) It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. (CVE number pending) It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. (CVE number pending)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.3 php5-cgi 5.6.11+dfsg-1ubuntu3.3 php5-cli 5.6.11+dfsg-1ubuntu3.3 php5-fpm 5.6.11+dfsg-1ubuntu3.3 php5-gd 5.6.11+dfsg-1ubuntu3.3 php5-mysqlnd 5.6.11+dfsg-1ubuntu3.3 php5-snmp 5.6.11+dfsg-1ubuntu3.3

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update Advisory ID: RHSA-2016:2750-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html Issue date: 2016-11-15 CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 =====================================================================

  1. Summary:

An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.

The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)

Security Fixes in the rh-php56-php component:

  • Several Moderate and Low impact security issues were found in PHP. Under certain circumstances, these issues could cause PHP to crash, disclose portions of its memory, execute arbitrary code, or impact PHP application integrity. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)

  • Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted regular expression could cause PHP to crash or, possibly, execute arbitrary code. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)

Red Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch() 1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23) 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19) 1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3) 1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) 1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36) 1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c 1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated 1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent 1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives 1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile() 1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data 1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd 1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method 1323103 - CVE-2016-4073 php: Negative size parameter in memcpy 1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name 1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error() 1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode 1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file 1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads 1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure 1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream() 1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition 1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input 1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used 1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used 1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow 1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c 1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects 1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches 1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns 1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal 1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread 1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc 1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities() 1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file() 1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow 1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow 1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec 1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread 1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize 1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351603 - CVE-2016-6128 gd: Invalid color index not properly handled 1358395 - CVE-2016-5399 php: Improper error handling in bzread() 1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex 1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization 1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE 1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment 1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc() 1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http 1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize() 1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c 1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener 1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex 1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object 1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability 1374699 - CVE-2016-7126 php: select_colors write out-of-bounds 1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access 1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF 1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access 1374707 - CVE-2016-7130 php: wddx_deserialize null dereference 1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml 1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-7456 https://access.redhat.com/security/cve/CVE-2014-9767 https://access.redhat.com/security/cve/CVE-2015-2325 https://access.redhat.com/security/cve/CVE-2015-2326 https://access.redhat.com/security/cve/CVE-2015-2327 https://access.redhat.com/security/cve/CVE-2015-2328 https://access.redhat.com/security/cve/CVE-2015-3210 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8381 https://access.redhat.com/security/cve/CVE-2015-8383 https://access.redhat.com/security/cve/CVE-2015-8384 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2015-8392 https://access.redhat.com/security/cve/CVE-2015-8395 https://access.redhat.com/security/cve/CVE-2015-8835 https://access.redhat.com/security/cve/CVE-2015-8865 https://access.redhat.com/security/cve/CVE-2015-8866 https://access.redhat.com/security/cve/CVE-2015-8867 https://access.redhat.com/security/cve/CVE-2015-8873 https://access.redhat.com/security/cve/CVE-2015-8874 https://access.redhat.com/security/cve/CVE-2015-8876 https://access.redhat.com/security/cve/CVE-2015-8877 https://access.redhat.com/security/cve/CVE-2015-8879 https://access.redhat.com/security/cve/CVE-2016-1903 https://access.redhat.com/security/cve/CVE-2016-2554 https://access.redhat.com/security/cve/CVE-2016-3074 https://access.redhat.com/security/cve/CVE-2016-3141 https://access.redhat.com/security/cve/CVE-2016-3142 https://access.redhat.com/security/cve/CVE-2016-4070 https://access.redhat.com/security/cve/CVE-2016-4071 https://access.redhat.com/security/cve/CVE-2016-4072 https://access.redhat.com/security/cve/CVE-2016-4073 https://access.redhat.com/security/cve/CVE-2016-4342 https://access.redhat.com/security/cve/CVE-2016-4343 https://access.redhat.com/security/cve/CVE-2016-4473 https://access.redhat.com/security/cve/CVE-2016-4537 https://access.redhat.com/security/cve/CVE-2016-4538 https://access.redhat.com/security/cve/CVE-2016-4539 https://access.redhat.com/security/cve/CVE-2016-4540 https://access.redhat.com/security/cve/CVE-2016-4541 https://access.redhat.com/security/cve/CVE-2016-4542 https://access.redhat.com/security/cve/CVE-2016-4543 https://access.redhat.com/security/cve/CVE-2016-4544 https://access.redhat.com/security/cve/CVE-2016-5093 https://access.redhat.com/security/cve/CVE-2016-5094 https://access.redhat.com/security/cve/CVE-2016-5096 https://access.redhat.com/security/cve/CVE-2016-5114 https://access.redhat.com/security/cve/CVE-2016-5399 https://access.redhat.com/security/cve/CVE-2016-5766 https://access.redhat.com/security/cve/CVE-2016-5767 https://access.redhat.com/security/cve/CVE-2016-5768 https://access.redhat.com/security/cve/CVE-2016-5770 https://access.redhat.com/security/cve/CVE-2016-5771 https://access.redhat.com/security/cve/CVE-2016-5772 https://access.redhat.com/security/cve/CVE-2016-5773 https://access.redhat.com/security/cve/CVE-2016-6128 https://access.redhat.com/security/cve/CVE-2016-6207 https://access.redhat.com/security/cve/CVE-2016-6288 https://access.redhat.com/security/cve/CVE-2016-6289 https://access.redhat.com/security/cve/CVE-2016-6290 https://access.redhat.com/security/cve/CVE-2016-6291 https://access.redhat.com/security/cve/CVE-2016-6292 https://access.redhat.com/security/cve/CVE-2016-6294 https://access.redhat.com/security/cve/CVE-2016-6295 https://access.redhat.com/security/cve/CVE-2016-6296 https://access.redhat.com/security/cve/CVE-2016-6297 https://access.redhat.com/security/cve/CVE-2016-7124 https://access.redhat.com/security/cve/CVE-2016-7125 https://access.redhat.com/security/cve/CVE-2016-7126 https://access.redhat.com/security/cve/CVE-2016-7127 https://access.redhat.com/security/cve/CVE-2016-7128 https://access.redhat.com/security/cve/CVE-2016-7129 https://access.redhat.com/security/cve/CVE-2016-7130 https://access.redhat.com/security/cve/CVE-2016-7131 https://access.redhat.com/security/cve/CVE-2016-7132 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs UCuj+0gWfBsWXOgFhgH0uL8= =FcPG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201603-0112",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.15"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.32"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.19"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-444"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.5.32",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3141"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2016-3141",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-3141",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-91960",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-3141",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-3141",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-444",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-91960",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-3141",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91960"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-444"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. WDDX is one of the XML-based Web distributed data exchange extension modules. The wddx.c file in the WDDX extension of PHP 5.5.32 and earlier versions and 5.6.x versions prior to 5.6.19 has a reuse-after-free vulnerability. ============================================================================\nUbuntu Security Notice USN-2952-2\nApril 27, 2016\n\nphp5 regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n\nSummary:\n\nUSN-2952-1 caused a regression in PHP. One of the backported patches\ncaused a regression in the PHP Soap client. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that the PHP Zip extension incorrectly handled\n directories when processing certain zip files. A remote attacker could\n possibly use this issue to create arbitrary directories. (CVE-2014-9767)\n  It was discovered that the PHP Soap client incorrectly validated data\n types. \n (CVE-2015-8835, CVE-2016-3185)\n  It was discovered that the PHP MySQL native driver incorrectly handled TLS\n connections to MySQL databases. A man in the middle attacker could possibly\n use this issue to downgrade and snoop on TLS connections. This\n vulnerability is known as BACKRONYM. (CVE-2015-8838)\n  It was discovered that PHP incorrectly handled the imagerotate function. This issue\n only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903)\n  Hans Jerry Illikainen discovered that the PHP phar extension incorrectly\n handled certain tar archives. (CVE-2016-2554)\n  It was discovered that the PHP WDDX extension incorrectly handled certain\n malformed XML data. (CVE-2016-3141)\n  It was discovered that the PHP phar extension incorrectly handled certain\n zip files. \n (CVE-2016-3142)\n  It was discovered that the PHP libxml_disable_entity_loader() setting was\n shared between threads. When running under PHP-FPM, this could result in\n XML external entity injection and entity expansion issues. This issue only\n applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number)\n  It was discovered that the PHP openssl_random_pseudo_bytes() function did\n not return cryptographically strong pseudo-random bytes. (No CVE number)\n  It was discovered that the PHP Fileinfo component incorrectly handled\n certain magic files. (CVE number pending)\n  It was discovered that the PHP php_snmp_error() function incorrectly\n handled string formatting. This issue only applied to Ubuntu 14.04 LTS and Ubuntu\n 15.10. (CVE number pending)\n  It was discovered that the PHP rawurlencode() function incorrectly handled\n large strings. (CVE number pending)\n  It was discovered that the PHP phar extension incorrectly handled certain\n filenames in archives. (CVE number pending)\n  It was discovered that the PHP mb_strcut() function incorrectly handled\n string formatting. (CVE number pending)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libapache2-mod-php5             5.6.11+dfsg-1ubuntu3.3\n  php5-cgi                        5.6.11+dfsg-1ubuntu3.3\n  php5-cli                        5.6.11+dfsg-1ubuntu3.3\n  php5-fpm                        5.6.11+dfsg-1ubuntu3.3\n  php5-gd                         5.6.11+dfsg-1ubuntu3.3\n  php5-mysqlnd                    5.6.11+dfsg-1ubuntu3.3\n  php5-snmp                       5.6.11+dfsg-1ubuntu3.3\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rh-php56 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2016:2750-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2750.html\nIssue date:        2016-11-15\nCVE Names:         CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 \n                   CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 \n                   CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 \n                   CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 \n                   CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 \n                   CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 \n                   CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 \n                   CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 \n                   CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 \n                   CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 \n                   CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 \n                   CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 \n                   CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 \n                   CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 \n                   CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 \n                   CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 \n                   CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 \n                   CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 \n                   CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 \n                   CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 \n                   CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 \n                   CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 \n                   CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 \n                   CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 \n                   CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 \n                   CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 \n                   CVE-2016-7132 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php56, rh-php56-php, and rh-php56-php-pear is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The rh-php56 packages provide a recent stable release of PHP\nwith PEAR 1.9.5 and enhanced language features including constant\nexpressions, variadic functions, arguments unpacking, and the interactive\ndebuger. The memcache, mongo, and XDebug extensions are also included. \n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which\nprovides a number of bug fixes and enhancements over the previous version. \n(BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Under\ncertain circumstances, these issues could cause PHP to crash, disclose\nportions of its memory, execute arbitrary code, or impact PHP application\nintegrity. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-7456,\nCVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867,\nCVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879,\nCVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142,\nCVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342,\nCVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539,\nCVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544,\nCVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399,\nCVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771,\nCVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288,\nCVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294,\nCVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125,\nCVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130,\nCVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the\nrh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted\nregular expression could cause PHP to crash or, possibly, execute arbitrary\ncode. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,\nCVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383,\nCVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391,\nCVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-3074, CVE-2016-4473, and CVE-2016-5399. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch()\n1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23)\n1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)\n1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)\n1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories\n1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)\n1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)\n1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)\n1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)\n1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)\n1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)\n1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)\n1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)\n1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)\n1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c\n1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated\n1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent\n1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives\n1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile()\n1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data\n1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd\n1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method\n1323103 - CVE-2016-4073 php: Negative size parameter in memcpy\n1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \\0 inside name\n1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error()\n1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode\n1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file\n1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads\n1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure\n1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream()\n1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition\n1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input\n1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used\n1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used\n1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow\n1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c\n1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects\n1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches\n1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns\n1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal\n1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread\n1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc\n1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities()\n1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file()\n1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow\n1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec\n1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread\n1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize\n1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351603 - CVE-2016-6128 gd: Invalid color index not properly handled\n1358395 - CVE-2016-5399 php: Improper error handling in bzread()\n1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex\n1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization\n1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment\n1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()\n1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http\n1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize()\n1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c\n1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex\n1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object\n1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability\n1374699 - CVE-2016-7126 php: select_colors write out-of-bounds\n1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access\n1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF\n1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access\n1374707 - CVE-2016-7130 php: wddx_deserialize null dereference\n1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml\n1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-7456\nhttps://access.redhat.com/security/cve/CVE-2014-9767\nhttps://access.redhat.com/security/cve/CVE-2015-2325\nhttps://access.redhat.com/security/cve/CVE-2015-2326\nhttps://access.redhat.com/security/cve/CVE-2015-2327\nhttps://access.redhat.com/security/cve/CVE-2015-2328\nhttps://access.redhat.com/security/cve/CVE-2015-3210\nhttps://access.redhat.com/security/cve/CVE-2015-3217\nhttps://access.redhat.com/security/cve/CVE-2015-5073\nhttps://access.redhat.com/security/cve/CVE-2015-8381\nhttps://access.redhat.com/security/cve/CVE-2015-8383\nhttps://access.redhat.com/security/cve/CVE-2015-8384\nhttps://access.redhat.com/security/cve/CVE-2015-8385\nhttps://access.redhat.com/security/cve/CVE-2015-8386\nhttps://access.redhat.com/security/cve/CVE-2015-8388\nhttps://access.redhat.com/security/cve/CVE-2015-8391\nhttps://access.redhat.com/security/cve/CVE-2015-8392\nhttps://access.redhat.com/security/cve/CVE-2015-8395\nhttps://access.redhat.com/security/cve/CVE-2015-8835\nhttps://access.redhat.com/security/cve/CVE-2015-8865\nhttps://access.redhat.com/security/cve/CVE-2015-8866\nhttps://access.redhat.com/security/cve/CVE-2015-8867\nhttps://access.redhat.com/security/cve/CVE-2015-8873\nhttps://access.redhat.com/security/cve/CVE-2015-8874\nhttps://access.redhat.com/security/cve/CVE-2015-8876\nhttps://access.redhat.com/security/cve/CVE-2015-8877\nhttps://access.redhat.com/security/cve/CVE-2015-8879\nhttps://access.redhat.com/security/cve/CVE-2016-1903\nhttps://access.redhat.com/security/cve/CVE-2016-2554\nhttps://access.redhat.com/security/cve/CVE-2016-3074\nhttps://access.redhat.com/security/cve/CVE-2016-3141\nhttps://access.redhat.com/security/cve/CVE-2016-3142\nhttps://access.redhat.com/security/cve/CVE-2016-4070\nhttps://access.redhat.com/security/cve/CVE-2016-4071\nhttps://access.redhat.com/security/cve/CVE-2016-4072\nhttps://access.redhat.com/security/cve/CVE-2016-4073\nhttps://access.redhat.com/security/cve/CVE-2016-4342\nhttps://access.redhat.com/security/cve/CVE-2016-4343\nhttps://access.redhat.com/security/cve/CVE-2016-4473\nhttps://access.redhat.com/security/cve/CVE-2016-4537\nhttps://access.redhat.com/security/cve/CVE-2016-4538\nhttps://access.redhat.com/security/cve/CVE-2016-4539\nhttps://access.redhat.com/security/cve/CVE-2016-4540\nhttps://access.redhat.com/security/cve/CVE-2016-4541\nhttps://access.redhat.com/security/cve/CVE-2016-4542\nhttps://access.redhat.com/security/cve/CVE-2016-4543\nhttps://access.redhat.com/security/cve/CVE-2016-4544\nhttps://access.redhat.com/security/cve/CVE-2016-5093\nhttps://access.redhat.com/security/cve/CVE-2016-5094\nhttps://access.redhat.com/security/cve/CVE-2016-5096\nhttps://access.redhat.com/security/cve/CVE-2016-5114\nhttps://access.redhat.com/security/cve/CVE-2016-5399\nhttps://access.redhat.com/security/cve/CVE-2016-5766\nhttps://access.redhat.com/security/cve/CVE-2016-5767\nhttps://access.redhat.com/security/cve/CVE-2016-5768\nhttps://access.redhat.com/security/cve/CVE-2016-5770\nhttps://access.redhat.com/security/cve/CVE-2016-5771\nhttps://access.redhat.com/security/cve/CVE-2016-5772\nhttps://access.redhat.com/security/cve/CVE-2016-5773\nhttps://access.redhat.com/security/cve/CVE-2016-6128\nhttps://access.redhat.com/security/cve/CVE-2016-6207\nhttps://access.redhat.com/security/cve/CVE-2016-6288\nhttps://access.redhat.com/security/cve/CVE-2016-6289\nhttps://access.redhat.com/security/cve/CVE-2016-6290\nhttps://access.redhat.com/security/cve/CVE-2016-6291\nhttps://access.redhat.com/security/cve/CVE-2016-6292\nhttps://access.redhat.com/security/cve/CVE-2016-6294\nhttps://access.redhat.com/security/cve/CVE-2016-6295\nhttps://access.redhat.com/security/cve/CVE-2016-6296\nhttps://access.redhat.com/security/cve/CVE-2016-6297\nhttps://access.redhat.com/security/cve/CVE-2016-7124\nhttps://access.redhat.com/security/cve/CVE-2016-7125\nhttps://access.redhat.com/security/cve/CVE-2016-7126\nhttps://access.redhat.com/security/cve/CVE-2016-7127\nhttps://access.redhat.com/security/cve/CVE-2016-7128\nhttps://access.redhat.com/security/cve/CVE-2016-7129\nhttps://access.redhat.com/security/cve/CVE-2016-7130\nhttps://access.redhat.com/security/cve/CVE-2016-7131\nhttps://access.redhat.com/security/cve/CVE-2016-7132\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs\nUCuj+0gWfBsWXOgFhgH0uL8=\n=FcPG\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      },
      {
        "db": "VULHUB",
        "id": "VHN-91960"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3141"
      },
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-3141",
        "trust": 2.9
      },
      {
        "db": "SECTRACK",
        "id": "1035255",
        "trust": 1.2
      },
      {
        "db": "BID",
        "id": "84271",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU91632741",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001928",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-444",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-91960",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3141",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136823",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139729",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136759",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91960"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      },
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-444"
      }
    ]
  },
  "id": "VAR-201603-0112",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91960"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:34:20.693000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206567"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206567"
      },
      {
        "title": "Sec Bug #71587",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=71587"
      },
      {
        "title": "Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=b1bd4119bcafab6f9a8f84d92cd65eec3afeface"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "https://secure.php.net/changelog-5.php"
      },
      {
        "title": "PHP WDDX Fixes for extended buffer overflow vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60735"
      },
      {
        "title": "Red Hat: CVE-2016-3141",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-3141"
      },
      {
        "title": "Ubuntu Security Notice: php5 regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2952-2"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2952-1"
      },
      {
        "title": "Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162750 - security advisory"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
      },
      {
        "title": "CVE-2016-3141",
        "trust": 0.1,
        "url": "https://github.com/peternguyen93/cve-2016-3141 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/aravindb26/new.txt "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-3141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-444"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91960"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3141"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=71587"
      },
      {
        "trust": 1.8,
        "url": "https://php.net/changelog-5.php"
      },
      {
        "trust": 1.4,
        "url": "http://www.ubuntu.com/usn/usn-2952-1"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/84271"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2750.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.ubuntu.com/usn/usn-2952-2"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/ht206567"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1035255"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html"
      },
      {
        "trust": 1.1,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=b1bd4119bcafab6f9a8f84d92cd65eec3afeface"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3141"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91632741/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3141"
      },
      {
        "trust": 0.7,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=b1bd4119bcafab6f9a8f84d92cd65eec3afeface"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9767"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3141"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8838"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3141"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2554"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/peternguyen93/cve-2016-3141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2952-2/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1575298"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6288"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5093"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4342"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4473"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5096"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4070"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3185"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.22"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91960"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      },
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-444"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-91960"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      },
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-444"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-91960"
      },
      {
        "date": "2016-03-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-3141"
      },
      {
        "date": "2016-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      },
      {
        "date": "2016-04-28T00:01:19",
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "date": "2016-11-15T16:44:45",
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "date": "2016-04-21T14:02:00",
        "db": "PACKETSTORM",
        "id": "136759"
      },
      {
        "date": "2016-03-31T16:59:00.117000",
        "db": "NVD",
        "id": "CVE-2016-3141"
      },
      {
        "date": "2016-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-444"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-91960"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-3141"
      },
      {
        "date": "2016-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      },
      {
        "date": "2023-11-07T02:32:11.333000",
        "db": "NVD",
        "id": "CVE-2016-3141"
      },
      {
        "date": "2016-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-444"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-444"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  WDDX Extension  wddx.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001928"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-444"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0133
Vulnerability from variot

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community; Fileinfo is one of them used to display file attributes and support batch modification of its Components of properties. The vulnerability stems from the fact that the program does not correctly handle continuation-level jumps. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, 7.x prior to 7.0.5, and prior to file 5.23. ============================================================================ Ubuntu Security Notice USN-2984-1 May 24, 2016

php5, php7.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)

Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3078)

It was discovered that PHP incorrectly handled invalid indexes in the SplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)

It was discovered that the PHP rawurlencode() function incorrectly handled large strings. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4070)

It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)

It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)

It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)

It was discovered that the PHP phar extension incorrectly handled certain archive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343)

It was discovered that the PHP bcpowmod() function incorrectly handled memory. (CVE-2016-4537, CVE-2016-4538)

It was discovered that the PHP XML parser incorrectly handled certain malformed XML data. (CVE-2016-4539)

It was discovered that certain PHP grapheme functions incorrectly handled negative offsets. (CVE-2016-4540, CVE-2016-4541)

It was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.4-7ubuntu2.1 php7.0-cgi 7.0.4-7ubuntu2.1 php7.0-cli 7.0.4-7ubuntu2.1 php7.0-fpm 7.0.4-7ubuntu2.1

Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.4 php5-cgi 5.6.11+dfsg-1ubuntu3.4 php5-cli 5.6.11+dfsg-1ubuntu3.4 php5-fpm 5.6.11+dfsg-1ubuntu3.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.17 php5-cgi 5.5.9+dfsg-1ubuntu4.17 php5-cli 5.5.9+dfsg-1ubuntu4.17 php5-fpm 5.5.9+dfsg-1ubuntu4.17

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.23 php5-cgi 5.3.10-1ubuntu3.23 php5-cli 5.3.10-1ubuntu3.23 php5-fpm 5.3.10-1ubuntu3.23

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update Advisory ID: RHSA-2016:2750-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html Issue date: 2016-11-15 CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 =====================================================================

  1. Summary:

An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.

The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)

Security Fixes in the rh-php56-php component:

  • Several Moderate and Low impact security issues were found in PHP. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)

  • Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)

Red Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch() 1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23) 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19) 1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3) 1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) 1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36) 1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c 1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated 1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent 1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives 1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile() 1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data 1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd 1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method 1323103 - CVE-2016-4073 php: Negative size parameter in memcpy 1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name 1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error() 1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode 1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file 1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads 1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure 1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream() 1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition 1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input 1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used 1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used 1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow 1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c 1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects 1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches 1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns 1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal 1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread 1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc 1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities() 1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file() 1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow 1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow 1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec 1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread 1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize 1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351603 - CVE-2016-6128 gd: Invalid color index not properly handled 1358395 - CVE-2016-5399 php: Improper error handling in bzread() 1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex 1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization 1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE 1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment 1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc() 1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http 1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize() 1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c 1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener 1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex 1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object 1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability 1374699 - CVE-2016-7126 php: select_colors write out-of-bounds 1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access 1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF 1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access 1374707 - CVE-2016-7130 php: wddx_deserialize null dereference 1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml 1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-7456 https://access.redhat.com/security/cve/CVE-2014-9767 https://access.redhat.com/security/cve/CVE-2015-2325 https://access.redhat.com/security/cve/CVE-2015-2326 https://access.redhat.com/security/cve/CVE-2015-2327 https://access.redhat.com/security/cve/CVE-2015-2328 https://access.redhat.com/security/cve/CVE-2015-3210 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8381 https://access.redhat.com/security/cve/CVE-2015-8383 https://access.redhat.com/security/cve/CVE-2015-8384 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2015-8392 https://access.redhat.com/security/cve/CVE-2015-8395 https://access.redhat.com/security/cve/CVE-2015-8835 https://access.redhat.com/security/cve/CVE-2015-8865 https://access.redhat.com/security/cve/CVE-2015-8866 https://access.redhat.com/security/cve/CVE-2015-8867 https://access.redhat.com/security/cve/CVE-2015-8873 https://access.redhat.com/security/cve/CVE-2015-8874 https://access.redhat.com/security/cve/CVE-2015-8876 https://access.redhat.com/security/cve/CVE-2015-8877 https://access.redhat.com/security/cve/CVE-2015-8879 https://access.redhat.com/security/cve/CVE-2016-1903 https://access.redhat.com/security/cve/CVE-2016-2554 https://access.redhat.com/security/cve/CVE-2016-3074 https://access.redhat.com/security/cve/CVE-2016-3141 https://access.redhat.com/security/cve/CVE-2016-3142 https://access.redhat.com/security/cve/CVE-2016-4070 https://access.redhat.com/security/cve/CVE-2016-4071 https://access.redhat.com/security/cve/CVE-2016-4072 https://access.redhat.com/security/cve/CVE-2016-4073 https://access.redhat.com/security/cve/CVE-2016-4342 https://access.redhat.com/security/cve/CVE-2016-4343 https://access.redhat.com/security/cve/CVE-2016-4473 https://access.redhat.com/security/cve/CVE-2016-4537 https://access.redhat.com/security/cve/CVE-2016-4538 https://access.redhat.com/security/cve/CVE-2016-4539 https://access.redhat.com/security/cve/CVE-2016-4540 https://access.redhat.com/security/cve/CVE-2016-4541 https://access.redhat.com/security/cve/CVE-2016-4542 https://access.redhat.com/security/cve/CVE-2016-4543 https://access.redhat.com/security/cve/CVE-2016-4544 https://access.redhat.com/security/cve/CVE-2016-5093 https://access.redhat.com/security/cve/CVE-2016-5094 https://access.redhat.com/security/cve/CVE-2016-5096 https://access.redhat.com/security/cve/CVE-2016-5114 https://access.redhat.com/security/cve/CVE-2016-5399 https://access.redhat.com/security/cve/CVE-2016-5766 https://access.redhat.com/security/cve/CVE-2016-5767 https://access.redhat.com/security/cve/CVE-2016-5768 https://access.redhat.com/security/cve/CVE-2016-5770 https://access.redhat.com/security/cve/CVE-2016-5771 https://access.redhat.com/security/cve/CVE-2016-5772 https://access.redhat.com/security/cve/CVE-2016-5773 https://access.redhat.com/security/cve/CVE-2016-6128 https://access.redhat.com/security/cve/CVE-2016-6207 https://access.redhat.com/security/cve/CVE-2016-6288 https://access.redhat.com/security/cve/CVE-2016-6289 https://access.redhat.com/security/cve/CVE-2016-6290 https://access.redhat.com/security/cve/CVE-2016-6291 https://access.redhat.com/security/cve/CVE-2016-6292 https://access.redhat.com/security/cve/CVE-2016-6294 https://access.redhat.com/security/cve/CVE-2016-6295 https://access.redhat.com/security/cve/CVE-2016-6296 https://access.redhat.com/security/cve/CVE-2016-6297 https://access.redhat.com/security/cve/CVE-2016-7124 https://access.redhat.com/security/cve/CVE-2016-7125 https://access.redhat.com/security/cve/CVE-2016-7126 https://access.redhat.com/security/cve/CVE-2016-7127 https://access.redhat.com/security/cve/CVE-2016-7128 https://access.redhat.com/security/cve/CVE-2016-7129 https://access.redhat.com/security/cve/CVE-2016-7130 https://access.redhat.com/security/cve/CVE-2016-7131 https://access.redhat.com/security/cve/CVE-2016-7132 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs UCuj+0gWfBsWXOgFhgH0uL8= =FcPG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05240731 Version: 1

HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-08-19 Last Updated: 2016-08-19

Potential Security Impact: Local Denial of Service (DoS), Elevation of Privilege, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Disclosure of Information, Unauthorized Modification

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory.

References:

- CVE-2016-1238 - Perl Local Elevation of Privilege
- CVE-2016-2381 - Perl Remote Unauthorized Modification
- CVE-2014-4330 - Perl Local Denial of Service (DoS)

    **Note:** applies only for the H/J-series SPR. Fix was already

provided in a previous L-series SPR. OSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and T1203L01^AAC

*Impacted releases:*

- L15.02
- L15.08.00, L15.08.01
- L16.05.00

- J06.14 through J06.16.02
- J06.17.00, J06.17.01
- J06.18.00, J06.18.01
- J06.19.00, J06.19.01, J06.19.02
- J06.20.00

- H06.25 through H06.26.01
- H06.27.00, H06.27.01
- H06.28.00, H06.28.01
- H06.29.00, H06.29.01

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2013-7456
  7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-4330
  4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-8383
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8386
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8387
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8389
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8390
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8391
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

CVE-2015-8393
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-8394
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8607
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8853
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-8865
  7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8874
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-1238
  6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
  6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)

CVE-2016-1903
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE-2016-2381
  6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-2016-2554
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-3074
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4070
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-4071
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4072
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4073
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4342
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVE-2016-4343
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-4537
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4538
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4539
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4540
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4541
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4542
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4543
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4544
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5093
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5094
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5096
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5114
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE-2016-5766
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5767
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5768
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5769
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5770
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5771
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5772
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5773
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has released the following software updates to resolve the vulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP.

Install one of the SPRs below as appropriate for the system's release version:

  • L-Series:

    • T1203L01^AAE (OSS Scripting Languages) - already available

      This SPR already is present in these RVUs: None

      This SPR is usable with the following RVUs:

      • L15.02 through L16.05.00
  • H and J-Series:

    • T1203H01^AAF (OSS Scripting Languages) - already available

      This SPR already is present in these RVUs: None

      This SPR is usable with the following RVUs:

      • J06.14 through J06.20.00

      • H06.25 through H06.29.01

Note: Please refer to NonStop Hotstuff HS03333 for more information.

HISTORY Version:1 (rev.1) - 19 August 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.


Gentoo Linux Security Advisory GLSA 201701-42


                                       https://security.gentoo.org/

Severity: Normal Title: file: Multiple vulnerabilities Date: January 17, 2017 Bugs: #526544, #538660, #539106, #579306 ID: 201701-42


Synopsis

Multiple vulnerabilities have been found in file, the worst of which could allow remote attackers to execute arbitrary code.

Background

file is a utility that guesses a file format by scanning binary data for patterns.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 sys-apps/file < 5.23 >= 5.23

Description

Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All file users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/file-5.23"

References

[ 1 ] CVE-2014-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3710 [ 2 ] CVE-2014-9652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9652 [ 3 ] CVE-2014-9653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9653 [ 4 ] CVE-2015-8865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201701-42

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0133",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.15"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.33"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.0.5"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.20"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.11.4"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.5.33",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "db": "PACKETSTORM",
        "id": "148192"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-8865",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-8865",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-86826",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.3,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.3,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-8865",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-8865",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-556",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-86826",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-8865",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community; Fileinfo is one of them used to display file attributes and support batch modification of its Components of properties. The vulnerability stems from the fact that the program does not correctly handle continuation-level jumps. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, 7.x prior to 7.0.5, and prior to file 5.23. ============================================================================\nUbuntu Security Notice USN-2984-1\nMay 24, 2016\n\nphp5, php7.0 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)\n\nHans Jerry Illikainen discovered that the PHP Zip extension incorrectly\nhandled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. \n(CVE-2016-3078)\n\nIt was discovered that PHP incorrectly handled invalid indexes in the\nSplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)\n\nIt was discovered that the PHP rawurlencode() function incorrectly handled\nlarge strings. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n16.04 LTS. (CVE-2016-4070)\n\nIt was discovered that the PHP php_snmp_error() function incorrectly\nhandled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\nfilenames in archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)\n\nIt was discovered that the PHP mb_strcut() function incorrectly handled\nstring formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\narchive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2016-4342, CVE-2016-4343)\n\nIt was discovered that the PHP bcpowmod() function incorrectly handled\nmemory. \n(CVE-2016-4537, CVE-2016-4538)\n\nIt was discovered that the PHP XML parser incorrectly handled certain\nmalformed XML data. (CVE-2016-4539)\n\nIt was discovered that certain PHP grapheme functions incorrectly handled\nnegative offsets. (CVE-2016-4540,\nCVE-2016-4541)\n\nIt was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543,\nCVE-2016-4544)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libapache2-mod-php7.0           7.0.4-7ubuntu2.1\n  php7.0-cgi                      7.0.4-7ubuntu2.1\n  php7.0-cli                      7.0.4-7ubuntu2.1\n  php7.0-fpm                      7.0.4-7ubuntu2.1\n\nUbuntu 15.10:\n  libapache2-mod-php5             5.6.11+dfsg-1ubuntu3.4\n  php5-cgi                        5.6.11+dfsg-1ubuntu3.4\n  php5-cli                        5.6.11+dfsg-1ubuntu3.4\n  php5-fpm                        5.6.11+dfsg-1ubuntu3.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.17\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.17\n  php5-cli                        5.5.9+dfsg-1ubuntu4.17\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.17\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.23\n  php5-cgi                        5.3.10-1ubuntu3.23\n  php5-cli                        5.3.10-1ubuntu3.23\n  php5-fpm                        5.3.10-1ubuntu3.23\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rh-php56 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2016:2750-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2750.html\nIssue date:        2016-11-15\nCVE Names:         CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 \n                   CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 \n                   CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 \n                   CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 \n                   CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 \n                   CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 \n                   CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 \n                   CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 \n                   CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 \n                   CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 \n                   CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 \n                   CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 \n                   CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 \n                   CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 \n                   CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 \n                   CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 \n                   CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 \n                   CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 \n                   CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 \n                   CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 \n                   CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 \n                   CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 \n                   CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 \n                   CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 \n                   CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 \n                   CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 \n                   CVE-2016-7132 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php56, rh-php56-php, and rh-php56-php-pear is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The rh-php56 packages provide a recent stable release of PHP\nwith PEAR 1.9.5 and enhanced language features including constant\nexpressions, variadic functions, arguments unpacking, and the interactive\ndebuger. The memcache, mongo, and XDebug extensions are also included. \n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which\nprovides a number of bug fixes and enhancements over the previous version. \n(BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-7456,\nCVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867,\nCVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879,\nCVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142,\nCVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342,\nCVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539,\nCVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544,\nCVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399,\nCVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771,\nCVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288,\nCVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294,\nCVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125,\nCVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130,\nCVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the\nrh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,\nCVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383,\nCVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391,\nCVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-3074, CVE-2016-4473, and CVE-2016-5399. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch()\n1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23)\n1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)\n1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)\n1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories\n1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)\n1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)\n1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)\n1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)\n1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)\n1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)\n1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)\n1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)\n1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)\n1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c\n1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated\n1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent\n1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives\n1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile()\n1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data\n1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd\n1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method\n1323103 - CVE-2016-4073 php: Negative size parameter in memcpy\n1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \\0 inside name\n1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error()\n1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode\n1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file\n1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads\n1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure\n1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream()\n1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition\n1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input\n1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used\n1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used\n1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow\n1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c\n1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects\n1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches\n1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns\n1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal\n1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread\n1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc\n1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities()\n1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file()\n1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow\n1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec\n1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread\n1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize\n1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351603 - CVE-2016-6128 gd: Invalid color index not properly handled\n1358395 - CVE-2016-5399 php: Improper error handling in bzread()\n1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex\n1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization\n1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment\n1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()\n1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http\n1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize()\n1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c\n1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex\n1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object\n1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability\n1374699 - CVE-2016-7126 php: select_colors write out-of-bounds\n1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access\n1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF\n1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access\n1374707 - CVE-2016-7130 php: wddx_deserialize null dereference\n1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml\n1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-7456\nhttps://access.redhat.com/security/cve/CVE-2014-9767\nhttps://access.redhat.com/security/cve/CVE-2015-2325\nhttps://access.redhat.com/security/cve/CVE-2015-2326\nhttps://access.redhat.com/security/cve/CVE-2015-2327\nhttps://access.redhat.com/security/cve/CVE-2015-2328\nhttps://access.redhat.com/security/cve/CVE-2015-3210\nhttps://access.redhat.com/security/cve/CVE-2015-3217\nhttps://access.redhat.com/security/cve/CVE-2015-5073\nhttps://access.redhat.com/security/cve/CVE-2015-8381\nhttps://access.redhat.com/security/cve/CVE-2015-8383\nhttps://access.redhat.com/security/cve/CVE-2015-8384\nhttps://access.redhat.com/security/cve/CVE-2015-8385\nhttps://access.redhat.com/security/cve/CVE-2015-8386\nhttps://access.redhat.com/security/cve/CVE-2015-8388\nhttps://access.redhat.com/security/cve/CVE-2015-8391\nhttps://access.redhat.com/security/cve/CVE-2015-8392\nhttps://access.redhat.com/security/cve/CVE-2015-8395\nhttps://access.redhat.com/security/cve/CVE-2015-8835\nhttps://access.redhat.com/security/cve/CVE-2015-8865\nhttps://access.redhat.com/security/cve/CVE-2015-8866\nhttps://access.redhat.com/security/cve/CVE-2015-8867\nhttps://access.redhat.com/security/cve/CVE-2015-8873\nhttps://access.redhat.com/security/cve/CVE-2015-8874\nhttps://access.redhat.com/security/cve/CVE-2015-8876\nhttps://access.redhat.com/security/cve/CVE-2015-8877\nhttps://access.redhat.com/security/cve/CVE-2015-8879\nhttps://access.redhat.com/security/cve/CVE-2016-1903\nhttps://access.redhat.com/security/cve/CVE-2016-2554\nhttps://access.redhat.com/security/cve/CVE-2016-3074\nhttps://access.redhat.com/security/cve/CVE-2016-3141\nhttps://access.redhat.com/security/cve/CVE-2016-3142\nhttps://access.redhat.com/security/cve/CVE-2016-4070\nhttps://access.redhat.com/security/cve/CVE-2016-4071\nhttps://access.redhat.com/security/cve/CVE-2016-4072\nhttps://access.redhat.com/security/cve/CVE-2016-4073\nhttps://access.redhat.com/security/cve/CVE-2016-4342\nhttps://access.redhat.com/security/cve/CVE-2016-4343\nhttps://access.redhat.com/security/cve/CVE-2016-4473\nhttps://access.redhat.com/security/cve/CVE-2016-4537\nhttps://access.redhat.com/security/cve/CVE-2016-4538\nhttps://access.redhat.com/security/cve/CVE-2016-4539\nhttps://access.redhat.com/security/cve/CVE-2016-4540\nhttps://access.redhat.com/security/cve/CVE-2016-4541\nhttps://access.redhat.com/security/cve/CVE-2016-4542\nhttps://access.redhat.com/security/cve/CVE-2016-4543\nhttps://access.redhat.com/security/cve/CVE-2016-4544\nhttps://access.redhat.com/security/cve/CVE-2016-5093\nhttps://access.redhat.com/security/cve/CVE-2016-5094\nhttps://access.redhat.com/security/cve/CVE-2016-5096\nhttps://access.redhat.com/security/cve/CVE-2016-5114\nhttps://access.redhat.com/security/cve/CVE-2016-5399\nhttps://access.redhat.com/security/cve/CVE-2016-5766\nhttps://access.redhat.com/security/cve/CVE-2016-5767\nhttps://access.redhat.com/security/cve/CVE-2016-5768\nhttps://access.redhat.com/security/cve/CVE-2016-5770\nhttps://access.redhat.com/security/cve/CVE-2016-5771\nhttps://access.redhat.com/security/cve/CVE-2016-5772\nhttps://access.redhat.com/security/cve/CVE-2016-5773\nhttps://access.redhat.com/security/cve/CVE-2016-6128\nhttps://access.redhat.com/security/cve/CVE-2016-6207\nhttps://access.redhat.com/security/cve/CVE-2016-6288\nhttps://access.redhat.com/security/cve/CVE-2016-6289\nhttps://access.redhat.com/security/cve/CVE-2016-6290\nhttps://access.redhat.com/security/cve/CVE-2016-6291\nhttps://access.redhat.com/security/cve/CVE-2016-6292\nhttps://access.redhat.com/security/cve/CVE-2016-6294\nhttps://access.redhat.com/security/cve/CVE-2016-6295\nhttps://access.redhat.com/security/cve/CVE-2016-6296\nhttps://access.redhat.com/security/cve/CVE-2016-6297\nhttps://access.redhat.com/security/cve/CVE-2016-7124\nhttps://access.redhat.com/security/cve/CVE-2016-7125\nhttps://access.redhat.com/security/cve/CVE-2016-7126\nhttps://access.redhat.com/security/cve/CVE-2016-7127\nhttps://access.redhat.com/security/cve/CVE-2016-7128\nhttps://access.redhat.com/security/cve/CVE-2016-7129\nhttps://access.redhat.com/security/cve/CVE-2016-7130\nhttps://access.redhat.com/security/cve/CVE-2016-7131\nhttps://access.redhat.com/security/cve/CVE-2016-7132\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs\nUCuj+0gWfBsWXOgFhgH0uL8=\n=FcPG\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05240731\nVersion: 1\n\nHPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and\nPHP, Multiple Local and Remote Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-08-19\nLast Updated: 2016-08-19\n\nPotential Security Impact: Local Denial of Service (DoS), Elevation of\nPrivilege, Remote Denial of Service (DoS), Execution of Arbitrary Code,\nUnauthorized Disclosure of Information, Unauthorized Modification\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential remote and local vulnerabilities impacting Perl and PHP\nhave been addressed by HPE NonStop Servers OSS Script Languages. The\nvulnerabilities include Perl\u0027s opportunistic loading of optional modules\nwhich might allow local users to gain elevation of privilege via a Trojan\nhorse library under the current working directory. \n\nReferences:\n\n    - CVE-2016-1238 - Perl Local Elevation of Privilege\n    - CVE-2016-2381 - Perl Remote Unauthorized Modification\n    - CVE-2014-4330 - Perl Local Denial of Service (DoS)\n\n        **Note:** applies only for the H/J-series SPR. Fix was already\nprovided in a previous L-series SPR. \nOSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and\nT1203L01^AAC\n\n    *Impacted releases:*\n\n    - L15.02\n    - L15.08.00, L15.08.01\n    - L16.05.00\n\n    - J06.14 through J06.16.02\n    - J06.17.00, J06.17.01\n    - J06.18.00, J06.18.01\n    - J06.19.00, J06.19.01, J06.19.02\n    - J06.20.00\n\n    - H06.25 through H06.26.01\n    - H06.27.00, H06.27.01\n    - H06.28.00, H06.28.01\n    - H06.29.00, H06.29.01\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2013-7456\n      7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-4330\n      4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-8383\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8386\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8387\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8389\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8390\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8391\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)\n\n    CVE-2015-8393\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-8394\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8607\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8853\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-8865\n      7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8874\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-1238\n      6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\n      6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-1903\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    CVE-2016-2381\n      6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\n      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n    CVE-2016-2554\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-3074\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4070\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-4071\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4072\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4073\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4342\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)\n\n    CVE-2016-4343\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4537\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4538\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4539\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4540\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4541\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4542\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4543\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4544\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5093\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5094\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5096\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5114\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    CVE-2016-5766\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5767\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5768\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5769\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5770\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5771\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5772\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5773\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has released the following software updates to resolve the\nvulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP. \n\nInstall one of the SPRs below as appropriate for the system\u0027s release\nversion:\n\n  + L-Series:\n\n    * T1203L01^AAE (OSS Scripting Languages) - already available\n\n        This SPR already is present in these RVUs: None\n\n        This SPR is usable with the following RVUs:\n\n        - L15.02 through L16.05.00\n\n  + H and J-Series:\n\n    * T1203H01^AAF (OSS Scripting Languages) - already available\n\n        This SPR already is present in these RVUs: None\n\n        This SPR is usable with the following RVUs:\n\n         - J06.14 through J06.20.00\n\n         - H06.25 through H06.29.01\n\n**Note:** Please refer to *NonStop Hotstuff HS03333* for more information. \n\nHISTORY\nVersion:1 (rev.1) - 19 August 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201701-42\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: file: Multiple vulnerabilities\n     Date: January 17, 2017\n     Bugs: #526544, #538660, #539106, #579306\n       ID: 201701-42\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in file, the worst of which\ncould allow remote attackers to execute arbitrary code. \n\nBackground\n==========\n\nfile is a utility that guesses a file format by scanning binary data\nfor patterns. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  sys-apps/file                 \u003c 5.23                     \u003e= 5.23\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in file. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll file users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=sys-apps/file-5.23\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-3710\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3710\n[ 2 ] CVE-2014-9652\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9652\n[ 3 ] CVE-2014-9653\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9653\n[ 4 ] CVE-2015-8865\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-42\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "db": "PACKETSTORM",
        "id": "148192"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-8865",
        "trust": 3.2
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/04/24/1",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "85802",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "148367",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "137174",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "139968",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136841",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137086",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-86826",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139729",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138463",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140540",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148192",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "db": "PACKETSTORM",
        "id": "148192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "id": "VAR-201605-0133",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:54:39.932000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206567"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206567"
      },
      {
        "title": "PR/454: Fix memory corruption when the continuation level jumps by more than",
        "trust": 0.8,
        "url": "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36"
      },
      {
        "title": "0000522: Buffer over-write in PHP function finfo_open with malformed magic file. (uses libmagic)",
        "trust": 0.8,
        "url": "http://bugs.gw.com/view.php?id=522"
      },
      {
        "title": "Sec Bug #71527",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=71527"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "PHP 7 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-7.php"
      },
      {
        "title": "Fixed bug #71527 Buffer over-write in finfo_open with malformed magic file",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e"
      },
      {
        "title": "PHP Fileinfo Fixes for component buffer overflow vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61239"
      },
      {
        "title": "Debian CVElist Bug Report Logs: file: CVE-2015-8865: file_check_mem() misbehaves on some input",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=357578556d837956c999174963fd2eea"
      },
      {
        "title": "Ubuntu Security Notice: file vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3686-2"
      },
      {
        "title": "Red Hat: CVE-2015-8865",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-8865"
      },
      {
        "title": "Ubuntu Security Notice: file vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3686-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3560-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f33dfec360e1186a6d0f52314de3ce6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-698",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-698"
      },
      {
        "title": "Ubuntu Security Notice: php5, php7.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2984-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: hhvm: Various CVEs (CVE-2014-9709 CVE-2015-8865 CVE-2016-1903 CVE-2016-4070 CVE-2016-4539 CVE-2016-6870 CVE-2016-6871 CVE-2016-6872 CVE-2016-6873 CVE-2016-6874 CVE-2016-6875)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=98d16dc1a3e1824eeb9ad5c28e1a0a02"
      },
      {
        "title": "Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162750 - security advisory"
      },
      {
        "title": "Apple: OS X El Capitan v10.11.5 and Security Update 2016-003",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3c550201b398ce302f3a9adf27215fda"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://bugs.gw.com/view.php?id=522"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-7.php"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=71527"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206567"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2016/04/24/1"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201701-42"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2750.html"
      },
      {
        "trust": 1.3,
        "url": "https://usn.ubuntu.com/3686-2/"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/85802"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05240731"
      },
      {
        "trust": 1.2,
        "url": "http://www.debian.org/security/2016/dsa-3560"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201611-22"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2952-1"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2952-2"
      },
      {
        "trust": 1.2,
        "url": "https://usn.ubuntu.com/3686-1/"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=fe13566c93f118a15a96320a546c7878fd0cfc5e"
      },
      {
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8865"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8865"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8865"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4073"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/usn/usn-3686-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10360"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8386"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8391"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8383"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8874"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-apachemodphp-cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3132"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.4-7ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3078"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.23"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.17"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2984-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.4"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3686-2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6288"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5093"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4342"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4473"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5096"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4070"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8853"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05240731"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8393"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8389"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8390"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9653"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/file/1:5.25-2ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9621"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/file/1:5.14-2ubuntu3.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/file/1:5.32-2ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9620"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/file/1:5.32-1ubuntu0.1"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "db": "PACKETSTORM",
        "id": "148192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "db": "PACKETSTORM",
        "id": "148192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "date": "2016-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "date": "2016-05-24T23:31:17",
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "date": "2018-06-29T00:19:16",
        "db": "PACKETSTORM",
        "id": "148367"
      },
      {
        "date": "2016-11-15T16:44:45",
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "date": "2016-08-22T18:18:17",
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "date": "2017-01-17T15:34:19",
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "date": "2018-06-14T15:57:22",
        "db": "PACKETSTORM",
        "id": "148192"
      },
      {
        "date": "2016-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "date": "2016-05-20T10:59:00.137000",
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86826"
      },
      {
        "date": "2018-06-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-8865"
      },
      {
        "date": "2016-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      },
      {
        "date": "2016-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      },
      {
        "date": "2023-11-07T02:28:44.817000",
        "db": "NVD",
        "id": "CVE-2015-8865"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "140540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  Fileinfo Used by components  file of  funcs.c of  file_check_mem Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007175"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-556"
      }
    ],
    "trust": 0.6
  }
}

var-202110-1577
Vulnerability from variot

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. PHP Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security issue was found in PHP prior to 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root. ========================================================================= Ubuntu Security Notice USN-5125-1 October 27, 2021

php5, php7.0, php7.2, php7.4, php8.0 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 21.10
  • Ubuntu 21.04
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Summary:

PHP-PFM in PHP could be made to run program as an administrator if it received specially crafted input. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.10: php8.0-fpm 8.0.8-1ubuntu0.1

Ubuntu 21.04: php7.4-fpm 7.4.16-1ubuntu2.2

Ubuntu 20.04 LTS: php7.4-fpm 7.4.3-4ubuntu2.7

Ubuntu 18.04 LTS: php7.2-fpm 7.2.24-0ubuntu0.18.04.10

Ubuntu 16.04 ESM: php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm2

Ubuntu 14.04 ESM: php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm15

In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-20


                                       https://security.gentoo.org/

Severity: High Title: PHP: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #799776, #810526, #819510, #833585, #850772, #857054 ID: 202209-20


Synopsis

Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 7.4.30:7.4 >= 7.4.30:7.4 < 8.0.23:8.0 >= 8.0.23:8.0 < 8.1.8:8.1 >= 8.1.8:8.1

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 7.4 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-7.4.30:7.4"

All PHP 8.0 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-8.0.23:8.0"

All PHP 8.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-8.1.8:8.1"

References

[ 1 ] CVE-2021-21703 https://nvd.nist.gov/vuln/detail/CVE-2021-21703 [ 2 ] CVE-2021-21704 https://nvd.nist.gov/vuln/detail/CVE-2021-21704 [ 3 ] CVE-2021-21705 https://nvd.nist.gov/vuln/detail/CVE-2021-21705 [ 4 ] CVE-2021-21708 https://nvd.nist.gov/vuln/detail/CVE-2021-21708 [ 5 ] CVE-2022-31625 https://nvd.nist.gov/vuln/detail/CVE-2022-31625 [ 6 ] CVE-2022-31626 https://nvd.nist.gov/vuln/detail/CVE-2022-31626 [ 7 ] CVE-2022-31627 https://nvd.nist.gov/vuln/detail/CVE-2022-31627

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202209-20

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: rh-php73-php security and bug fix update Advisory ID: RHSA-2022:5491-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:5491 Issue date: 2022-07-04 CVE Names: CVE-2021-21703 CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 ==================================================================== 1. Summary:

An update for rh-php73-php is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

  • php: password of excessive length triggers buffer overflow leading to RCE (CVE-2022-31626)

  • php: Local privilege escalation via PHP-FPM (CVE-2021-21703)

  • php: special character breaks path in xml parsing (CVE-2021-21707)

  • php: uninitialized array in pg_query_params() leading to RCE (CVE-2022-31625)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • rh-php73: rebase to 7.3.33 (BZ#2100753)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2016535 - CVE-2021-21703 php: Local privilege escalation via PHP-FPM 2026045 - CVE-2021-21707 php: special character breaks path in xml parsing 2098521 - CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE 2098523 - CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE 2100753 - rh-php73: rebase to 7.3.33 [rhscl-3.8.z]

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php73-php-7.3.33-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.33-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.33-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.33-1.el7.ppc64le.rpm rh-php73-php-common-7.3.33-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.33-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.33-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.33-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.33-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.33-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.33-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.33-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.33-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.33-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.33-1.el7.ppc64le.rpm rh-php73-php-json-7.3.33-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.33-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.33-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.33-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.33-1.el7.ppc64le.rpm rh-php73-php-process-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.33-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.33-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.33-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.33-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.33-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.33-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.33-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.33-1.el7.s390x.rpm rh-php73-php-cli-7.3.33-1.el7.s390x.rpm rh-php73-php-common-7.3.33-1.el7.s390x.rpm rh-php73-php-dba-7.3.33-1.el7.s390x.rpm rh-php73-php-dbg-7.3.33-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.33-1.el7.s390x.rpm rh-php73-php-devel-7.3.33-1.el7.s390x.rpm rh-php73-php-embedded-7.3.33-1.el7.s390x.rpm rh-php73-php-enchant-7.3.33-1.el7.s390x.rpm rh-php73-php-fpm-7.3.33-1.el7.s390x.rpm rh-php73-php-gd-7.3.33-1.el7.s390x.rpm rh-php73-php-gmp-7.3.33-1.el7.s390x.rpm rh-php73-php-intl-7.3.33-1.el7.s390x.rpm rh-php73-php-json-7.3.33-1.el7.s390x.rpm rh-php73-php-ldap-7.3.33-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.33-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.s390x.rpm rh-php73-php-odbc-7.3.33-1.el7.s390x.rpm rh-php73-php-opcache-7.3.33-1.el7.s390x.rpm rh-php73-php-pdo-7.3.33-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.33-1.el7.s390x.rpm rh-php73-php-process-7.3.33-1.el7.s390x.rpm rh-php73-php-pspell-7.3.33-1.el7.s390x.rpm rh-php73-php-recode-7.3.33-1.el7.s390x.rpm rh-php73-php-snmp-7.3.33-1.el7.s390x.rpm rh-php73-php-soap-7.3.33-1.el7.s390x.rpm rh-php73-php-xml-7.3.33-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.s390x.rpm rh-php73-php-zip-7.3.33-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.33-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm rh-php73-php-common-7.3.33-1.el7.x86_64.rpm rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm rh-php73-php-json-7.3.33-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm rh-php73-php-process-7.3.33-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php73-php-7.3.33-1.el7.src.rpm

x86_64: rh-php73-php-7.3.33-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm rh-php73-php-common-7.3.33-1.el7.x86_64.rpm rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm rh-php73-php-json-7.3.33-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm rh-php73-php-process-7.3.33-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2021-21703 https://access.redhat.com/security/cve/CVE-2021-21707 https://access.redhat.com/security/cve/CVE-2022-31625 https://access.redhat.com/security/cve/CVE-2022-31626 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYsLehtzjgjWX9erEAQiwyQ/+PV7nIzWZKjc+4JLfk/tF6u19j7lmxgo/ rXR/9UyeBFTas8Nd+19Q2xgJdEDheHED74zskj6lsMW8V8v7DEwP3QfbBrmsWAKl HMahWfYEh6ZhpNMAxR1bc+z243unsHXb94b2Ed7oTNFewRxdkga1K+uhhvewfYaw +yycxRapynaD0SUqtP6KDFirpX14iobazHynhVbiE1KMAv9pIkYlCLJmktnR18Pp 8UFEyGO05tovQqe38+9oVAFxnfq7f/NTmrIJAOuYcS5Lu0B9g4yMrWWiL4XjmL3U YWHhPm5dSRWXaKGF2JtCsQ7kShFcHj7pXnBQsoRT3GYimuYuZnR9fd3p6i1EUU6c 6oE8Uu5D2dH1iEdYtewohgTGYkUz/IBT+f0d9Z6k0aQdroOGgczjBm8nc7pV580G 3ksyFzk58rOyPDlslrF0OtN2Xdq3Vn2InS/EJeT6d1v0OMMn8Voezg7jE28jT/qx 5tDKv98T4qD+IiurXBr/PFEFkZxMzKFOo6MVtkIpLuJjPf2Guy/8vO6KjUiR0ANE GLtzbThZrV6js/vurZr0oc7h+UdgcgVm69XlcUVi7rHij7WC0UOlbF0pYM+b805c HU8AYV8+9FxSB88w49p2eg1iIn0CNfKi2YQL2Gyr4T9L09Eiuf/y/HrgwLg66t4X 4AC7K4v+QQw=KI2M -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

For the oldstable distribution (buster), this problem has been fixed in version 7.3.31-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmF3EohfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QTzBAAgt5HqxH7k7LMTK1tnwY2HXoNB9avYOwLrZbuox+D6hU9RO0en+3phMK1 2rwREhAwwvbt2SuqmGOnxnLHfpvuS31ufHmLaiGVsGPJL3qAy3t/w3DZ1euZf60A MLbHuLElmA6PuPnsnQbzNb28PfTFjkYt2u0nRSU4R1Te78mZg4tw/IlrCUAeHOUJ /7AuTpv7zTCP765YqEgqJfg5lL+NhsAxrZ//6Zx7hDvqb1VIc3vHKpC/DJWP56XS YVmGILhEZIY33ixGdQR6/uW0VrvW0AELzveVpiOZVZcGYJH2j2V2xW7cTcPZXiyO hBbnBDHPi+PyH8I461J9RLw/8dJpU6zn+I2w5RSmMhVk+swjkBTiBLbyeOfp5mBS 7wCPyEBUYGD6AiWG96qfpn2/ACHyY+ndrMWabtCfgRGkwcb2kqRhQ4Ai3nYSZm1l 3XDdNIg+Ywtf7NRwblBVlvJ4egy8tj0ERB9wigd2av1buHl6Ji6xRvePYHShm6xi C02qTL7cFfKmTxfk0HdwtUu0zYc9qKZb9VAcPwiwqTbgWXWbnTLivBoIJ1iubQsU kOpzH41nt7vlmaFb6Q5HCGNdrwIQ3CwavFdnIfF7YCV9tN7qJwI61KsBcGM6l5hW 1oCvUbEyeaaVNl2REsDNqtzJE154Prd//3pwShMNHlHcxwf+LV8= =1d/J -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202110-1577",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0.0"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.5.0.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.25"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.31"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "8.0.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "8.0.12"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "oracle communications diameter signaling router",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      },
      {
        "model": "php",
        "scope": null,
        "trust": 0.8,
        "vendor": "the php group",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21703"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.31",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.25",
                "versionStartIncluding": "7.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.12",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.0.2",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-21703"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167696"
      },
      {
        "db": "PACKETSTORM",
        "id": "167076"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2021-21703",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2021-21703",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-380107",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "security@php.net",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.1,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.0,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-21703",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-21703",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security@php.net",
            "id": "CVE-2021-21703",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202110-1514",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-380107",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-21703",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-380107"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21703"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21703"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1514"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. PHP Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security issue was found in PHP prior to 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root. =========================================================================\nUbuntu Security Notice USN-5125-1\nOctober 27, 2021\n\nphp5, php7.0, php7.2, php7.4, php8.0 vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nPHP-PFM in PHP could be made to run program as an administrator\nif it received specially crafted input. \nAn attacker could possibly use this issue to cause a crash or execute\narbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n  php8.0-fpm                      8.0.8-1ubuntu0.1\n\nUbuntu 21.04:\n  php7.4-fpm                      7.4.16-1ubuntu2.2\n\nUbuntu 20.04 LTS:\n  php7.4-fpm                      7.4.3-4ubuntu2.7\n\nUbuntu 18.04 LTS:\n  php7.2-fpm                      7.2.24-0ubuntu0.18.04.10\n\nUbuntu 16.04 ESM:\n  php7.0-fpm                      7.0.33-0ubuntu0.16.04.16+esm2\n\nUbuntu 14.04 ESM:\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.29+esm15\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: PHP: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #799776, #810526, #819510, #833585, #850772, #857054\n       ID: 202209-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in PHP, the worst of which\ncould result in local root privilege escalation. \n\nBackground\n=========\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/php               \u003c 7.4.30:7.4             \u003e= 7.4.30:7.4\n                                \u003c 8.0.23:8.0             \u003e= 8.0.23:8.0\n                                \u003c 8.1.8:8.1               \u003e= 8.1.8:8.1\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll PHP 7.4 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-lang/php-7.4.30:7.4\"\n\nAll PHP 8.0 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-lang/php-8.0.23:8.0\"\n\nAll PHP 8.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-lang/php-8.1.8:8.1\"\n\nReferences\n=========\n[ 1 ] CVE-2021-21703\n      https://nvd.nist.gov/vuln/detail/CVE-2021-21703\n[ 2 ] CVE-2021-21704\n      https://nvd.nist.gov/vuln/detail/CVE-2021-21704\n[ 3 ] CVE-2021-21705\n      https://nvd.nist.gov/vuln/detail/CVE-2021-21705\n[ 4 ] CVE-2021-21708\n      https://nvd.nist.gov/vuln/detail/CVE-2021-21708\n[ 5 ] CVE-2022-31625\n      https://nvd.nist.gov/vuln/detail/CVE-2022-31625\n[ 6 ] CVE-2022-31626\n      https://nvd.nist.gov/vuln/detail/CVE-2022-31626\n[ 7 ] CVE-2022-31627\n      https://nvd.nist.gov/vuln/detail/CVE-2022-31627\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: rh-php73-php security and bug fix update\nAdvisory ID:       RHSA-2022:5491-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:5491\nIssue date:        2022-07-04\nCVE Names:         CVE-2021-21703 CVE-2021-21707 CVE-2022-31625\n                   CVE-2022-31626\n====================================================================\n1. Summary:\n\nAn update for rh-php73-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nSecurity Fix(es):\n\n* php: password of excessive length triggers buffer overflow leading to RCE\n(CVE-2022-31626)\n\n* php: Local privilege escalation via PHP-FPM (CVE-2021-21703)\n\n* php: special character breaks path in xml parsing (CVE-2021-21707)\n\n* php: uninitialized array in pg_query_params() leading to RCE\n(CVE-2022-31625)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* rh-php73: rebase to 7.3.33 (BZ#2100753)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2016535 - CVE-2021-21703 php: Local privilege escalation via PHP-FPM\n2026045 - CVE-2021-21707 php: special character breaks path in xml parsing\n2098521 - CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE\n2098523 - CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE\n2100753 - rh-php73: rebase to 7.3.33 [rhscl-3.8.z]\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.33-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.33-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.33-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.33-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.33-1.el7.s390x.rpm\nrh-php73-php-common-7.3.33-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.33-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.33-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.33-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.33-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.33-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.33-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.33-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.33-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.33-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.33-1.el7.s390x.rpm\nrh-php73-php-json-7.3.33-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.33-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.33-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.33-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.33-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.33-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.33-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.33-1.el7.s390x.rpm\nrh-php73-php-process-7.3.33-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.33-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.33-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.33-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.33-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.33-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.33-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.33-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.33-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php73-php-7.3.33-1.el7.src.rpm\n\nx86_64:\nrh-php73-php-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.33-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-21703\nhttps://access.redhat.com/security/cve/CVE-2021-21707\nhttps://access.redhat.com/security/cve/CVE-2022-31625\nhttps://access.redhat.com/security/cve/CVE-2022-31626\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYsLehtzjgjWX9erEAQiwyQ/+PV7nIzWZKjc+4JLfk/tF6u19j7lmxgo/\nrXR/9UyeBFTas8Nd+19Q2xgJdEDheHED74zskj6lsMW8V8v7DEwP3QfbBrmsWAKl\nHMahWfYEh6ZhpNMAxR1bc+z243unsHXb94b2Ed7oTNFewRxdkga1K+uhhvewfYaw\n+yycxRapynaD0SUqtP6KDFirpX14iobazHynhVbiE1KMAv9pIkYlCLJmktnR18Pp\n8UFEyGO05tovQqe38+9oVAFxnfq7f/NTmrIJAOuYcS5Lu0B9g4yMrWWiL4XjmL3U\nYWHhPm5dSRWXaKGF2JtCsQ7kShFcHj7pXnBQsoRT3GYimuYuZnR9fd3p6i1EUU6c\n6oE8Uu5D2dH1iEdYtewohgTGYkUz/IBT+f0d9Z6k0aQdroOGgczjBm8nc7pV580G\n3ksyFzk58rOyPDlslrF0OtN2Xdq3Vn2InS/EJeT6d1v0OMMn8Voezg7jE28jT/qx\n5tDKv98T4qD+IiurXBr/PFEFkZxMzKFOo6MVtkIpLuJjPf2Guy/8vO6KjUiR0ANE\nGLtzbThZrV6js/vurZr0oc7h+UdgcgVm69XlcUVi7rHij7WC0UOlbF0pYM+b805c\nHU8AYV8+9FxSB88w49p2eg1iIn0CNfKi2YQL2Gyr4T9L09Eiuf/y/HrgwLg66t4X\n4AC7K4v+QQw=KI2M\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 7.3.31-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmF3EohfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0QTzBAAgt5HqxH7k7LMTK1tnwY2HXoNB9avYOwLrZbuox+D6hU9RO0en+3phMK1\n2rwREhAwwvbt2SuqmGOnxnLHfpvuS31ufHmLaiGVsGPJL3qAy3t/w3DZ1euZf60A\nMLbHuLElmA6PuPnsnQbzNb28PfTFjkYt2u0nRSU4R1Te78mZg4tw/IlrCUAeHOUJ\n/7AuTpv7zTCP765YqEgqJfg5lL+NhsAxrZ//6Zx7hDvqb1VIc3vHKpC/DJWP56XS\nYVmGILhEZIY33ixGdQR6/uW0VrvW0AELzveVpiOZVZcGYJH2j2V2xW7cTcPZXiyO\nhBbnBDHPi+PyH8I461J9RLw/8dJpU6zn+I2w5RSmMhVk+swjkBTiBLbyeOfp5mBS\n7wCPyEBUYGD6AiWG96qfpn2/ACHyY+ndrMWabtCfgRGkwcb2kqRhQ4Ai3nYSZm1l\n3XDdNIg+Ywtf7NRwblBVlvJ4egy8tj0ERB9wigd2av1buHl6Ji6xRvePYHShm6xi\nC02qTL7cFfKmTxfk0HdwtUu0zYc9qKZb9VAcPwiwqTbgWXWbnTLivBoIJ1iubQsU\nkOpzH41nt7vlmaFb6Q5HCGNdrwIQ3CwavFdnIfF7YCV9tN7qJwI61KsBcGM6l5hW\n1oCvUbEyeaaVNl2REsDNqtzJE154Prd//3pwShMNHlHcxwf+LV8=\n=1d/J\n-----END PGP SIGNATURE-----\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-21703"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      },
      {
        "db": "VULHUB",
        "id": "VHN-380107"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21703"
      },
      {
        "db": "PACKETSTORM",
        "id": "164698"
      },
      {
        "db": "PACKETSTORM",
        "id": "168579"
      },
      {
        "db": "PACKETSTORM",
        "id": "167696"
      },
      {
        "db": "PACKETSTORM",
        "id": "169134"
      },
      {
        "db": "PACKETSTORM",
        "id": "167076"
      },
      {
        "db": "PACKETSTORM",
        "id": "169145"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-21703",
        "trust": 4.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/10/26/7",
        "trust": 2.6
      },
      {
        "db": "PACKETSTORM",
        "id": "164698",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167696",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167076",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "168579",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014233",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051153",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012745",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021102719",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021102621",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070644",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4126",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3963",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3540",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6055",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0898",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3253",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3601",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1514",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-380107",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21703",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169134",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169145",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-380107"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21703"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164698"
      },
      {
        "db": "PACKETSTORM",
        "id": "168579"
      },
      {
        "db": "PACKETSTORM",
        "id": "167696"
      },
      {
        "db": "PACKETSTORM",
        "id": "169134"
      },
      {
        "db": "PACKETSTORM",
        "id": "167076"
      },
      {
        "db": "PACKETSTORM",
        "id": "169145"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1514"
      }
    ]
  },
  "id": "VAR-202110-1577",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-380107"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:01:00.245000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0April\u00a02022 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
      },
      {
        "title": "PHP Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=167359"
      },
      {
        "title": "Debian CVElist Bug Report Logs: php: CVE-2021-21703",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=367f4c4a333e1f2558606fc0c7ade7c4"
      },
      {
        "title": "Debian Security Advisories: DSA-4993-1 php7.3 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3bb2d2714d0d0b836ca271ce2aa4d17c"
      },
      {
        "title": "Debian Security Advisories: DSA-4992-1 php7.4 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a0d33242f30774b0a2380ec202d367da"
      },
      {
        "title": "Red Hat: Important: rh-php73-php security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225491 - security advisory"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-21703 log"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2021-21703 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/henzau/web-nmap "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-21703"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1514"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-380107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21703"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21703"
      },
      {
        "trust": 1.9,
        "url": "https://www.debian.org/security/2021/dsa-4993"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202209-20"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20211118-0003/"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2021/dsa-4992"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=81026"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6pzvliczujmxogwouwsbaegivtf6y6v3/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jo5ra6yobgggklia6f6bqrzddecf5l3r/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pbm3kkb3ry2ypoknmc4hih7ih3t3wc74/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6pzvliczujmxogwouwsbaegivtf6y6v3/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pbm3kkb3ry2ypoknmc4hih7ih3t3wc74/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jo5ra6yobgggklia6f6bqrzddecf5l3r/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2021-21703"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168579/gentoo-linux-security-advisory-202209-20.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164698/ubuntu-security-notice-usn-5125-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167696/red-hat-security-advisory-2022-5491-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167076/red-hat-security-advisory-2022-1935-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3601"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-read-write-access-via-fpm-36691"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3540"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4126"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3963"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012745"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021102719"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051153"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6055"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3253"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021102621"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0898"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070644"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31625"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31626"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21705"
      },
      {
        "trust": 0.2,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2021-21703"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997003"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2021-21703"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5125-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.16-1ubuntu2.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.10"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php8.0/8.0.8-1ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31627"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21704"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21708"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-31626"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21707"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:5491"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-31625"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21707"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.3"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1935"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.4"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-380107"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21703"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164698"
      },
      {
        "db": "PACKETSTORM",
        "id": "168579"
      },
      {
        "db": "PACKETSTORM",
        "id": "167696"
      },
      {
        "db": "PACKETSTORM",
        "id": "169134"
      },
      {
        "db": "PACKETSTORM",
        "id": "167076"
      },
      {
        "db": "PACKETSTORM",
        "id": "169145"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1514"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-380107"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21703"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      },
      {
        "db": "PACKETSTORM",
        "id": "164698"
      },
      {
        "db": "PACKETSTORM",
        "id": "168579"
      },
      {
        "db": "PACKETSTORM",
        "id": "167696"
      },
      {
        "db": "PACKETSTORM",
        "id": "169134"
      },
      {
        "db": "PACKETSTORM",
        "id": "167076"
      },
      {
        "db": "PACKETSTORM",
        "id": "169145"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21703"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1514"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-380107"
      },
      {
        "date": "2021-10-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-21703"
      },
      {
        "date": "2022-10-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      },
      {
        "date": "2021-10-28T15:06:10",
        "db": "PACKETSTORM",
        "id": "164698"
      },
      {
        "date": "2022-09-30T14:56:50",
        "db": "PACKETSTORM",
        "id": "168579"
      },
      {
        "date": "2022-07-04T14:32:27",
        "db": "PACKETSTORM",
        "id": "167696"
      },
      {
        "date": "2021-10-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169134"
      },
      {
        "date": "2022-05-11T16:41:14",
        "db": "PACKETSTORM",
        "id": "167076"
      },
      {
        "date": "2021-10-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169145"
      },
      {
        "date": "2021-10-25T06:15:06.563000",
        "db": "NVD",
        "id": "CVE-2021-21703"
      },
      {
        "date": "2021-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-1514"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-380107"
      },
      {
        "date": "2022-10-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-21703"
      },
      {
        "date": "2022-10-11T06:21:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      },
      {
        "date": "2023-11-07T03:30:04.983000",
        "db": "NVD",
        "id": "CVE-2021-21703"
      },
      {
        "date": "2022-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-1514"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168579"
      },
      {
        "db": "PACKETSTORM",
        "id": "169134"
      },
      {
        "db": "PACKETSTORM",
        "id": "169145"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1514"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP\u00a0 Out-of-bounds write vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014233"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1514"
      }
    ],
    "trust": 0.6
  }
}

var-201503-0389
Vulnerability from variot

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. http://cwe.mitre.org/data/definitions/476.htmlService disruption through a crafted name by a third party (NULL Pointer dereference and application crash ) There is a possibility of being put into a state. PHP is prone to a denial-of-service vulnerability due to a Null-pointer deference condition. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. PostgreSQL (aka pgsql) is one of the object-relational database management system extensions. The vulnerability is caused by the program not correctly validating the 'token' parameter extraction of the form name. ============================================================================ Ubuntu Security Notice USN-2501-1 February 17, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1352)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2 php5-cgi 5.5.12+dfsg-2ubuntu4.2 php5-cli 5.5.12+dfsg-2ubuntu4.2 php5-fpm 5.5.12+dfsg-2ubuntu4.2 php5-pgsql 5.5.12+dfsg-2ubuntu4.2

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6 php5-cgi 5.5.9+dfsg-1ubuntu4.6 php5-cli 5.5.9+dfsg-1ubuntu4.6 php5-fpm 5.5.9+dfsg-1ubuntu4.6 php5-pgsql 5.5.9+dfsg-1ubuntu4.6

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.16 php5-cgi 5.3.10-1ubuntu3.16 php5-cli 5.3.10-1ubuntu3.16 php5-fpm 5.3.10-1ubuntu3.16 php5-pgsql 5.3.10-1ubuntu3.16

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11

OS X El Capitan 10.11 is now available and addresses the following:

Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issue existed in Address Book framework's handling of an environment variable. This issue was addressed through improved environment variable handling. CVE-ID CVE-2015-5897 : Dan Bastone of Gotham Digital Science

AirScan Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connection Description: An issue existed in the processing of eSCL packets. This issue was addressed through improved validation checks. CVE-ID CVE-2015-5853 : an anonymous researcher

apache_mod_php Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution. This issue was addressed by updating PHP to version 5.5.27. CVE-ID CVE-2014-9425 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330

Apple Online Store Kit Available for: Mac OS X v10.6.8 and later Impact: A malicious application may gain access to a user's keychain items Description: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University

AppleEvents Available for: Mac OS X v10.6.8 and later Impact: A user connected through screen sharing can send Apple Events to a local user's session Description: An issue existed with Apple Event filtering that allowed some users to send events to other users. This was addressed by improved Apple Event handling. CVE-ID CVE-2015-5849 : Jack Lawrence (@_jackhl)

Audio Available for: Mac OS X v10.6.8 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea

bash Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in bash Description: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. These issues were addressed by updating bash version 3.2 to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187

Certificate Trust Policy Available for: Mac OS X v10.6.8 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork Cookies Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork FTPProtocol Available for: Mac OS X v10.6.8 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in the handling of FTP packets when using the PASV command. This issue was resolved through improved validation. CVE-ID CVE-2015-5912 : Amit Klein

CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A maliciously crafted URL may be able to bypass HSTS and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd

CFNetwork Proxies Available for: Mac OS X v10.6.8 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group

CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.

CoreCrypto Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.

CoreText Available for: Mac OS X v10.6.8 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

Dev Tools Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash

Dev Tools Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam

Disk Images Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco

dyld Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : TaiG Jailbreak Team

EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious application can prevent some systems from booting Description: An issue existed with the addresses covered by the protected range register. This issue was fixed by changing the protected range. CVE-ID CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore

EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashing Description: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare

Finder Available for: Mac OS X v10.6.8 and later Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option. CVE-ID CVE-2015-5901 : Apple

Game Center Available for: Mac OS X v10.6.8 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser

Heimdal Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to replay Kerberos credentials to the SMB server Description: An authentication issue existed in Kerberos credentials. This issue was addressed through additional validation of credentials using a list of recently seen credentials. CVE-ID CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu Fan of Microsoft Corporation, China

ICU Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2014-8147 CVE-2015-5922

Install Framework Legacy Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to gain root privileges Description: A restriction issue existed in the Install private framework containing a privileged executable. This issue was addressed by removing the executable. CVE-ID CVE-2015-5888 : Apple

Intel Graphics Driver Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in the Intel Graphics Driver. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5830 : Yuki MIZUNO (@mzyy94) CVE-2015-5877 : Camillus Gerard Cai

IOAudioFamily Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOAudioFamily that led to the disclosure of kernel memory content. This issue was addressed by permuting kernel pointers. CVE-ID CVE-2015-5864 : Luca Todesco

IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5871 : Ilja van Sprundel of IOActive CVE-2015-5872 : Ilja van Sprundel of IOActive CVE-2015-5873 : Ilja van Sprundel of IOActive CVE-2015-5890 : Ilja van Sprundel of IOActive

IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOGraphics which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-5865 : Luca Todesco

IOHIDFamily Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5866 : Apple CVE-2015-5867 : moony li of Trend Micro

IOStorageFamily Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the Kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through additional entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. These issues were addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser

Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issue was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney

Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in the handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory layout. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in debugging interfaces that led to the disclosure of memory content. This issue was addressed by sanitizing output from debugging interfaces. CVE-ID CVE-2015-5870 : Apple

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to cause a system denial of service Description: A state management issue existed in debugging functionality. This issue was addressed through improved validation. CVE-ID CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team

libc Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation

libpthread Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team

libxpc Available for: Mac OS X v10.6.8 and later Impact: Many SSH connections could cause a denial of service Description: launchd had no limit on the number of processes that could be started by a network connection. This issue was addressed by limiting the number of SSH processes to 40. CVE-ID CVE-2015-5881 : Apple

Login Window Available for: Mac OS X v10.6.8 and later Impact: The screen lock may not engage after the specified time period Description: An issue existed with captured display locking. The issue was addressed through improved lock handling. CVE-ID CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher

lukemftpd Available for: Mac OS X v10.6.8 and later Impact: A remote attacker may be able to deny service to the FTP server Description: A glob-processing issue existed in tnftpd. This issue was addressed through improved glob validation. CVE-ID CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com

Mail Available for: Mac OS X v10.6.8 and later Impact: Printing an email may leak sensitive user information Description: An issue existed in Mail which bypassed user preferences when printing an email. This issue was addressed through improved user preference enforcement. CVE-ID CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners

Mail Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position may be able to intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop Description: An issue existed in handling encryption parameters for large email attachments sent via Mail Drop. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail. CVE-ID CVE-2015-5884 : John McCombs of Integrated Mapping Ltd

Multipeer Connectivity Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem

NetworkExtension Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd

Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: An issue existed in parsing links in the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher

Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: A cross-site scripting issue existed in parsing text by the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)

OpenSSH Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSH Description: Multiple vulnerabilities existed in OpenSSH versions prior to 6.9. These issues were addressed by updating OpenSSH to version 6.9. CVE-ID CVE-2014-2532

OpenSSL Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287

procmail Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in procmail Description: Multiple vulnerabilities existed in procmail versions prior to 3.22. These issues were addressed by removing procmail. CVE-ID CVE-2014-3618

remote_cmds Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with root privileges Description: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary. CVE-ID CVE-2015-5889 : Philip Pettersson

removefile Available for: Mac OS X v10.6.8 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher

Ruby Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in Ruby Description: Multiple vulnerabilities existed in Ruby versions prior to 2.0.0p645. These were addressed by updating Ruby to version 2.0.0p645. CVE-ID CVE-2014-8080 CVE-2014-8090 CVE-2015-1855

Security Available for: Mac OS X v10.6.8 and later Impact: The lock state of the keychain may be incorrectly displayed to the user Description: A state management issue existed in the way keychain lock status was tracked. This issue was addressed through improved state management. CVE-ID CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple

Security Available for: Mac OS X v10.6.8 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-5894 : Hannes Oud of kWallet GmbH

Security Available for: Mac OS X v10.6.8 and later Impact: A remote server may prompt for a certificate before identifying itself Description: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. This issue was addressed by requiring the ServerKeyExchange first. CVE-ID CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute

SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5891 : Ilja van Sprundel of IOActive

SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in SMBClient that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5893 : Ilja van Sprundel of IOActive

SQLite Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-3414 CVE-2015-3415 CVE-2015-3416

Telephony Available for: Mac OS X v10.6.8 and later Impact: A local attacker can place phone calls without the user's knowledge when using Continuity Description: An issue existed in the authorization checks for placing phone calls. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-3785 : Dan Bastone of Gotham Digital Science

Terminal Available for: Mac OS X v10.6.8 and later Impact: Maliciously crafted text could mislead the user in Terminal Description: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. This issue was addressed by suppressing bidirectional override characters in Terminal. CVE-ID CVE-2015-5883 : an anonymous researcher

tidy Available for: Mac OS X v10.6.8 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in tidy. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com

Time Machine Available for: Mac OS X v10.6.8 and later Impact: A local attacker may gain access to keychain items Description: An issue existed in backups by the Time Machine framework. This issue was addressed through improved coverage of Time Machine backups. CVE-ID CVE-2015-5854 : Jonas Magazinius of Assured AB

Note: OS X El Capitan 10.11 includes the security content of Safari 9: https://support.apple.com/kb/HT205265.

OS X El Capitan 10.11 may be obtained from the Mac App Store: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO /hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6 QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54 YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR 8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1 nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e g6jld/w5tPuCFhGucE7Z =XciV -----END PGP SIGNATURE----- .

Release Date: 2015-06-10 Last Updated: 2015-06-10

Potential Security Impact: Remote denial of service (DoS), man-in-the-middle (MitM) attack, modification of data, local modification of data

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities.

HP-UX B.11.31 running HP-UX Apache Web Server Suite v4.04 or earlier

HP-UX B.11.31 running HP-UX Apache Web Server v2.2.15.22 or earlier

HP-UX B.11.31 running Tomcat Servlet Engine v6.0.39.03 or earlier

HP-UX B.11.31 running PHP v5.4.11.04 or earlier

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2013-5704 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0227 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9709 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-1352 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2305 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2783 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following software updates to resolve the vulnerabilities.

The updates are available for download from http://software.hp.com

NOTE: HP-UX Web Server Suite v4.05 HPUXWSATW405 contains Apache v2.2.29.01, Tomcat Servlet Engine 6.0.43.01, PHP 5.4.40.01, and Webmin v1.070.13

HP-UX 11i Release Apache Depot name

B.11.31 (11i v3 32-bit) HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot

B.11.31 (11i v3 64-bit) HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot

MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v4.05 or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.29.01 or subsequent

hpuxws22TOMCAT.TOMCAT action: install revision C.6.0.43.01 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 10 June 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2015:080 http://www.mandriva.com/en/support/security/


Package : php Date : March 28, 2015 Affected: Business Server 2.0


Problem Description:

Multiple vulnerabilities has been discovered and corrected in php:

It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943).

A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270).

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345).

PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185).

A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237).

A flaw was found in the way file parsed property information from Composite Document Files (CDF) files. A property entry with 0 elements triggers an infinite loop (CVE-2014-0238).

The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types (CVE-2014-3515).

It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query (CVE-2014-4049).

A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478).

Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487).

The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory (CVE-2014-4721).

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 (CVE-2014-3587). NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (CVE-2014-3597).

An integer overflow flaw in PHP's unserialize() function was reported. If unserialize() were used on untrusted data, this issue could lead to a crash or potentially information disclosure (CVE-2014-3669).

A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code (CVE-2014-3670).

If client-supplied input was passed to PHP's cURL client as a URL to download, it could return local files from the server due to improper handling of null bytes (PHP#68089).

An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash (CVE-2014-3710).

A use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize() (CVE-2014-8142).

sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (CVE-2014-9427).

Free called on an uninitialized pointer in php-exif in PHP before 5.5.21 (CVE-2015-0232).

The readelf.c source file has been removed from PHP's bundled copy of file's libmagic, eliminating exposure to denial of service issues in ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620 and CVE-2014-9621 in PHP's fileinfo module.

S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding.

Taoguang Chen discovered that PHP incorrectly handled unserializing objects.

It was discovered that PHP incorrectly handled memory in the phar extension.

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231).

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code (CVE-2015-2331).

It was discovered that the PHP opcache component incorrectly handled memory.

It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers.

PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to the libmagic issues. The libzip packages has been patched to address the CVE-2015-2331 flaw.

A bug in the php zip extension that could cause a crash has been fixed (mga#13820)

Additionally the jsonc and timezonedb packages has been upgraded to the latest versions and the PECL packages which requires so has been rebuilt for php-5.5.23.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://php.net/ChangeLog-5.php#5.5.9 http://php.net/ChangeLog-5.php#5.5.10 http://php.net/ChangeLog-5.php#5.5.11 http://php.net/ChangeLog-5.php#5.5.12 http://php.net/ChangeLog-5.php#5.5.13 http://php.net/ChangeLog-5.php#5.5.14 http://php.net/ChangeLog-5.php#5.5.15 http://php.net/ChangeLog-5.php#5.5.16 http://php.net/ChangeLog-5.php#5.5.17 http://php.net/ChangeLog-5.php#5.5.18 http://php.net/ChangeLog-5.php#5.5.19 http://php.net/ChangeLog-5.php#5.5.20 http://php.net/ChangeLog-5.php#5.5.21 http://php.net/ChangeLog-5.php#5.5.22 http://php.net/ChangeLog-5.php#5.5.22 http://php.net/ChangeLog-5.php#5.5.23 http://www.ubuntu.com/usn/usn-2535-1/ http://www.ubuntu.com/usn/usn-2501-1/ https://bugzilla.redhat.com/show_bug.cgi?id=1204676 http://advisories.mageia.org/MGASA-2014-0163.html http://advisories.mageia.org/MGASA-2014-0178.html http://advisories.mageia.org/MGASA-2014-0215.html http://advisories.mageia.org/MGASA-2014-0258.html http://advisories.mageia.org/MGASA-2014-0284.html http://advisories.mageia.org/MGASA-2014-0324.html http://advisories.mageia.org/MGASA-2014-0367.html http://advisories.mageia.org/MGASA-2014-0430.html http://advisories.mageia.org/MGASA-2014-0441.html http://advisories.mageia.org/MGASA-2014-0542.html http://advisories.mageia.org/MGASA-2015-0040.html https://bugs.mageia.org/show_bug.cgi?id=13820


Updated Packages:

Mandriva Business Server 2/X86_64: a4e09575e26b690bd44801a126795ce9 mbs2/x86_64/apache-mod_php-5.5.23-1.mbs2.x86_64.rpm e156aaf446f543279f758b767e5ce6f2 mbs2/x86_64/lib64php5_common5-5.5.23-1.mbs2.x86_64.rpm cf1653dd6b3606ff8983739fe7728502 mbs2/x86_64/lib64zip2-0.11.2-1.1.mbs2.x86_64.rpm 2ed6c588ca428a502ab995726d497527 mbs2/x86_64/lib64zip-devel-0.11.2-1.1.mbs2.x86_64.rpm 91fd4a50d38c904247519a34f71ac9a7 mbs2/x86_64/libzip-0.11.2-1.1.mbs2.x86_64.rpm 0fad2aa8ca3bed422588c7d7c349e3e7 mbs2/x86_64/php-bcmath-5.5.23-1.mbs2.x86_64.rpm b797a14554b170f1f2c307eebd5011ce mbs2/x86_64/php-bz2-5.5.23-1.mbs2.x86_64.rpm 83abadd87c78c719b585acbfcbf1f54a mbs2/x86_64/php-calendar-5.5.23-1.mbs2.x86_64.rpm 71b728b5c58335c37e9ee059a98179b5 mbs2/x86_64/php-cgi-5.5.23-1.mbs2.x86_64.rpm d6047e2545b396ad29b2619c3d811b49 mbs2/x86_64/php-cli-5.5.23-1.mbs2.x86_64.rpm 933344ca17f96bd844db47c993b8ce1a mbs2/x86_64/php-ctype-5.5.23-1.mbs2.x86_64.rpm 0278a991ed7a7ea1d51c6651b1157744 mbs2/x86_64/php-curl-5.5.23-1.mbs2.x86_64.rpm a3f172d95d061f6a2ba9ce562f1068ac mbs2/x86_64/php-dba-5.5.23-1.mbs2.x86_64.rpm d239cccc6594bfe8169c0b5300ca1dd0 mbs2/x86_64/php-devel-5.5.23-1.mbs2.x86_64.rpm 73a234b9c369a20c349fca7f425b405a mbs2/x86_64/php-doc-5.5.23-1.mbs2.noarch.rpm ab4caa5f1a397e2f267479f08616d027 mbs2/x86_64/php-dom-5.5.23-1.mbs2.x86_64.rpm 016b8d010a1866935f2a6889b712300c mbs2/x86_64/php-enchant-5.5.23-1.mbs2.x86_64.rpm f9bd5f358336ea8a997f85f4d690fd40 mbs2/x86_64/php-exif-5.5.23-1.mbs2.x86_64.rpm 9f0ef885d5e7abb84c1b0c6242bd1a54 mbs2/x86_64/php-fileinfo-5.5.23-1.mbs2.x86_64.rpm f551fc699944abdbd78cd1f74e1db713 mbs2/x86_64/php-filter-5.5.23-1.mbs2.x86_64.rpm 10c6ad89a0707acdff025ee0166b4361 mbs2/x86_64/php-fpm-5.5.23-1.mbs2.x86_64.rpm fad5946e3ff8bf1d3b7215fee229b934 mbs2/x86_64/php-ftp-5.5.23-1.mbs2.x86_64.rpm c74071a614cc4f8d5ac612736264aad2 mbs2/x86_64/php-gd-5.5.23-1.mbs2.x86_64.rpm 788e0972b5aa918a0c8ce2b0e30270a6 mbs2/x86_64/php-gettext-5.5.23-1.mbs2.x86_64.rpm 996120d4c1fa233bdb38aedf0718f593 mbs2/x86_64/php-gmp-5.5.23-1.mbs2.x86_64.rpm e032d9a3c8e078242347623f1ff51b5a mbs2/x86_64/php-hash-5.5.23-1.mbs2.x86_64.rpm c1da3a1898b05995091ad1c2237bdf6a mbs2/x86_64/php-iconv-5.5.23-1.mbs2.x86_64.rpm 37b4a5d86006024878d397a8478d5a42 mbs2/x86_64/php-imap-5.5.23-1.mbs2.x86_64.rpm bd10d9a55ee8db73b4d80dae1e14e4e0 mbs2/x86_64/php-ini-5.5.23-1.mbs2.x86_64.rpm 4cb54cd72bd26728bb29f5d00a5174af mbs2/x86_64/php-interbase-5.5.23-1.mbs2.x86_64.rpm 2713dca82ad94d88b379db3fa012ed2d mbs2/x86_64/php-intl-5.5.23-1.mbs2.x86_64.rpm f0a9187b81e038400dae4e01123b751c mbs2/x86_64/php-json-5.5.23-1.mbs2.x86_64.rpm c395a0cb573d9432c9e4c2a4b92d1d0f mbs2/x86_64/php-ldap-5.5.23-1.mbs2.x86_64.rpm f2374e34b874072d2268acf1c72b383a mbs2/x86_64/php-mbstring-5.5.23-1.mbs2.x86_64.rpm 7ca3ce3a9464933af1a147c206c25d0d mbs2/x86_64/php-mcrypt-5.5.23-1.mbs2.x86_64.rpm dbe828f1c2caa3eef932fc0c14a7e2e9 mbs2/x86_64/php-mssql-5.5.23-1.mbs2.x86_64.rpm 995e9f09906309252d850618c3fffaa6 mbs2/x86_64/php-mysql-5.5.23-1.mbs2.x86_64.rpm c474c1f1dc45f14ea5357092277d2f22 mbs2/x86_64/php-mysqli-5.5.23-1.mbs2.x86_64.rpm cdcb4872386b83ef3969f918bf99f941 mbs2/x86_64/php-mysqlnd-5.5.23-1.mbs2.x86_64.rpm cbb1652273fb07f216c50b8d1b5445c2 mbs2/x86_64/php-odbc-5.5.23-1.mbs2.x86_64.rpm 29ab61a3d1d00ad57c875d87b62d2e12 mbs2/x86_64/php-opcache-5.5.23-1.mbs2.x86_64.rpm 349f796a960ef2207b30a06e386f2653 mbs2/x86_64/php-openssl-5.5.23-1.mbs2.x86_64.rpm 7a7411900384da8741e32a3f6f8036c2 mbs2/x86_64/php-pcntl-5.5.23-1.mbs2.x86_64.rpm ba3b14e45177b257ada03f7ff4b16deb mbs2/x86_64/php-pdo-5.5.23-1.mbs2.x86_64.rpm ae5b57dbff67c7595e154313321ff693 mbs2/x86_64/php-pdo_dblib-5.5.23-1.mbs2.x86_64.rpm 8782f71797f7cb271a514b735b19621a mbs2/x86_64/php-pdo_firebird-5.5.23-1.mbs2.x86_64.rpm ac39db58d4100f3d2d24593d3b5907fc mbs2/x86_64/php-pdo_mysql-5.5.23-1.mbs2.x86_64.rpm 210b990793c2d616fb0aecc4fde28eb6 mbs2/x86_64/php-pdo_odbc-5.5.23-1.mbs2.x86_64.rpm 6ae4df7959ddd3a8a0724ddddbe41a71 mbs2/x86_64/php-pdo_pgsql-5.5.23-1.mbs2.x86_64.rpm 1f9bdab81fa668dd583abe873892993e mbs2/x86_64/php-pdo_sqlite-5.5.23-1.mbs2.x86_64.rpm f0cbb5dde255f5c8fa3e04e3a5314ab1 mbs2/x86_64/php-pgsql-5.5.23-1.mbs2.x86_64.rpm e46ac8c820911a6091540e135f103154 mbs2/x86_64/php-phar-5.5.23-1.mbs2.x86_64.rpm 5050a745bfc3b1f5eeced2dd85f79721 mbs2/x86_64/php-posix-5.5.23-1.mbs2.x86_64.rpm c9093134a518c07f4e8a188987f853d3 mbs2/x86_64/php-readline-5.5.23-1.mbs2.x86_64.rpm 2b48c3f35573e00b5ba4327e8edc05f2 mbs2/x86_64/php-recode-5.5.23-1.mbs2.x86_64.rpm ae2157230db4d6e28698db384c8f7fcb mbs2/x86_64/php-session-5.5.23-1.mbs2.x86_64.rpm 2610a739bfa29ff11e648c7baa1d8bc3 mbs2/x86_64/php-shmop-5.5.23-1.mbs2.x86_64.rpm b7999e11cf9d2ab510263e32cabaf312 mbs2/x86_64/php-snmp-5.5.23-1.mbs2.x86_64.rpm ab665c30f0d2f13baa1c6475b7df7cac mbs2/x86_64/php-soap-5.5.23-1.mbs2.x86_64.rpm f331837ba716316cef094765a1700101 mbs2/x86_64/php-sockets-5.5.23-1.mbs2.x86_64.rpm 134f8bb18790bd023e73919a794703a0 mbs2/x86_64/php-sqlite3-5.5.23-1.mbs2.x86_64.rpm 4b4aa44d0ac56629610bb0444f199df5 mbs2/x86_64/php-sybase_ct-5.5.23-1.mbs2.x86_64.rpm fc69f644f36308d81f37f356b76e40a1 mbs2/x86_64/php-sysvmsg-5.5.23-1.mbs2.x86_64.rpm 981b7ef6715aacfe9250b206dbbbad31 mbs2/x86_64/php-sysvsem-5.5.23-1.mbs2.x86_64.rpm 91c006555173d03f1d25899947702673 mbs2/x86_64/php-sysvshm-5.5.23-1.mbs2.x86_64.rpm 62e5fa5fa8b4d89d7835f2f68169af14 mbs2/x86_64/php-tidy-5.5.23-1.mbs2.x86_64.rpm 0c5a9237c710dd098c8bb56018f7a142 mbs2/x86_64/php-timezonedb-2015.1-1.mbs2.x86_64.rpm d94aa68a9ce76bce5c962c58f37ac5a5 mbs2/x86_64/php-tokenizer-5.5.23-1.mbs2.x86_64.rpm 317c7da32daa223560dc08bbae89d98d mbs2/x86_64/php-wddx-5.5.23-1.mbs2.x86_64.rpm 9b2cf90dfc6f6bdc0431a6f94d43a947 mbs2/x86_64/php-xml-5.5.23-1.mbs2.x86_64.rpm 0a1b6e0beeb36f24f9250a352fbff1e9 mbs2/x86_64/php-xmlreader-5.5.23-1.mbs2.x86_64.rpm 598925bc71347774e805b6fcfcbcf590 mbs2/x86_64/php-xmlrpc-5.5.23-1.mbs2.x86_64.rpm 49a1f8e773e98bb101488b805670651c mbs2/x86_64/php-xmlwriter-5.5.23-1.mbs2.x86_64.rpm 0b7c2f2fe7b3103631dd07d12d443e06 mbs2/x86_64/php-xsl-5.5.23-1.mbs2.x86_64.rpm 5cb68626d863213de934655dac8342c8 mbs2/x86_64/php-zip-5.5.23-1.mbs2.x86_64.rpm a27bab106c0ba87f220ff35937210a63 mbs2/x86_64/php-zlib-5.5.23-1.mbs2.x86_64.rpm 3dd6a6eeb12c7207446053e4785d6974 mbs2/SRPMS/libzip-0.11.2-1.1.mbs2.src.rpm 5d69769d822628a5bf1485eaa1251b8e mbs2/SRPMS/php-5.5.23-1.mbs2.src.rpm 0a629c11ca23ba56d57f61a754def293 mbs2/SRPMS/php-timezonedb-2015.1-1.mbs2.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: php55 security and bug fix update Advisory ID: RHSA-2015:1053-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1053.html Issue date: 2015-06-04 CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 CVE-2015-2787 CVE-2015-4147 CVE-2015-4148 =====================================================================

  1. Summary:

Updated php55 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities.

The php55 packages have been upgraded to upstream version 5.5.21, which provides multiple bug fixes over the version shipped in Red Hat Software Collections 1. (BZ#1057089)

The following security issues were fixed in the php55-php component:

An uninitialized pointer use flaw was found in PHP's Exif extension. (CVE-2014-9705)

A heap buffer overflow flaw was found in PHP's regular expression extension. (CVE-2015-2305)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. An attacker able to trigger certain error condition in phar archive processing could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-9652)

It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. (CVE-2015-1352)

A flaw was found in the way PHP handled malformed source files when running in CGI mode.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm

x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):

Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm

x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm

x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm

x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: php55-2.0-1.el7.src.rpm php55-php-5.5.21-2.el7.src.rpm

x86_64: php55-2.0-1.el7.x86_64.rpm php55-php-5.5.21-2.el7.x86_64.rpm php55-php-bcmath-5.5.21-2.el7.x86_64.rpm php55-php-cli-5.5.21-2.el7.x86_64.rpm php55-php-common-5.5.21-2.el7.x86_64.rpm php55-php-dba-5.5.21-2.el7.x86_64.rpm php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm php55-php-devel-5.5.21-2.el7.x86_64.rpm php55-php-enchant-5.5.21-2.el7.x86_64.rpm php55-php-fpm-5.5.21-2.el7.x86_64.rpm php55-php-gd-5.5.21-2.el7.x86_64.rpm php55-php-gmp-5.5.21-2.el7.x86_64.rpm php55-php-intl-5.5.21-2.el7.x86_64.rpm php55-php-ldap-5.5.21-2.el7.x86_64.rpm php55-php-mbstring-5.5.21-2.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm php55-php-odbc-5.5.21-2.el7.x86_64.rpm php55-php-opcache-5.5.21-2.el7.x86_64.rpm php55-php-pdo-5.5.21-2.el7.x86_64.rpm php55-php-pgsql-5.5.21-2.el7.x86_64.rpm php55-php-process-5.5.21-2.el7.x86_64.rpm php55-php-pspell-5.5.21-2.el7.x86_64.rpm php55-php-recode-5.5.21-2.el7.x86_64.rpm php55-php-snmp-5.5.21-2.el7.x86_64.rpm php55-php-soap-5.5.21-2.el7.x86_64.rpm php55-php-xml-5.5.21-2.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm php55-runtime-2.0-1.el7.x86_64.rpm php55-scldevel-2.0-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9427 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-1351 https://access.redhat.com/security/cve/CVE-2015-1352 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2305 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVcBWDXlSAg2UNWIIRAnzoAJ9qn4wDNXMD8JU1N7k7nEzKlPpGDwCgi0Si MD3ZncY/P8Pl6+DgQxJQCjo= =MxfY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0389",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.24"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.7"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 thats all  10.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "71932"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1352"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.8",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.40",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.24",
                "versionStartIncluding": "5.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1352"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Joshua Rogers",
    "sources": [
      {
        "db": "BID",
        "id": "71932"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-1352",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1352",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-79313",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1352",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201501-212",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79313",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1352",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79313"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1352"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. http://cwe.mitre.org/data/definitions/476.htmlService disruption through a crafted name by a third party (NULL Pointer dereference and application crash ) There is a possibility of being put into a state. PHP is prone to a denial-of-service vulnerability due to a Null-pointer deference condition. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. PostgreSQL (aka pgsql) is one of the object-relational database management system extensions. The vulnerability is caused by the program not correctly validating the \u0027token\u0027 parameter extraction of the form name. ============================================================================\nUbuntu Security Notice USN-2501-1\nFebruary 17, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 14.10. This issue only\naffected Ubuntu 14.04 LTS and Ubuntu 14.10. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and\nUbuntu 14.10. (CVE-2015-1352)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.2\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.2\n  php5-cli                        5.5.12+dfsg-2ubuntu4.2\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.2\n  php5-pgsql                      5.5.12+dfsg-2ubuntu4.2\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.6\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.6\n  php5-cli                        5.5.9+dfsg-1ubuntu4.6\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.6\n  php5-pgsql                      5.5.9+dfsg-1ubuntu4.6\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.16\n  php5-cgi                        5.3.10-1ubuntu3.16\n  php5-cli                        5.3.10-1ubuntu3.16\n  php5-fpm                        5.3.10-1ubuntu3.16\n  php5-pgsql                      5.3.10-1ubuntu3.16\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-30-3 OS X El Capitan 10.11\n\nOS X El Capitan 10.11 is now available and addresses the following:\n\nAddress Book\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to inject arbitrary code to\nprocesses loading the Address Book framework\nDescription:  An issue existed in Address Book framework\u0027s handling\nof an environment variable. This issue was addressed through improved\nenvironment variable handling. \nCVE-ID\nCVE-2015-5897 : Dan Bastone of Gotham Digital Science\n\nAirScan\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker with a privileged network position may be able\nto extract payload from eSCL packets sent over a secure connection\nDescription:  An issue existed in the processing of eSCL packets. \nThis issue was addressed through improved validation checks. \nCVE-ID\nCVE-2015-5853 : an anonymous researcher\n\napache_mod_php\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.5.27, including one which may have led to remote code execution. \nThis issue was addressed by updating PHP to version 5.5.27. \nCVE-ID\nCVE-2014-9425\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9705\nCVE-2014-9709\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0235\nCVE-2015-0273\nCVE-2015-1351\nCVE-2015-1352\nCVE-2015-2301\nCVE-2015-2305\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2783\nCVE-2015-2787\nCVE-2015-3329\nCVE-2015-3330\n\nApple Online Store Kit\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may gain access to a user\u0027s keychain\nitems\nDescription:  An issue existed in validation of access control lists\nfor iCloud keychain items. This issue was addressed through improved\naccess control list checks. \nCVE-ID\nCVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of\nIndiana University, Tongxin Li of Peking University, Tongxin Li of\nPeking University, Xiaolong Bai of Tsinghua University\n\nAppleEvents\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A user connected through screen sharing can send Apple\nEvents to a local user\u0027s session\nDescription:  An issue existed with Apple Event filtering that\nallowed some users to send events to other users. This was addressed\nby improved Apple Event handling. \nCVE-ID\nCVE-2015-5849 : Jack Lawrence (@_jackhl)\n\nAudio\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription:  A memory corruption issue existed in the handling of\naudio files. This issue issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\n\nbash\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in bash\nDescription:  Multiple vulnerabilities existed in bash versions prior\nto 3.2 patch level 57. These issues were addressed by updating bash\nversion 3.2 to patch level 57. \nCVE-ID\nCVE-2014-6277\nCVE-2014-7186\nCVE-2014-7187\n\nCertificate Trust Policy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork Cookies\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription:  A cross-domain cookie issue existed in the handling of\ntop level domains. The issue was address through improved\nrestrictions of cookie creation. \nCVE-ID\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork FTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Malicious FTP servers may be able to cause the client to\nperform reconnaissance on other hosts\nDescription:  An issue existed in the handling of FTP packets when\nusing the PASV command. This issue was resolved through improved\nvalidation. \nCVE-ID\nCVE-2015-5912 : Amit Klein\n\nCFNetwork HTTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A maliciously crafted URL may be able to bypass HSTS and\nleak sensitive data\nDescription:  A URL parsing vulnerability existed in HSTS handling. \nThis issue was addressed through improved URL parsing. \nCVE-ID\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork HTTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription:  An issue existed in the handling of HSTS state in\nSafari private browsing mode. This issue was addressed through\nimproved state handling. \nCVE-ID\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\n\nCFNetwork Proxies\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Connecting to a malicious web proxy may set malicious\ncookies for a website\nDescription:  An issue existed in the handling of proxy connect\nresponses. This issue was addressed by removing the set-cookie header\nwhile parsing the connect response. \nCVE-ID\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork SSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  A certificate validation issue existed in NSURL when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-ID\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\n\nCFNetwork SSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of RC4. \nAn attacker could force the use of RC4, even if the server preferred\nbetter ciphers, by blocking TLS 1.0 and higher connections until\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\naddressed by removing the fallback to SSL 3.0. \n\nCoreCrypto\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to determine a private key\nDescription:  By observing many signing or decryption attempts, an\nattacker may have been able to determine the RSA private key. This\nissue was addressed using improved encryption algorithms. \n\nCoreText\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\nDev Tools\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in dyld. This was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-5876 : beist of grayhash\n\nDev Tools\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : @PanguTeam\n\nDisk Images\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in DiskImages. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\n\ndyld\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : TaiG Jailbreak Team\n\nEFI\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application can prevent some systems from\nbooting\nDescription:  An issue existed with the addresses covered by the\nprotected range register. This issue was fixed by changing the\nprotected range. \nCVE-ID\nCVE-2015-5900 : Xeno Kovah \u0026 Corey Kallenberg from LegbaCore\n\nEFI\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious Apple Ethernet Thunderbolt adapter may be able\nto affect firmware flashing\nDescription:  Apple Ethernet Thunderbolt adapters could modify the\nhost firmware if connected during an EFI update. This issue was\naddressed by not loading option ROMs during updates. \nCVE-ID\nCVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare\n\nFinder\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The \"Secure Empty Trash\" feature may not securely delete\nfiles placed in the Trash\nDescription:  An issue existed in guaranteeing secure deletion of\nTrash files on some systems, such as those with flash storage. This\nissue was addressed by removing the \"Secure Empty Trash\" option. \nCVE-ID\nCVE-2015-5901 : Apple\n\nGame Center\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious Game Center application may be able to access a\nplayer\u0027s email address\nDescription:  An issue existed in Game Center in the handling of a\nplayer\u0027s email. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2015-5855 : Nasser Alnasser\n\nHeimdal\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to replay Kerberos credentials to\nthe SMB server\nDescription:  An authentication issue existed in Kerberos\ncredentials. This issue was addressed through additional validation\nof credentials using a list of recently seen credentials. \nCVE-ID\nCVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu\nFan of Microsoft Corporation, China\n\nICU\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in ICU\nDescription:  Multiple vulnerabilities existed in ICU versions prior\nto 53.1.0. These issues were addressed by updating ICU to version\n55.1. \nCVE-ID\nCVE-2014-8146\nCVE-2014-8147\nCVE-2015-5922\n\nInstall Framework Legacy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to gain root privileges\nDescription:  A restriction issue existed in the Install private\nframework containing a privileged executable. This issue was\naddressed by removing the executable. \nCVE-ID\nCVE-2015-5888 : Apple\n\nIntel Graphics Driver\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Multiple memory corruption issues existed in the Intel\nGraphics Driver. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5830 : Yuki MIZUNO (@mzyy94)\nCVE-2015-5877 : Camillus Gerard Cai\n\nIOAudioFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in IOAudioFamily that led to the\ndisclosure of kernel memory content. This issue was addressed by\npermuting kernel pointers. \nCVE-ID\nCVE-2015-5864 : Luca Todesco\n\nIOGraphics\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nkernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5871 : Ilja van Sprundel of IOActive\nCVE-2015-5872 : Ilja van Sprundel of IOActive\nCVE-2015-5873 : Ilja van Sprundel of IOActive\nCVE-2015-5890 : Ilja van Sprundel of IOActive\n\nIOGraphics\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in IOGraphics which could have led to\nthe disclosure of kernel memory layout. This issue was addressed\nthrough improved memory management. \nCVE-ID\nCVE-2015-5865 : Luca Todesco\n\nIOHIDFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple memory corruption issues existed in\nIOHIDFamily. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5866 : Apple\nCVE-2015-5867 : moony li of Trend Micro\n\nIOStorageFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to read kernel memory\nDescription:  A memory initialization issue existed in the kernel. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5863 : Ilja van Sprundel of IOActive\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nKernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\nCVE-2015-5896 : Maxime Villard of m00nbsd\nCVE-2015-5903 : CESG\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local process can modify other processes without\nentitlement checks\nDescription:  An issue existed where root processes using the\nprocessor_set_tasks API were allowed to retrieve the task ports of\nother processes. This issue was addressed through additional\nentitlement checks. \nCVE-ID\nCVE-2015-5882 : Pedro Vilaca, working from original research by\nMing-chieh Pan and Sung-ting Tsai; Jonathan Levin\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may control the value of stack cookies\nDescription:  Multiple weaknesses existed in the generation of user\nspace stack cookies. These issues were addressed through improved\ngeneration of stack cookies. \nCVE-ID\nCVE-2013-3951 : Stefan Esser\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to launch denial of service attacks\non targeted TCP connections without knowing the correct sequence\nnumber\nDescription:  An issue existed in xnu\u0027s validation of TCP packet\nheaders. This issue was addressed through improved TCP packet header\nvalidation. \nCVE-ID\nCVE-2015-5879 : Jonathan Looney\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a local LAN segment may disable IPv6 routing\nDescription:  An insufficient validation issue existed in the\nhandling of IPv6 router advertisements that allowed an attacker to\nset the hop limit to an arbitrary value. This issue was addressed by\nenforcing a minimum hop limit. \nCVE-ID\nCVE-2015-5869 : Dennis Spindel Ljungmark\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed that led to the disclosure of kernel\nmemory layout. This was addressed through improved initialization of\nkernel memory structures. \nCVE-ID\nCVE-2015-5842 : beist of grayhash\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in debugging interfaces that led to\nthe disclosure of memory content. This issue was addressed by\nsanitizing output from debugging interfaces. \nCVE-ID\nCVE-2015-5870 : Apple\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A state management issue existed in debugging\nfunctionality. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team\n\nlibc\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\nCorporation\n\nlibpthread\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\n\nlibxpc\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Many SSH connections could cause a denial of service\nDescription:  launchd had no limit on the number of processes that\ncould be started by a network connection. This issue was addressed by\nlimiting the number of SSH processes to 40. \nCVE-ID\nCVE-2015-5881 : Apple\n\nLogin Window\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The screen lock may not engage after the specified time\nperiod\nDescription:  An issue existed with captured display locking. The\nissue was addressed through improved lock handling. \nCVE-ID\nCVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau\ninformationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni\nVaahtera, and an anonymous researcher\n\nlukemftpd\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A remote attacker may be able to deny service to the FTP\nserver\nDescription:  A glob-processing issue existed in tnftpd. This issue\nwas addressed through improved glob validation. \nCVE-ID\nCVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com\n\nMail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Printing an email may leak sensitive user information\nDescription:  An issue existed in Mail which bypassed user\npreferences when printing an email. This issue was addressed through\nimproved user preference enforcement. \nCVE-ID\nCVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,\nDennis Klein from Eschenburg, Germany, Jeff Hammett of Systim\nTechnology Partners\n\nMail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a privileged network position may be able to\nintercept attachments of S/MIME-encrypted e-mail sent via Mail Drop\nDescription:  An issue existed in handling encryption parameters for\nlarge email attachments sent via Mail Drop. The issue is addressed by\nno longer offering Mail Drop when sending an encrypted e-mail. \nCVE-ID\nCVE-2015-5884 : John McCombs of Integrated Mapping Ltd\n\nMultipeer Connectivity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to observe unprotected\nmultipeer data\nDescription:  An issue existed in convenience initializer handling in\nwhich encryption could be actively downgraded to a non-encrypted\nsession. This issue was addressed by changing the convenience\ninitializer to require encryption. \nCVE-ID\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\n\nNetworkExtension\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An uninitialized memory issue in the kernel led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved memory initialization. \nCVE-ID\nCVE-2015-5831 : Maxime Villard of m00nbsd\n\nNotes\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to leak sensitive user information\nDescription:  An issue existed in parsing links in the Notes\napplication. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher\n\nNotes\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to leak sensitive user information\nDescription:  A cross-site scripting issue existed in parsing text by\nthe Notes application. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2015-5875 : xisigr of Tencent\u0027s Xuanwu LAB (www.tencent.com)\n\nOpenSSH\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in OpenSSH\nDescription:  Multiple vulnerabilities existed in OpenSSH versions\nprior to 6.9. These issues were addressed by updating OpenSSH to\nversion 6.9. \nCVE-ID\nCVE-2014-2532\n\nOpenSSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-0286\nCVE-2015-0287\n\nprocmail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in procmail\nDescription:  Multiple vulnerabilities existed in procmail versions\nprior to 3.22. These issues were addressed by removing procmail. \nCVE-ID\nCVE-2014-3618\n\nremote_cmds\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with root\nprivileges\nDescription:  An issue existed in the usage of environment variables\nby the rsh binary. This issue was addressed by dropping setuid\nprivileges from the rsh binary. \nCVE-ID\nCVE-2015-5889 : Philip Pettersson\n\nremovefile\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Processing malicious data may lead to unexpected application\ntermination\nDescription:  An overflow fault existed in the checkint division\nroutines. This issue was addressed with improved division routines. \nCVE-ID\nCVE-2015-5840 : an anonymous researcher\n\nRuby\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in Ruby\nDescription:  Multiple vulnerabilities existed in Ruby versions prior\nto 2.0.0p645. These were addressed by updating Ruby to version\n2.0.0p645. \nCVE-ID\nCVE-2014-8080\nCVE-2014-8090\nCVE-2015-1855\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The lock state of the keychain may be incorrectly displayed\nto the user\nDescription:  A state management issue existed in the way keychain\nlock status was tracked. This issue was addressed through improved\nstate management. \nCVE-ID\nCVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,\nEric E. Lawrence, Apple\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A trust evaluation configured to require revocation checking\nmay succeed even if revocation checking fails\nDescription:  The kSecRevocationRequirePositiveResponse flag was\nspecified but not implemented. This issue was addressed by\nimplementing the flag. \nCVE-ID\nCVE-2015-5894 : Hannes Oud of kWallet GmbH\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A remote server may prompt for a certificate before\nidentifying itself\nDescription:  Secure Transport accepted the CertificateRequest\nmessage before the ServerKeyExchange message. This issue was\naddressed by requiring the ServerKeyExchange first. \nCVE-ID\nCVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nINRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of\nMicrosoft Research, Pierre-Yves Strub of IMDEA Software Institute\n\nSMB\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5891 : Ilja van Sprundel of IOActive\n\nSMB\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in SMBClient that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-5893 : Ilja van Sprundel of IOActive\n\nSQLite\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in SQLite v3.8.5\nDescription:  Multiple vulnerabilities existed in SQLite v3.8.5. \nThese issues were addressed by updating SQLite to version 3.8.10.2. \nCVE-ID\nCVE-2015-3414\nCVE-2015-3415\nCVE-2015-3416\n\nTelephony\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker can place phone calls without the user\u0027s\nknowledge when using Continuity\nDescription:  An issue existed in the authorization checks for\nplacing phone calls. This issue was addressed through improved\nauthorization checks. \nCVE-ID\nCVE-2015-3785 : Dan Bastone of Gotham Digital Science\n\nTerminal\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Maliciously crafted text could mislead the user in Terminal\nDescription:  Terminal did not handle bidirectional override\ncharacters in the same way when displaying text and when selecting\ntext. This issue was addressed by suppressing bidirectional override\ncharacters in Terminal. \nCVE-ID\nCVE-2015-5883 : an anonymous researcher\n\ntidy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in tidy. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\n\nTime Machine\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may gain access to keychain items\nDescription:  An issue existed in backups by the Time Machine\nframework. This issue was addressed through improved coverage of Time\nMachine backups. \nCVE-ID\nCVE-2015-5854 : Jonas Magazinius of Assured AB\n\nNote:  OS X El Capitan 10.11 includes the security content of\nSafari 9: https://support.apple.com/kb/HT205265. \n\nOS X El Capitan 10.11 may be obtained from the Mac App Store:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw\nS5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO\n/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6\nQhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54\nYJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop\nhpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O\nc3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR\n8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r\nN1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT\nfJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1\nnJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e\ng6jld/w5tPuCFhGucE7Z\n=XciV\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-06-10\nLast Updated: 2015-06-10\n\nPotential Security Impact: Remote denial of service (DoS), man-in-the-middle\n(MitM) attack, modification of data, local modification of data\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the HP-UX Apache\nWeb Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited\nremotely to create a Denial of Service (DoS) and other vulnerabilities. \n\nHP-UX B.11.31 running HP-UX Apache Web Server Suite v4.04 or earlier\n\nHP-UX B.11.31 running HP-UX Apache Web Server v2.2.15.22 or earlier\n\nHP-UX B.11.31 running Tomcat Servlet Engine v6.0.39.03 or earlier\n\nHP-UX B.11.31 running PHP v5.4.11.04 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-5704    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-0227    (AV:N/AC:L/Au:N/C:N/I:P/A:P)       6.4\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9709    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-1352    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-2305    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-2783    (AV:N/AC:M/Au:N/C:P/I:N/A:P)       5.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the\nvulnerabilities. \n\nThe updates are available for download from http://software.hp.com\n\nNOTE: HP-UX Web Server Suite v4.05 HPUXWSATW405 contains Apache v2.2.29.01,\nTomcat Servlet Engine 6.0.43.01, PHP 5.4.40.01, and Webmin v1.070.13\n\nHP-UX 11i Release\n Apache Depot name\n\nB.11.31 (11i v3 32-bit)\n HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot\n\nB.11.31 (11i v3 64-bit)\n HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v4.05 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.29.01 or subsequent\n\nhpuxws22TOMCAT.TOMCAT\naction: install revision C.6.0.43.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 10 June 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:080\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : php\n Date    : March 28, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in php:\n \n It was discovered that the file utility contains a flaw in the handling\n of indirect magic rules in the libmagic library, which leads to an\n infinite recursion when trying to determine the file type of certain\n files (CVE-2014-1943). \n \n A flaw was found in the way the file utility determined the type of\n Portable Executable (PE) format files, the executable format used on\n Windows. A malicious PE file could cause the file utility to crash or,\n potentially, execute arbitrary code (CVE-2014-2270). \n \n The BEGIN regular expression in the awk script detector in\n magic/Magdir/commands in file before 5.15 uses multiple wildcards\n with unlimited repetitions, which allows context-dependent attackers\n to cause a denial of service (CPU consumption) via a crafted ASCII\n file that triggers a large amount of backtracking, as demonstrated\n via a file with many newline characters (CVE-2013-7345). \n \n PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain\n socket with world-writable permissions by default, which allows any\n local user to connect to it and execute PHP scripts as the apache user\n (CVE-2014-0185). \n \n A flaw was found in the way file\u0026#039;s Composite Document Files (CDF)\n format parser handle CDF files with many summary info entries. \n The cdf_unpack_summary_info() function unnecessarily repeatedly read\n the info from the same offset.  This led to many file_printf() calls in\n cdf_file_property_info(), which caused file to use an excessive amount\n of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237). \n \n A flaw was found in the way file parsed property information from\n Composite Document Files (CDF) files.  A property entry with 0 elements\n triggers an infinite loop (CVE-2014-0238). \n \n The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type\n Confusion issue related to the SPL ArrayObject and SPLObjectStorage\n Types (CVE-2014-3515). \n \n It was discovered that PHP is vulnerable to a heap-based buffer\n overflow in the DNS TXT record parsing. A malicious server or\n man-in-the-middle attacker could possibly use this flaw to execute\n arbitrary code as the PHP interpreter if a PHP application uses\n dns_get_record() to perform a DNS query (CVE-2014-4049). \n \n A flaw was found in the way file parsed property information from\n Composite Document Files (CDF) files, where the mconvert() function did\n not correctly compute the truncated pascal string size (CVE-2014-3478). \n \n Multiple flaws were found in the way file parsed property information\n from Composite Document Files (CDF) files, due to insufficient boundary\n checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480,\n CVE-2014-3487). \n \n The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type\n Confusion issue that can cause it to leak arbitrary process memory\n (CVE-2014-4721). \n \n file before 5.19 does not properly restrict the amount of data read\n during a regex search, which allows remote attackers to cause a\n denial of service (CPU consumption) via a crafted file that triggers\n backtracking during processing of an awk rule, due to an incomplete\n fix for CVE-2013-7345 (CVE-2014-3538). NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2012-1571 (CVE-2014-3587). NOTE:\n this issue exists because of an incomplete fix for CVE-2014-4049\n (CVE-2014-3597). \n \n An integer overflow flaw in PHP\u0026#039;s unserialize() function was\n reported. If unserialize() were used on untrusted data, this\n issue could lead to a crash or potentially information disclosure\n (CVE-2014-3669). \n \n A heap corruption issue was reported in PHP\u0026#039;s exif_thumbnail()\n function. A specially-crafted JPEG image could cause the PHP\n interpreter to crash or, potentially, execute arbitrary code\n (CVE-2014-3670). \n \n If client-supplied input was passed to PHP\u0026#039;s cURL client as a URL to\n download, it could return local files from the server due to improper\n handling of null bytes (PHP#68089). \n \n An out-of-bounds read flaw was found in file\u0026#039;s donote() function in the\n way the file utility determined the note headers of a elf file. This\n could possibly lead to file executable crash (CVE-2014-3710). \n \n A use-after-free flaw was found in PHP unserialize().  An untrusted\n input could cause PHP interpreter to crash or, possibly, execute\n arbitrary code when processed using unserialize() (CVE-2014-8142). \n \n sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when\n mmap is used to read a .php file, does not properly consider the\n mapping\u0026#039;s length during processing of an invalid file that begins\n with a # character and lacks a newline character, which causes an\n out-of-bounds read and might allow remote attackers to obtain sensitive\n information from php-cgi process memory by leveraging the ability to\n upload a .php file or trigger unexpected code execution if a valid\n PHP script is present in memory locations adjacent to the mapping\n (CVE-2014-9427). \n \n Free called on an uninitialized pointer in php-exif in PHP before\n 5.5.21 (CVE-2015-0232). \n \n The readelf.c source file has been removed from PHP\u0026#039;s bundled copy of\n file\u0026#039;s libmagic, eliminating exposure to denial of service issues in\n ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620\n and CVE-2014-9621 in PHP\u0026#039;s fileinfo module. \n \n S. Paraschoudis discovered that PHP incorrectly handled memory in\n the enchant binding. \n \n Taoguang Chen discovered that PHP incorrectly handled unserializing\n objects. \n \n It was discovered that PHP incorrectly handled memory in the phar\n extension. \n \n Use-after-free vulnerability in the process_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before\n 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute\n arbitrary code via a crafted unserialize call that leverages improper\n handling of duplicate numerical keys within the serialized properties\n of an object. NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2014-8142 (CVE-2015-0231). \n \n An integer overflow flaw, leading to a heap-based buffer overflow,\n was found in the way libzip, which is embedded in PHP, processed\n certain ZIP archives. If an attacker were able to supply a specially\n crafted ZIP archive to an application using libzip, it could cause\n the application to crash or, possibly, execute arbitrary code\n (CVE-2015-2331). \n \n It was discovered that the PHP opcache component incorrectly handled\n memory. \n \n It was discovered that the PHP PostgreSQL database extension\n incorrectly handled certain pointers. \n \n PHP contains a bundled copy of the file utility\u0026#039;s libmagic library,\n so it was vulnerable to the libmagic issues. The libzip packages\n has been patched to address the CVE-2015-2331 flaw. \n \n A bug in the php zip extension that could cause a crash has been fixed\n (mga#13820)\n \n Additionally the jsonc and timezonedb packages has been upgraded to\n the latest versions and the PECL packages which requires so has been\n rebuilt for php-5.5.23. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n http://php.net/ChangeLog-5.php#5.5.9\n http://php.net/ChangeLog-5.php#5.5.10\n http://php.net/ChangeLog-5.php#5.5.11\n http://php.net/ChangeLog-5.php#5.5.12\n http://php.net/ChangeLog-5.php#5.5.13\n http://php.net/ChangeLog-5.php#5.5.14\n http://php.net/ChangeLog-5.php#5.5.15\n http://php.net/ChangeLog-5.php#5.5.16\n http://php.net/ChangeLog-5.php#5.5.17\n http://php.net/ChangeLog-5.php#5.5.18\n http://php.net/ChangeLog-5.php#5.5.19\n http://php.net/ChangeLog-5.php#5.5.20\n http://php.net/ChangeLog-5.php#5.5.21\n http://php.net/ChangeLog-5.php#5.5.22\n http://php.net/ChangeLog-5.php#5.5.22\n http://php.net/ChangeLog-5.php#5.5.23\n http://www.ubuntu.com/usn/usn-2535-1/\n http://www.ubuntu.com/usn/usn-2501-1/\n https://bugzilla.redhat.com/show_bug.cgi?id=1204676\n http://advisories.mageia.org/MGASA-2014-0163.html\n http://advisories.mageia.org/MGASA-2014-0178.html\n http://advisories.mageia.org/MGASA-2014-0215.html\n http://advisories.mageia.org/MGASA-2014-0258.html\n http://advisories.mageia.org/MGASA-2014-0284.html\n http://advisories.mageia.org/MGASA-2014-0324.html\n http://advisories.mageia.org/MGASA-2014-0367.html\n http://advisories.mageia.org/MGASA-2014-0430.html\n http://advisories.mageia.org/MGASA-2014-0441.html\n http://advisories.mageia.org/MGASA-2014-0542.html\n http://advisories.mageia.org/MGASA-2015-0040.html\n https://bugs.mageia.org/show_bug.cgi?id=13820\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n a4e09575e26b690bd44801a126795ce9  mbs2/x86_64/apache-mod_php-5.5.23-1.mbs2.x86_64.rpm\n e156aaf446f543279f758b767e5ce6f2  mbs2/x86_64/lib64php5_common5-5.5.23-1.mbs2.x86_64.rpm\n cf1653dd6b3606ff8983739fe7728502  mbs2/x86_64/lib64zip2-0.11.2-1.1.mbs2.x86_64.rpm\n 2ed6c588ca428a502ab995726d497527  mbs2/x86_64/lib64zip-devel-0.11.2-1.1.mbs2.x86_64.rpm\n 91fd4a50d38c904247519a34f71ac9a7  mbs2/x86_64/libzip-0.11.2-1.1.mbs2.x86_64.rpm\n 0fad2aa8ca3bed422588c7d7c349e3e7  mbs2/x86_64/php-bcmath-5.5.23-1.mbs2.x86_64.rpm\n b797a14554b170f1f2c307eebd5011ce  mbs2/x86_64/php-bz2-5.5.23-1.mbs2.x86_64.rpm\n 83abadd87c78c719b585acbfcbf1f54a  mbs2/x86_64/php-calendar-5.5.23-1.mbs2.x86_64.rpm\n 71b728b5c58335c37e9ee059a98179b5  mbs2/x86_64/php-cgi-5.5.23-1.mbs2.x86_64.rpm\n d6047e2545b396ad29b2619c3d811b49  mbs2/x86_64/php-cli-5.5.23-1.mbs2.x86_64.rpm\n 933344ca17f96bd844db47c993b8ce1a  mbs2/x86_64/php-ctype-5.5.23-1.mbs2.x86_64.rpm\n 0278a991ed7a7ea1d51c6651b1157744  mbs2/x86_64/php-curl-5.5.23-1.mbs2.x86_64.rpm\n a3f172d95d061f6a2ba9ce562f1068ac  mbs2/x86_64/php-dba-5.5.23-1.mbs2.x86_64.rpm\n d239cccc6594bfe8169c0b5300ca1dd0  mbs2/x86_64/php-devel-5.5.23-1.mbs2.x86_64.rpm\n 73a234b9c369a20c349fca7f425b405a  mbs2/x86_64/php-doc-5.5.23-1.mbs2.noarch.rpm\n ab4caa5f1a397e2f267479f08616d027  mbs2/x86_64/php-dom-5.5.23-1.mbs2.x86_64.rpm\n 016b8d010a1866935f2a6889b712300c  mbs2/x86_64/php-enchant-5.5.23-1.mbs2.x86_64.rpm\n f9bd5f358336ea8a997f85f4d690fd40  mbs2/x86_64/php-exif-5.5.23-1.mbs2.x86_64.rpm\n 9f0ef885d5e7abb84c1b0c6242bd1a54  mbs2/x86_64/php-fileinfo-5.5.23-1.mbs2.x86_64.rpm\n f551fc699944abdbd78cd1f74e1db713  mbs2/x86_64/php-filter-5.5.23-1.mbs2.x86_64.rpm\n 10c6ad89a0707acdff025ee0166b4361  mbs2/x86_64/php-fpm-5.5.23-1.mbs2.x86_64.rpm\n fad5946e3ff8bf1d3b7215fee229b934  mbs2/x86_64/php-ftp-5.5.23-1.mbs2.x86_64.rpm\n c74071a614cc4f8d5ac612736264aad2  mbs2/x86_64/php-gd-5.5.23-1.mbs2.x86_64.rpm\n 788e0972b5aa918a0c8ce2b0e30270a6  mbs2/x86_64/php-gettext-5.5.23-1.mbs2.x86_64.rpm\n 996120d4c1fa233bdb38aedf0718f593  mbs2/x86_64/php-gmp-5.5.23-1.mbs2.x86_64.rpm\n e032d9a3c8e078242347623f1ff51b5a  mbs2/x86_64/php-hash-5.5.23-1.mbs2.x86_64.rpm\n c1da3a1898b05995091ad1c2237bdf6a  mbs2/x86_64/php-iconv-5.5.23-1.mbs2.x86_64.rpm\n 37b4a5d86006024878d397a8478d5a42  mbs2/x86_64/php-imap-5.5.23-1.mbs2.x86_64.rpm\n bd10d9a55ee8db73b4d80dae1e14e4e0  mbs2/x86_64/php-ini-5.5.23-1.mbs2.x86_64.rpm\n 4cb54cd72bd26728bb29f5d00a5174af  mbs2/x86_64/php-interbase-5.5.23-1.mbs2.x86_64.rpm\n 2713dca82ad94d88b379db3fa012ed2d  mbs2/x86_64/php-intl-5.5.23-1.mbs2.x86_64.rpm\n f0a9187b81e038400dae4e01123b751c  mbs2/x86_64/php-json-5.5.23-1.mbs2.x86_64.rpm\n c395a0cb573d9432c9e4c2a4b92d1d0f  mbs2/x86_64/php-ldap-5.5.23-1.mbs2.x86_64.rpm\n f2374e34b874072d2268acf1c72b383a  mbs2/x86_64/php-mbstring-5.5.23-1.mbs2.x86_64.rpm\n 7ca3ce3a9464933af1a147c206c25d0d  mbs2/x86_64/php-mcrypt-5.5.23-1.mbs2.x86_64.rpm\n dbe828f1c2caa3eef932fc0c14a7e2e9  mbs2/x86_64/php-mssql-5.5.23-1.mbs2.x86_64.rpm\n 995e9f09906309252d850618c3fffaa6  mbs2/x86_64/php-mysql-5.5.23-1.mbs2.x86_64.rpm\n c474c1f1dc45f14ea5357092277d2f22  mbs2/x86_64/php-mysqli-5.5.23-1.mbs2.x86_64.rpm\n cdcb4872386b83ef3969f918bf99f941  mbs2/x86_64/php-mysqlnd-5.5.23-1.mbs2.x86_64.rpm\n cbb1652273fb07f216c50b8d1b5445c2  mbs2/x86_64/php-odbc-5.5.23-1.mbs2.x86_64.rpm\n 29ab61a3d1d00ad57c875d87b62d2e12  mbs2/x86_64/php-opcache-5.5.23-1.mbs2.x86_64.rpm\n 349f796a960ef2207b30a06e386f2653  mbs2/x86_64/php-openssl-5.5.23-1.mbs2.x86_64.rpm\n 7a7411900384da8741e32a3f6f8036c2  mbs2/x86_64/php-pcntl-5.5.23-1.mbs2.x86_64.rpm\n ba3b14e45177b257ada03f7ff4b16deb  mbs2/x86_64/php-pdo-5.5.23-1.mbs2.x86_64.rpm\n ae5b57dbff67c7595e154313321ff693  mbs2/x86_64/php-pdo_dblib-5.5.23-1.mbs2.x86_64.rpm\n 8782f71797f7cb271a514b735b19621a  mbs2/x86_64/php-pdo_firebird-5.5.23-1.mbs2.x86_64.rpm\n ac39db58d4100f3d2d24593d3b5907fc  mbs2/x86_64/php-pdo_mysql-5.5.23-1.mbs2.x86_64.rpm\n 210b990793c2d616fb0aecc4fde28eb6  mbs2/x86_64/php-pdo_odbc-5.5.23-1.mbs2.x86_64.rpm\n 6ae4df7959ddd3a8a0724ddddbe41a71  mbs2/x86_64/php-pdo_pgsql-5.5.23-1.mbs2.x86_64.rpm\n 1f9bdab81fa668dd583abe873892993e  mbs2/x86_64/php-pdo_sqlite-5.5.23-1.mbs2.x86_64.rpm\n f0cbb5dde255f5c8fa3e04e3a5314ab1  mbs2/x86_64/php-pgsql-5.5.23-1.mbs2.x86_64.rpm\n e46ac8c820911a6091540e135f103154  mbs2/x86_64/php-phar-5.5.23-1.mbs2.x86_64.rpm\n 5050a745bfc3b1f5eeced2dd85f79721  mbs2/x86_64/php-posix-5.5.23-1.mbs2.x86_64.rpm\n c9093134a518c07f4e8a188987f853d3  mbs2/x86_64/php-readline-5.5.23-1.mbs2.x86_64.rpm\n 2b48c3f35573e00b5ba4327e8edc05f2  mbs2/x86_64/php-recode-5.5.23-1.mbs2.x86_64.rpm\n ae2157230db4d6e28698db384c8f7fcb  mbs2/x86_64/php-session-5.5.23-1.mbs2.x86_64.rpm\n 2610a739bfa29ff11e648c7baa1d8bc3  mbs2/x86_64/php-shmop-5.5.23-1.mbs2.x86_64.rpm\n b7999e11cf9d2ab510263e32cabaf312  mbs2/x86_64/php-snmp-5.5.23-1.mbs2.x86_64.rpm\n ab665c30f0d2f13baa1c6475b7df7cac  mbs2/x86_64/php-soap-5.5.23-1.mbs2.x86_64.rpm\n f331837ba716316cef094765a1700101  mbs2/x86_64/php-sockets-5.5.23-1.mbs2.x86_64.rpm\n 134f8bb18790bd023e73919a794703a0  mbs2/x86_64/php-sqlite3-5.5.23-1.mbs2.x86_64.rpm\n 4b4aa44d0ac56629610bb0444f199df5  mbs2/x86_64/php-sybase_ct-5.5.23-1.mbs2.x86_64.rpm\n fc69f644f36308d81f37f356b76e40a1  mbs2/x86_64/php-sysvmsg-5.5.23-1.mbs2.x86_64.rpm\n 981b7ef6715aacfe9250b206dbbbad31  mbs2/x86_64/php-sysvsem-5.5.23-1.mbs2.x86_64.rpm\n 91c006555173d03f1d25899947702673  mbs2/x86_64/php-sysvshm-5.5.23-1.mbs2.x86_64.rpm\n 62e5fa5fa8b4d89d7835f2f68169af14  mbs2/x86_64/php-tidy-5.5.23-1.mbs2.x86_64.rpm\n 0c5a9237c710dd098c8bb56018f7a142  mbs2/x86_64/php-timezonedb-2015.1-1.mbs2.x86_64.rpm\n d94aa68a9ce76bce5c962c58f37ac5a5  mbs2/x86_64/php-tokenizer-5.5.23-1.mbs2.x86_64.rpm\n 317c7da32daa223560dc08bbae89d98d  mbs2/x86_64/php-wddx-5.5.23-1.mbs2.x86_64.rpm\n 9b2cf90dfc6f6bdc0431a6f94d43a947  mbs2/x86_64/php-xml-5.5.23-1.mbs2.x86_64.rpm\n 0a1b6e0beeb36f24f9250a352fbff1e9  mbs2/x86_64/php-xmlreader-5.5.23-1.mbs2.x86_64.rpm\n 598925bc71347774e805b6fcfcbcf590  mbs2/x86_64/php-xmlrpc-5.5.23-1.mbs2.x86_64.rpm\n 49a1f8e773e98bb101488b805670651c  mbs2/x86_64/php-xmlwriter-5.5.23-1.mbs2.x86_64.rpm\n 0b7c2f2fe7b3103631dd07d12d443e06  mbs2/x86_64/php-xsl-5.5.23-1.mbs2.x86_64.rpm\n 5cb68626d863213de934655dac8342c8  mbs2/x86_64/php-zip-5.5.23-1.mbs2.x86_64.rpm\n a27bab106c0ba87f220ff35937210a63  mbs2/x86_64/php-zlib-5.5.23-1.mbs2.x86_64.rpm \n 3dd6a6eeb12c7207446053e4785d6974  mbs2/SRPMS/libzip-0.11.2-1.1.mbs2.src.rpm\n 5d69769d822628a5bf1485eaa1251b8e  mbs2/SRPMS/php-5.5.23-1.mbs2.src.rpm\n 0a629c11ca23ba56d57f61a754def293  mbs2/SRPMS/php-timezonedb-2015.1-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: php55 security and bug fix update\nAdvisory ID:       RHSA-2015:1053-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1053.html\nIssue date:        2015-06-04\nCVE Names:         CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 \n                   CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 \n                   CVE-2015-0232 CVE-2015-0273 CVE-2015-1351 \n                   CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 \n                   CVE-2015-2348 CVE-2015-2787 CVE-2015-4147 \n                   CVE-2015-4148 \n=====================================================================\n\n1. Summary:\n\nUpdated php55 collection packages that fix multiple security issues and\nseveral bugs are now available as part of Red Hat Software Collections 2. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php55 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a\nnumber of additional utilities. \n\nThe php55 packages have been upgraded to upstream version 5.5.21, which\nprovides multiple bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1057089)\n\nThe following security issues were fixed in the php55-php component:\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. \n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP\u0027s regular expression\nextension. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. \nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. (CVE-2015-1352)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp55-2.0-1.el6.src.rpm\nphp55-php-5.5.21-2.el6.src.rpm\n\nx86_64:\nphp55-2.0-1.el6.x86_64.rpm\nphp55-php-5.5.21-2.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el6.x86_64.rpm\nphp55-php-cli-5.5.21-2.el6.x86_64.rpm\nphp55-php-common-5.5.21-2.el6.x86_64.rpm\nphp55-php-dba-5.5.21-2.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el6.x86_64.rpm\nphp55-php-devel-5.5.21-2.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el6.x86_64.rpm\nphp55-php-gd-5.5.21-2.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-imap-5.5.21-2.el6.x86_64.rpm\nphp55-php-intl-5.5.21-2.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el6.x86_64.rpm\nphp55-php-process-5.5.21-2.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el6.x86_64.rpm\nphp55-php-recode-5.5.21-2.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-soap-5.5.21-2.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-2.el6.x86_64.rpm\nphp55-php-xml-5.5.21-2.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm\nphp55-runtime-2.0-1.el6.x86_64.rpm\nphp55-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nphp55-2.0-1.el6.src.rpm\nphp55-php-5.5.21-2.el6.src.rpm\n\nx86_64:\nphp55-2.0-1.el6.x86_64.rpm\nphp55-php-5.5.21-2.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el6.x86_64.rpm\nphp55-php-cli-5.5.21-2.el6.x86_64.rpm\nphp55-php-common-5.5.21-2.el6.x86_64.rpm\nphp55-php-dba-5.5.21-2.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el6.x86_64.rpm\nphp55-php-devel-5.5.21-2.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el6.x86_64.rpm\nphp55-php-gd-5.5.21-2.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-imap-5.5.21-2.el6.x86_64.rpm\nphp55-php-intl-5.5.21-2.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el6.x86_64.rpm\nphp55-php-process-5.5.21-2.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el6.x86_64.rpm\nphp55-php-recode-5.5.21-2.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-soap-5.5.21-2.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-2.el6.x86_64.rpm\nphp55-php-xml-5.5.21-2.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm\nphp55-runtime-2.0-1.el6.x86_64.rpm\nphp55-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nphp55-2.0-1.el6.src.rpm\nphp55-php-5.5.21-2.el6.src.rpm\n\nx86_64:\nphp55-2.0-1.el6.x86_64.rpm\nphp55-php-5.5.21-2.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el6.x86_64.rpm\nphp55-php-cli-5.5.21-2.el6.x86_64.rpm\nphp55-php-common-5.5.21-2.el6.x86_64.rpm\nphp55-php-dba-5.5.21-2.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el6.x86_64.rpm\nphp55-php-devel-5.5.21-2.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el6.x86_64.rpm\nphp55-php-gd-5.5.21-2.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-imap-5.5.21-2.el6.x86_64.rpm\nphp55-php-intl-5.5.21-2.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el6.x86_64.rpm\nphp55-php-process-5.5.21-2.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el6.x86_64.rpm\nphp55-php-recode-5.5.21-2.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-soap-5.5.21-2.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-2.el6.x86_64.rpm\nphp55-php-xml-5.5.21-2.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm\nphp55-runtime-2.0-1.el6.x86_64.rpm\nphp55-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp55-2.0-1.el6.src.rpm\nphp55-php-5.5.21-2.el6.src.rpm\n\nx86_64:\nphp55-2.0-1.el6.x86_64.rpm\nphp55-php-5.5.21-2.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el6.x86_64.rpm\nphp55-php-cli-5.5.21-2.el6.x86_64.rpm\nphp55-php-common-5.5.21-2.el6.x86_64.rpm\nphp55-php-dba-5.5.21-2.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el6.x86_64.rpm\nphp55-php-devel-5.5.21-2.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el6.x86_64.rpm\nphp55-php-gd-5.5.21-2.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-imap-5.5.21-2.el6.x86_64.rpm\nphp55-php-intl-5.5.21-2.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el6.x86_64.rpm\nphp55-php-process-5.5.21-2.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el6.x86_64.rpm\nphp55-php-recode-5.5.21-2.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-soap-5.5.21-2.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-2.el6.x86_64.rpm\nphp55-php-xml-5.5.21-2.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm\nphp55-runtime-2.0-1.el6.x86_64.rpm\nphp55-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp55-2.0-1.el7.src.rpm\nphp55-php-5.5.21-2.el7.src.rpm\n\nx86_64:\nphp55-2.0-1.el7.x86_64.rpm\nphp55-php-5.5.21-2.el7.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el7.x86_64.rpm\nphp55-php-cli-5.5.21-2.el7.x86_64.rpm\nphp55-php-common-5.5.21-2.el7.x86_64.rpm\nphp55-php-dba-5.5.21-2.el7.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el7.x86_64.rpm\nphp55-php-devel-5.5.21-2.el7.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el7.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el7.x86_64.rpm\nphp55-php-gd-5.5.21-2.el7.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el7.x86_64.rpm\nphp55-php-intl-5.5.21-2.el7.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el7.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el7.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el7.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el7.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el7.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el7.x86_64.rpm\nphp55-php-process-5.5.21-2.el7.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el7.x86_64.rpm\nphp55-php-recode-5.5.21-2.el7.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el7.x86_64.rpm\nphp55-php-soap-5.5.21-2.el7.x86_64.rpm\nphp55-php-xml-5.5.21-2.el7.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm\nphp55-runtime-2.0-1.el7.x86_64.rpm\nphp55-scldevel-2.0-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9427\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-1351\nhttps://access.redhat.com/security/cve/CVE-2015-1352\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2305\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVcBWDXlSAg2UNWIIRAnzoAJ9qn4wDNXMD8JU1N7k7nEzKlPpGDwCgi0Si\nMD3ZncY/P8Pl6+DgQxJQCjo=\n=MxfY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      },
      {
        "db": "BID",
        "id": "71932"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79313"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1352"
      },
      {
        "db": "PACKETSTORM",
        "id": "130426"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "132263"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "131082"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1352",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "71932",
        "trust": 2.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/01/24/9",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002004",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-212",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-79313",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1352",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130426",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132263",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131082",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132158",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79313"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1352"
      },
      {
        "db": "BID",
        "id": "71932"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      },
      {
        "db": "PACKETSTORM",
        "id": "130426"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "132263"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "131082"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1352"
      }
    ]
  },
  "id": "VAR-201503-0389",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79313"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:51:05.137000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "Fixed bug #68739 #68740 #68741",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e"
      },
      {
        "title": "Bug #68741",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=68741"
      },
      {
        "title": "ext-pgsql-pgsql.c",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54714"
      },
      {
        "title": "Debian CVElist Bug Report Logs: php5: CVE-2015-1351",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4a1f4d160a6239471e5c7026a7718665"
      },
      {
        "title": "Debian CVElist Bug Report Logs: php5: CVE-2015-1352",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a47d493ff1cf56b778be5b859ca113d1"
      },
      {
        "title": "Red Hat: CVE-2015-1352",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1352"
      },
      {
        "title": "Debian CVElist Bug Report Logs: php5: CVE-2015-2331",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ba7729d0dba9bfe30fe987c59a0c7f95"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2501-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-510",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-510"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-511",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-511"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-509",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-509"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1352 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1352"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=68741"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/71932"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1053.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.8,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:079"
      },
      {
        "trust": 1.8,
        "url": "http://openwall.com/lists/oss-security/2015/01/24/9"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1352"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=124fb22a13fafa3648e4e15b4f207c7096d8155e"
      },
      {
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1352"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/oss-sec/2015/q1/90"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/apr/151"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04686230"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2331"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1352"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "http://www.ubuntu.com/usn/usn-2535-1/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2331"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1351"
      },
      {
        "trust": 0.2,
        "url": "http://php.net/changelog-5.php#5.5.22"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.ubuntu.com/usn/usn-2501-1/"
      },
      {
        "trust": 0.2,
        "url": "http://php.net/changelog-5.php#5.5.23"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204676"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143403519711434\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2501-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41307"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2501-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.16"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8080"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8090"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3951"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8147"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht205265."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8611"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://www.tencent.com)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0367.html"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.13"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.17"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3669"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.20"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.14"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.11"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8117"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4698"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9427"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.18"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0178.html"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0430.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3479"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.mageia.org/show_bug.cgi?id=13820"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.9"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4721"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3587"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3480"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0215.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8116"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0324.html"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0542.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4698"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0284.html"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.10"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8117"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3515"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8116"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.12"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9621"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0441.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4670"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4721"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2015-0040.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3538"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.16"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.15"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.21"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9620"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3670"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.19"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0163.html"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0258.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9427"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2305"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79313"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1352"
      },
      {
        "db": "BID",
        "id": "71932"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      },
      {
        "db": "PACKETSTORM",
        "id": "130426"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "132263"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "131082"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1352"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-79313"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1352"
      },
      {
        "db": "BID",
        "id": "71932"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      },
      {
        "db": "PACKETSTORM",
        "id": "130426"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "132263"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "131082"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1352"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79313"
      },
      {
        "date": "2015-03-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1352"
      },
      {
        "date": "2015-01-08T00:00:00",
        "db": "BID",
        "id": "71932"
      },
      {
        "date": "2015-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      },
      {
        "date": "2015-02-17T21:26:59",
        "db": "PACKETSTORM",
        "id": "130426"
      },
      {
        "date": "2015-10-01T16:33:47",
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "date": "2015-06-11T23:41:13",
        "db": "PACKETSTORM",
        "id": "132263"
      },
      {
        "date": "2015-03-30T21:16:25",
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "date": "2015-03-30T21:16:44",
        "db": "PACKETSTORM",
        "id": "131082"
      },
      {
        "date": "2015-06-04T16:12:40",
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "date": "2015-01-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      },
      {
        "date": "2015-03-30T10:59:08.770000",
        "db": "NVD",
        "id": "CVE-2015-1352"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79313"
      },
      {
        "date": "2022-11-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1352"
      },
      {
        "date": "2016-07-05T21:28:00",
        "db": "BID",
        "id": "71932"
      },
      {
        "date": "2015-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      },
      {
        "date": "2023-11-07T02:24:48.433000",
        "db": "NVD",
        "id": "CVE-2015-1352"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  PostgreSQL Service disruption in extensions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002004"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-212"
      }
    ],
    "trust": 0.6
  }
}

var-201503-0388
Vulnerability from variot

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlService disruption by a third party (DoS) There is a possibility of being affected unspecified, such as being in a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. OPcache is one of the extension components that improves PHP performance by storing the precompiled bytecode of PHP scripts in shared memory. ============================================================================ Ubuntu Security Notice USN-2501-1 February 17, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1352)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2 php5-cgi 5.5.12+dfsg-2ubuntu4.2 php5-cli 5.5.12+dfsg-2ubuntu4.2 php5-fpm 5.5.12+dfsg-2ubuntu4.2 php5-pgsql 5.5.12+dfsg-2ubuntu4.2

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6 php5-cgi 5.5.9+dfsg-1ubuntu4.6 php5-cli 5.5.9+dfsg-1ubuntu4.6 php5-fpm 5.5.9+dfsg-1ubuntu4.6 php5-pgsql 5.5.9+dfsg-1ubuntu4.6

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.16 php5-cgi 5.3.10-1ubuntu3.16 php5-cli 5.3.10-1ubuntu3.16 php5-fpm 5.3.10-1ubuntu3.16 php5-pgsql 5.3.10-1ubuntu3.16

In general, a standard system update will make all the necessary changes.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. This update fixes some security issues. Please note that this package build also moves the configuration files from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz

Slackware 14.1 package: 9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz

Slackware -current package: 30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz

Slackware x86_64 -current package: 1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.4.40-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11

OS X El Capitan 10.11 is now available and addresses the following:

Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issue existed in Address Book framework's handling of an environment variable. This issue was addressed through improved environment variable handling. CVE-ID CVE-2015-5897 : Dan Bastone of Gotham Digital Science

AirScan Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connection Description: An issue existed in the processing of eSCL packets. This issue was addressed through improved validation checks. CVE-ID CVE-2015-5853 : an anonymous researcher

apache_mod_php Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution. This issue was addressed by updating PHP to version 5.5.27. CVE-ID CVE-2014-9425 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330

Apple Online Store Kit Available for: Mac OS X v10.6.8 and later Impact: A malicious application may gain access to a user's keychain items Description: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University

AppleEvents Available for: Mac OS X v10.6.8 and later Impact: A user connected through screen sharing can send Apple Events to a local user's session Description: An issue existed with Apple Event filtering that allowed some users to send events to other users. This was addressed by improved Apple Event handling. CVE-ID CVE-2015-5849 : Jack Lawrence (@_jackhl)

Audio Available for: Mac OS X v10.6.8 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea

bash Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in bash Description: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. These issues were addressed by updating bash version 3.2 to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187

Certificate Trust Policy Available for: Mac OS X v10.6.8 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork Cookies Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork FTPProtocol Available for: Mac OS X v10.6.8 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in the handling of FTP packets when using the PASV command. This issue was resolved through improved validation. CVE-ID CVE-2015-5912 : Amit Klein

CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A maliciously crafted URL may be able to bypass HSTS and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd

CFNetwork Proxies Available for: Mac OS X v10.6.8 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group

CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.

CoreCrypto Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.

CoreText Available for: Mac OS X v10.6.8 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

Dev Tools Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash

Dev Tools Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam

Disk Images Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco

dyld Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : TaiG Jailbreak Team

EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious application can prevent some systems from booting Description: An issue existed with the addresses covered by the protected range register. This issue was fixed by changing the protected range. CVE-ID CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore

EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashing Description: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare

Finder Available for: Mac OS X v10.6.8 and later Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option. CVE-ID CVE-2015-5901 : Apple

Game Center Available for: Mac OS X v10.6.8 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser

Heimdal Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to replay Kerberos credentials to the SMB server Description: An authentication issue existed in Kerberos credentials. This issue was addressed through additional validation of credentials using a list of recently seen credentials. CVE-ID CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu Fan of Microsoft Corporation, China

ICU Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2014-8147 CVE-2015-5922

Install Framework Legacy Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to gain root privileges Description: A restriction issue existed in the Install private framework containing a privileged executable. This issue was addressed by removing the executable. CVE-ID CVE-2015-5888 : Apple

Intel Graphics Driver Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in the Intel Graphics Driver. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5830 : Yuki MIZUNO (@mzyy94) CVE-2015-5877 : Camillus Gerard Cai

IOAudioFamily Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOAudioFamily that led to the disclosure of kernel memory content. This issue was addressed by permuting kernel pointers. CVE-ID CVE-2015-5864 : Luca Todesco

IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5871 : Ilja van Sprundel of IOActive CVE-2015-5872 : Ilja van Sprundel of IOActive CVE-2015-5873 : Ilja van Sprundel of IOActive CVE-2015-5890 : Ilja van Sprundel of IOActive

IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOGraphics which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-5865 : Luca Todesco

IOHIDFamily Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5866 : Apple CVE-2015-5867 : moony li of Trend Micro

IOStorageFamily Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the Kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through additional entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. These issues were addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser

Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issue was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney

Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in the handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory layout. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in debugging interfaces that led to the disclosure of memory content. This issue was addressed by sanitizing output from debugging interfaces. CVE-ID CVE-2015-5870 : Apple

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to cause a system denial of service Description: A state management issue existed in debugging functionality. This issue was addressed through improved validation. CVE-ID CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team

libc Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation

libpthread Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team

libxpc Available for: Mac OS X v10.6.8 and later Impact: Many SSH connections could cause a denial of service Description: launchd had no limit on the number of processes that could be started by a network connection. This issue was addressed by limiting the number of SSH processes to 40. CVE-ID CVE-2015-5881 : Apple

Login Window Available for: Mac OS X v10.6.8 and later Impact: The screen lock may not engage after the specified time period Description: An issue existed with captured display locking. The issue was addressed through improved lock handling. CVE-ID CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher

lukemftpd Available for: Mac OS X v10.6.8 and later Impact: A remote attacker may be able to deny service to the FTP server Description: A glob-processing issue existed in tnftpd. This issue was addressed through improved glob validation. CVE-ID CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com

Mail Available for: Mac OS X v10.6.8 and later Impact: Printing an email may leak sensitive user information Description: An issue existed in Mail which bypassed user preferences when printing an email. This issue was addressed through improved user preference enforcement. CVE-ID CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners

Mail Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position may be able to intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop Description: An issue existed in handling encryption parameters for large email attachments sent via Mail Drop. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail. CVE-ID CVE-2015-5884 : John McCombs of Integrated Mapping Ltd

Multipeer Connectivity Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem

NetworkExtension Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd

Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: An issue existed in parsing links in the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher

Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: A cross-site scripting issue existed in parsing text by the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)

OpenSSH Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSH Description: Multiple vulnerabilities existed in OpenSSH versions prior to 6.9. These issues were addressed by updating OpenSSH to version 6.9. CVE-ID CVE-2014-2532

OpenSSL Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287

procmail Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in procmail Description: Multiple vulnerabilities existed in procmail versions prior to 3.22. These issues were addressed by removing procmail. CVE-ID CVE-2014-3618

remote_cmds Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with root privileges Description: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary. CVE-ID CVE-2015-5889 : Philip Pettersson

removefile Available for: Mac OS X v10.6.8 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher

Ruby Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in Ruby Description: Multiple vulnerabilities existed in Ruby versions prior to 2.0.0p645. These were addressed by updating Ruby to version 2.0.0p645. CVE-ID CVE-2014-8080 CVE-2014-8090 CVE-2015-1855

Security Available for: Mac OS X v10.6.8 and later Impact: The lock state of the keychain may be incorrectly displayed to the user Description: A state management issue existed in the way keychain lock status was tracked. This issue was addressed through improved state management. CVE-ID CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple

Security Available for: Mac OS X v10.6.8 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-5894 : Hannes Oud of kWallet GmbH

Security Available for: Mac OS X v10.6.8 and later Impact: A remote server may prompt for a certificate before identifying itself Description: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. This issue was addressed by requiring the ServerKeyExchange first. CVE-ID CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute

SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5891 : Ilja van Sprundel of IOActive

SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in SMBClient that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5893 : Ilja van Sprundel of IOActive

SQLite Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-3414 CVE-2015-3415 CVE-2015-3416

Telephony Available for: Mac OS X v10.6.8 and later Impact: A local attacker can place phone calls without the user's knowledge when using Continuity Description: An issue existed in the authorization checks for placing phone calls. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-3785 : Dan Bastone of Gotham Digital Science

Terminal Available for: Mac OS X v10.6.8 and later Impact: Maliciously crafted text could mislead the user in Terminal Description: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. This issue was addressed by suppressing bidirectional override characters in Terminal. CVE-ID CVE-2015-5883 : an anonymous researcher

tidy Available for: Mac OS X v10.6.8 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in tidy. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com

Time Machine Available for: Mac OS X v10.6.8 and later Impact: A local attacker may gain access to keychain items Description: An issue existed in backups by the Time Machine framework. This issue was addressed through improved coverage of Time Machine backups. CVE-ID CVE-2015-5854 : Jonas Magazinius of Assured AB

Note: OS X El Capitan 10.11 includes the security content of Safari 9: https://support.apple.com/kb/HT205265.

OS X El Capitan 10.11 may be obtained from the Mac App Store: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO /hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6 QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54 YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR 8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1 nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e g6jld/w5tPuCFhGucE7Z =XciV -----END PGP SIGNATURE----- .

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231).

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives.

It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. The libzip packages has been patched to address the CVE-2015-2331 flaw.

Additionally the php-xdebug package has been upgraded to the latest 2.3.2 and the PECL packages which requires so has been rebuilt for php-5.5.23. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: php55 security and bug fix update Advisory ID: RHSA-2015:1053-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1053.html Issue date: 2015-06-04 CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 CVE-2015-2787 CVE-2015-4147 CVE-2015-4148 =====================================================================

  1. Summary:

Updated php55 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities.

The php55 packages have been upgraded to upstream version 5.5.21, which provides multiple bug fixes over the version shipped in Red Hat Software Collections 1. (BZ#1057089)

The following security issues were fixed in the php55-php component:

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A heap buffer overflow flaw was found in PHP's regular expression extension. An attacker able to make PHP process a specially crafted regular expression pattern could cause it to crash and possibly execute arbitrary code. (CVE-2015-2305)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory. (CVE-2015-1351)

A use-after-free flaw was found in PHP's phar (PHP Archive) extension. An attacker able to trigger certain error condition in phar archive processing could possibly use this flaw to disclose certain portions of server memory. (CVE-2015-2301)

An ouf-of-bounds read flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker could cause a PHP application to crash if it used fileinfo to identify the type of the attacker-supplied file. (CVE-2014-9652)

It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348)

A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pg_insert() or pg_select() could cause a PHP application to crash. (CVE-2015-1352)

A flaw was found in the way PHP handled malformed source files when running in CGI mode. A specially crafted PHP file could cause PHP CGI to crash. (CVE-2014-9427)

All php55 users are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1132446 - php55-php-fpm misinterpreting error_log=syslog 1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1178736 - CVE-2014-9427 php: out of bounds read when parsing a crafted .php file 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1185900 - CVE-2015-1351 php: use after free in opcache extension 1185904 - CVE-2015-1352 php: NULL pointer dereference in pgsql extension 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1191049 - CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm

x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):

Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm

x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm

x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: php55-2.0-1.el6.src.rpm php55-php-5.5.21-2.el6.src.rpm

x86_64: php55-2.0-1.el6.x86_64.rpm php55-php-5.5.21-2.el6.x86_64.rpm php55-php-bcmath-5.5.21-2.el6.x86_64.rpm php55-php-cli-5.5.21-2.el6.x86_64.rpm php55-php-common-5.5.21-2.el6.x86_64.rpm php55-php-dba-5.5.21-2.el6.x86_64.rpm php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm php55-php-devel-5.5.21-2.el6.x86_64.rpm php55-php-enchant-5.5.21-2.el6.x86_64.rpm php55-php-fpm-5.5.21-2.el6.x86_64.rpm php55-php-gd-5.5.21-2.el6.x86_64.rpm php55-php-gmp-5.5.21-2.el6.x86_64.rpm php55-php-imap-5.5.21-2.el6.x86_64.rpm php55-php-intl-5.5.21-2.el6.x86_64.rpm php55-php-ldap-5.5.21-2.el6.x86_64.rpm php55-php-mbstring-5.5.21-2.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm php55-php-odbc-5.5.21-2.el6.x86_64.rpm php55-php-opcache-5.5.21-2.el6.x86_64.rpm php55-php-pdo-5.5.21-2.el6.x86_64.rpm php55-php-pgsql-5.5.21-2.el6.x86_64.rpm php55-php-process-5.5.21-2.el6.x86_64.rpm php55-php-pspell-5.5.21-2.el6.x86_64.rpm php55-php-recode-5.5.21-2.el6.x86_64.rpm php55-php-snmp-5.5.21-2.el6.x86_64.rpm php55-php-soap-5.5.21-2.el6.x86_64.rpm php55-php-tidy-5.5.21-2.el6.x86_64.rpm php55-php-xml-5.5.21-2.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm php55-runtime-2.0-1.el6.x86_64.rpm php55-scldevel-2.0-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: php55-2.0-1.el7.src.rpm php55-php-5.5.21-2.el7.src.rpm

x86_64: php55-2.0-1.el7.x86_64.rpm php55-php-5.5.21-2.el7.x86_64.rpm php55-php-bcmath-5.5.21-2.el7.x86_64.rpm php55-php-cli-5.5.21-2.el7.x86_64.rpm php55-php-common-5.5.21-2.el7.x86_64.rpm php55-php-dba-5.5.21-2.el7.x86_64.rpm php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm php55-php-devel-5.5.21-2.el7.x86_64.rpm php55-php-enchant-5.5.21-2.el7.x86_64.rpm php55-php-fpm-5.5.21-2.el7.x86_64.rpm php55-php-gd-5.5.21-2.el7.x86_64.rpm php55-php-gmp-5.5.21-2.el7.x86_64.rpm php55-php-intl-5.5.21-2.el7.x86_64.rpm php55-php-ldap-5.5.21-2.el7.x86_64.rpm php55-php-mbstring-5.5.21-2.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm php55-php-odbc-5.5.21-2.el7.x86_64.rpm php55-php-opcache-5.5.21-2.el7.x86_64.rpm php55-php-pdo-5.5.21-2.el7.x86_64.rpm php55-php-pgsql-5.5.21-2.el7.x86_64.rpm php55-php-process-5.5.21-2.el7.x86_64.rpm php55-php-pspell-5.5.21-2.el7.x86_64.rpm php55-php-recode-5.5.21-2.el7.x86_64.rpm php55-php-snmp-5.5.21-2.el7.x86_64.rpm php55-php-soap-5.5.21-2.el7.x86_64.rpm php55-php-xml-5.5.21-2.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm php55-runtime-2.0-1.el7.x86_64.rpm php55-scldevel-2.0-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: php55-2.0-1.el7.src.rpm php55-php-5.5.21-2.el7.src.rpm

x86_64: php55-2.0-1.el7.x86_64.rpm php55-php-5.5.21-2.el7.x86_64.rpm php55-php-bcmath-5.5.21-2.el7.x86_64.rpm php55-php-cli-5.5.21-2.el7.x86_64.rpm php55-php-common-5.5.21-2.el7.x86_64.rpm php55-php-dba-5.5.21-2.el7.x86_64.rpm php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm php55-php-devel-5.5.21-2.el7.x86_64.rpm php55-php-enchant-5.5.21-2.el7.x86_64.rpm php55-php-fpm-5.5.21-2.el7.x86_64.rpm php55-php-gd-5.5.21-2.el7.x86_64.rpm php55-php-gmp-5.5.21-2.el7.x86_64.rpm php55-php-intl-5.5.21-2.el7.x86_64.rpm php55-php-ldap-5.5.21-2.el7.x86_64.rpm php55-php-mbstring-5.5.21-2.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm php55-php-odbc-5.5.21-2.el7.x86_64.rpm php55-php-opcache-5.5.21-2.el7.x86_64.rpm php55-php-pdo-5.5.21-2.el7.x86_64.rpm php55-php-pgsql-5.5.21-2.el7.x86_64.rpm php55-php-process-5.5.21-2.el7.x86_64.rpm php55-php-pspell-5.5.21-2.el7.x86_64.rpm php55-php-recode-5.5.21-2.el7.x86_64.rpm php55-php-snmp-5.5.21-2.el7.x86_64.rpm php55-php-soap-5.5.21-2.el7.x86_64.rpm php55-php-xml-5.5.21-2.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm php55-runtime-2.0-1.el7.x86_64.rpm php55-scldevel-2.0-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9427 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-1351 https://access.redhat.com/security/cve/CVE-2015-1352 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2305 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVcBWDXlSAg2UNWIIRAnzoAJ9qn4wDNXMD8JU1N7k7nEzKlPpGDwCgi0Si MD3ZncY/P8Pl6+DgQxJQCjo= =MxfY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0388",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.8"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.24"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "secure backup",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.7"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 thats all  10.11"
      },
      {
        "model": "secure backup",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1351"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.0.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.6.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.24",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.8",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1351"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Joshua Rogers",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-175"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2015-1351",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-1351",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-79312",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1351",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201501-175",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79312",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1351",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79312"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1351"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlService disruption by a third party (DoS) There is a possibility of being affected unspecified, such as being in a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. OPcache is one of the extension components that improves PHP performance by storing the precompiled bytecode of PHP scripts in shared memory. ============================================================================\nUbuntu Security Notice USN-2501-1\nFebruary 17, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 14.10. This issue only\naffected Ubuntu 14.04 LTS and Ubuntu 14.10. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and\nUbuntu 14.10. (CVE-2015-1352)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.2\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.2\n  php5-cli                        5.5.12+dfsg-2ubuntu4.2\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.2\n  php5-pgsql                      5.5.12+dfsg-2ubuntu4.2\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.6\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.6\n  php5-cli                        5.5.9+dfsg-1ubuntu4.6\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.6\n  php5-pgsql                      5.5.9+dfsg-1ubuntu4.6\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.16\n  php5-cgi                        5.3.10-1ubuntu3.16\n  php5-cli                        5.3.10-1ubuntu3.16\n  php5-fpm                        5.3.10-1ubuntu3.16\n  php5-pgsql                      5.3.10-1ubuntu3.16\n\nIn general, a standard system update will make all the necessary changes. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.40-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes some security issues. \n  Please note that this package build also moves the configuration files\n  from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n2666059d6540b1b4385d25dfc5ebbe99  php-5.4.40-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc146f500912ba9c7e5d652e5e3643c04  php-5.4.40-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9efc8a96f9a3f3261e5f640292b1b781  php-5.4.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c95e077f314f1cfa3ee83b9aba90b91  php-5.4.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n30d14f237c71fada0d594c2360a58016  n/php-5.6.8-i486-1.txz\n\nSlackware x86_64 -current package:\n1a0fcc590aa4dff5de5f08293936d0d9  n/php-5.6.8-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.40-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-30-3 OS X El Capitan 10.11\n\nOS X El Capitan 10.11 is now available and addresses the following:\n\nAddress Book\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to inject arbitrary code to\nprocesses loading the Address Book framework\nDescription:  An issue existed in Address Book framework\u0027s handling\nof an environment variable. This issue was addressed through improved\nenvironment variable handling. \nCVE-ID\nCVE-2015-5897 : Dan Bastone of Gotham Digital Science\n\nAirScan\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker with a privileged network position may be able\nto extract payload from eSCL packets sent over a secure connection\nDescription:  An issue existed in the processing of eSCL packets. \nThis issue was addressed through improved validation checks. \nCVE-ID\nCVE-2015-5853 : an anonymous researcher\n\napache_mod_php\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.5.27, including one which may have led to remote code execution. \nThis issue was addressed by updating PHP to version 5.5.27. \nCVE-ID\nCVE-2014-9425\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9705\nCVE-2014-9709\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0235\nCVE-2015-0273\nCVE-2015-1351\nCVE-2015-1352\nCVE-2015-2301\nCVE-2015-2305\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2783\nCVE-2015-2787\nCVE-2015-3329\nCVE-2015-3330\n\nApple Online Store Kit\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may gain access to a user\u0027s keychain\nitems\nDescription:  An issue existed in validation of access control lists\nfor iCloud keychain items. This issue was addressed through improved\naccess control list checks. \nCVE-ID\nCVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of\nIndiana University, Tongxin Li of Peking University, Tongxin Li of\nPeking University, Xiaolong Bai of Tsinghua University\n\nAppleEvents\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A user connected through screen sharing can send Apple\nEvents to a local user\u0027s session\nDescription:  An issue existed with Apple Event filtering that\nallowed some users to send events to other users. This was addressed\nby improved Apple Event handling. \nCVE-ID\nCVE-2015-5849 : Jack Lawrence (@_jackhl)\n\nAudio\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription:  A memory corruption issue existed in the handling of\naudio files. This issue issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\n\nbash\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in bash\nDescription:  Multiple vulnerabilities existed in bash versions prior\nto 3.2 patch level 57. These issues were addressed by updating bash\nversion 3.2 to patch level 57. \nCVE-ID\nCVE-2014-6277\nCVE-2014-7186\nCVE-2014-7187\n\nCertificate Trust Policy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork Cookies\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription:  A cross-domain cookie issue existed in the handling of\ntop level domains. The issue was address through improved\nrestrictions of cookie creation. \nCVE-ID\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork FTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Malicious FTP servers may be able to cause the client to\nperform reconnaissance on other hosts\nDescription:  An issue existed in the handling of FTP packets when\nusing the PASV command. This issue was resolved through improved\nvalidation. \nCVE-ID\nCVE-2015-5912 : Amit Klein\n\nCFNetwork HTTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A maliciously crafted URL may be able to bypass HSTS and\nleak sensitive data\nDescription:  A URL parsing vulnerability existed in HSTS handling. \nThis issue was addressed through improved URL parsing. \nCVE-ID\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork HTTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription:  An issue existed in the handling of HSTS state in\nSafari private browsing mode. This issue was addressed through\nimproved state handling. \nCVE-ID\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\n\nCFNetwork Proxies\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Connecting to a malicious web proxy may set malicious\ncookies for a website\nDescription:  An issue existed in the handling of proxy connect\nresponses. This issue was addressed by removing the set-cookie header\nwhile parsing the connect response. \nCVE-ID\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork SSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  A certificate validation issue existed in NSURL when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-ID\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\n\nCFNetwork SSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of RC4. \nAn attacker could force the use of RC4, even if the server preferred\nbetter ciphers, by blocking TLS 1.0 and higher connections until\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\naddressed by removing the fallback to SSL 3.0. \n\nCoreCrypto\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to determine a private key\nDescription:  By observing many signing or decryption attempts, an\nattacker may have been able to determine the RSA private key. This\nissue was addressed using improved encryption algorithms. \n\nCoreText\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\nDev Tools\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in dyld. This was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-5876 : beist of grayhash\n\nDev Tools\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : @PanguTeam\n\nDisk Images\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in DiskImages. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\n\ndyld\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : TaiG Jailbreak Team\n\nEFI\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application can prevent some systems from\nbooting\nDescription:  An issue existed with the addresses covered by the\nprotected range register. This issue was fixed by changing the\nprotected range. \nCVE-ID\nCVE-2015-5900 : Xeno Kovah \u0026 Corey Kallenberg from LegbaCore\n\nEFI\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious Apple Ethernet Thunderbolt adapter may be able\nto affect firmware flashing\nDescription:  Apple Ethernet Thunderbolt adapters could modify the\nhost firmware if connected during an EFI update. This issue was\naddressed by not loading option ROMs during updates. \nCVE-ID\nCVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare\n\nFinder\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The \"Secure Empty Trash\" feature may not securely delete\nfiles placed in the Trash\nDescription:  An issue existed in guaranteeing secure deletion of\nTrash files on some systems, such as those with flash storage. This\nissue was addressed by removing the \"Secure Empty Trash\" option. \nCVE-ID\nCVE-2015-5901 : Apple\n\nGame Center\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious Game Center application may be able to access a\nplayer\u0027s email address\nDescription:  An issue existed in Game Center in the handling of a\nplayer\u0027s email. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2015-5855 : Nasser Alnasser\n\nHeimdal\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to replay Kerberos credentials to\nthe SMB server\nDescription:  An authentication issue existed in Kerberos\ncredentials. This issue was addressed through additional validation\nof credentials using a list of recently seen credentials. \nCVE-ID\nCVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu\nFan of Microsoft Corporation, China\n\nICU\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in ICU\nDescription:  Multiple vulnerabilities existed in ICU versions prior\nto 53.1.0. These issues were addressed by updating ICU to version\n55.1. \nCVE-ID\nCVE-2014-8146\nCVE-2014-8147\nCVE-2015-5922\n\nInstall Framework Legacy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to gain root privileges\nDescription:  A restriction issue existed in the Install private\nframework containing a privileged executable. This issue was\naddressed by removing the executable. \nCVE-ID\nCVE-2015-5888 : Apple\n\nIntel Graphics Driver\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Multiple memory corruption issues existed in the Intel\nGraphics Driver. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5830 : Yuki MIZUNO (@mzyy94)\nCVE-2015-5877 : Camillus Gerard Cai\n\nIOAudioFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in IOAudioFamily that led to the\ndisclosure of kernel memory content. This issue was addressed by\npermuting kernel pointers. \nCVE-ID\nCVE-2015-5864 : Luca Todesco\n\nIOGraphics\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nkernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5871 : Ilja van Sprundel of IOActive\nCVE-2015-5872 : Ilja van Sprundel of IOActive\nCVE-2015-5873 : Ilja van Sprundel of IOActive\nCVE-2015-5890 : Ilja van Sprundel of IOActive\n\nIOGraphics\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in IOGraphics which could have led to\nthe disclosure of kernel memory layout. This issue was addressed\nthrough improved memory management. \nCVE-ID\nCVE-2015-5865 : Luca Todesco\n\nIOHIDFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple memory corruption issues existed in\nIOHIDFamily. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5866 : Apple\nCVE-2015-5867 : moony li of Trend Micro\n\nIOStorageFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to read kernel memory\nDescription:  A memory initialization issue existed in the kernel. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5863 : Ilja van Sprundel of IOActive\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nKernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\nCVE-2015-5896 : Maxime Villard of m00nbsd\nCVE-2015-5903 : CESG\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local process can modify other processes without\nentitlement checks\nDescription:  An issue existed where root processes using the\nprocessor_set_tasks API were allowed to retrieve the task ports of\nother processes. This issue was addressed through additional\nentitlement checks. \nCVE-ID\nCVE-2015-5882 : Pedro Vilaca, working from original research by\nMing-chieh Pan and Sung-ting Tsai; Jonathan Levin\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may control the value of stack cookies\nDescription:  Multiple weaknesses existed in the generation of user\nspace stack cookies. These issues were addressed through improved\ngeneration of stack cookies. \nCVE-ID\nCVE-2013-3951 : Stefan Esser\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to launch denial of service attacks\non targeted TCP connections without knowing the correct sequence\nnumber\nDescription:  An issue existed in xnu\u0027s validation of TCP packet\nheaders. This issue was addressed through improved TCP packet header\nvalidation. \nCVE-ID\nCVE-2015-5879 : Jonathan Looney\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a local LAN segment may disable IPv6 routing\nDescription:  An insufficient validation issue existed in the\nhandling of IPv6 router advertisements that allowed an attacker to\nset the hop limit to an arbitrary value. This issue was addressed by\nenforcing a minimum hop limit. \nCVE-ID\nCVE-2015-5869 : Dennis Spindel Ljungmark\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed that led to the disclosure of kernel\nmemory layout. This was addressed through improved initialization of\nkernel memory structures. \nCVE-ID\nCVE-2015-5842 : beist of grayhash\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in debugging interfaces that led to\nthe disclosure of memory content. This issue was addressed by\nsanitizing output from debugging interfaces. \nCVE-ID\nCVE-2015-5870 : Apple\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A state management issue existed in debugging\nfunctionality. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team\n\nlibc\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\nCorporation\n\nlibpthread\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\n\nlibxpc\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Many SSH connections could cause a denial of service\nDescription:  launchd had no limit on the number of processes that\ncould be started by a network connection. This issue was addressed by\nlimiting the number of SSH processes to 40. \nCVE-ID\nCVE-2015-5881 : Apple\n\nLogin Window\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The screen lock may not engage after the specified time\nperiod\nDescription:  An issue existed with captured display locking. The\nissue was addressed through improved lock handling. \nCVE-ID\nCVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau\ninformationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni\nVaahtera, and an anonymous researcher\n\nlukemftpd\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A remote attacker may be able to deny service to the FTP\nserver\nDescription:  A glob-processing issue existed in tnftpd. This issue\nwas addressed through improved glob validation. \nCVE-ID\nCVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com\n\nMail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Printing an email may leak sensitive user information\nDescription:  An issue existed in Mail which bypassed user\npreferences when printing an email. This issue was addressed through\nimproved user preference enforcement. \nCVE-ID\nCVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,\nDennis Klein from Eschenburg, Germany, Jeff Hammett of Systim\nTechnology Partners\n\nMail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a privileged network position may be able to\nintercept attachments of S/MIME-encrypted e-mail sent via Mail Drop\nDescription:  An issue existed in handling encryption parameters for\nlarge email attachments sent via Mail Drop. The issue is addressed by\nno longer offering Mail Drop when sending an encrypted e-mail. \nCVE-ID\nCVE-2015-5884 : John McCombs of Integrated Mapping Ltd\n\nMultipeer Connectivity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to observe unprotected\nmultipeer data\nDescription:  An issue existed in convenience initializer handling in\nwhich encryption could be actively downgraded to a non-encrypted\nsession. This issue was addressed by changing the convenience\ninitializer to require encryption. \nCVE-ID\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\n\nNetworkExtension\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An uninitialized memory issue in the kernel led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved memory initialization. \nCVE-ID\nCVE-2015-5831 : Maxime Villard of m00nbsd\n\nNotes\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to leak sensitive user information\nDescription:  An issue existed in parsing links in the Notes\napplication. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher\n\nNotes\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to leak sensitive user information\nDescription:  A cross-site scripting issue existed in parsing text by\nthe Notes application. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2015-5875 : xisigr of Tencent\u0027s Xuanwu LAB (www.tencent.com)\n\nOpenSSH\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in OpenSSH\nDescription:  Multiple vulnerabilities existed in OpenSSH versions\nprior to 6.9. These issues were addressed by updating OpenSSH to\nversion 6.9. \nCVE-ID\nCVE-2014-2532\n\nOpenSSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-0286\nCVE-2015-0287\n\nprocmail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in procmail\nDescription:  Multiple vulnerabilities existed in procmail versions\nprior to 3.22. These issues were addressed by removing procmail. \nCVE-ID\nCVE-2014-3618\n\nremote_cmds\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with root\nprivileges\nDescription:  An issue existed in the usage of environment variables\nby the rsh binary. This issue was addressed by dropping setuid\nprivileges from the rsh binary. \nCVE-ID\nCVE-2015-5889 : Philip Pettersson\n\nremovefile\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Processing malicious data may lead to unexpected application\ntermination\nDescription:  An overflow fault existed in the checkint division\nroutines. This issue was addressed with improved division routines. \nCVE-ID\nCVE-2015-5840 : an anonymous researcher\n\nRuby\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in Ruby\nDescription:  Multiple vulnerabilities existed in Ruby versions prior\nto 2.0.0p645. These were addressed by updating Ruby to version\n2.0.0p645. \nCVE-ID\nCVE-2014-8080\nCVE-2014-8090\nCVE-2015-1855\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The lock state of the keychain may be incorrectly displayed\nto the user\nDescription:  A state management issue existed in the way keychain\nlock status was tracked. This issue was addressed through improved\nstate management. \nCVE-ID\nCVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,\nEric E. Lawrence, Apple\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A trust evaluation configured to require revocation checking\nmay succeed even if revocation checking fails\nDescription:  The kSecRevocationRequirePositiveResponse flag was\nspecified but not implemented. This issue was addressed by\nimplementing the flag. \nCVE-ID\nCVE-2015-5894 : Hannes Oud of kWallet GmbH\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A remote server may prompt for a certificate before\nidentifying itself\nDescription:  Secure Transport accepted the CertificateRequest\nmessage before the ServerKeyExchange message. This issue was\naddressed by requiring the ServerKeyExchange first. \nCVE-ID\nCVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nINRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of\nMicrosoft Research, Pierre-Yves Strub of IMDEA Software Institute\n\nSMB\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5891 : Ilja van Sprundel of IOActive\n\nSMB\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in SMBClient that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-5893 : Ilja van Sprundel of IOActive\n\nSQLite\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in SQLite v3.8.5\nDescription:  Multiple vulnerabilities existed in SQLite v3.8.5. \nThese issues were addressed by updating SQLite to version 3.8.10.2. \nCVE-ID\nCVE-2015-3414\nCVE-2015-3415\nCVE-2015-3416\n\nTelephony\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker can place phone calls without the user\u0027s\nknowledge when using Continuity\nDescription:  An issue existed in the authorization checks for\nplacing phone calls. This issue was addressed through improved\nauthorization checks. \nCVE-ID\nCVE-2015-3785 : Dan Bastone of Gotham Digital Science\n\nTerminal\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Maliciously crafted text could mislead the user in Terminal\nDescription:  Terminal did not handle bidirectional override\ncharacters in the same way when displaying text and when selecting\ntext. This issue was addressed by suppressing bidirectional override\ncharacters in Terminal. \nCVE-ID\nCVE-2015-5883 : an anonymous researcher\n\ntidy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in tidy. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\n\nTime Machine\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may gain access to keychain items\nDescription:  An issue existed in backups by the Time Machine\nframework. This issue was addressed through improved coverage of Time\nMachine backups. \nCVE-ID\nCVE-2015-5854 : Jonas Magazinius of Assured AB\n\nNote:  OS X El Capitan 10.11 includes the security content of\nSafari 9: https://support.apple.com/kb/HT205265. \n\nOS X El Capitan 10.11 may be obtained from the Mac App Store:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw\nS5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO\n/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6\nQhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54\nYJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop\nhpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O\nc3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR\n8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r\nN1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT\nfJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1\nnJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e\ng6jld/w5tPuCFhGucE7Z\n=XciV\n-----END PGP SIGNATURE-----\n. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2014-8142 (CVE-2015-0231). \n \n An integer overflow flaw, leading to a heap-based buffer overflow,\n was found in the way libzip, which is embedded in PHP, processed\n certain ZIP archives. \n \n It was discovered that the PHP PostgreSQL database extension\n incorrectly handled certain pointers. The libzip packages\n has been patched to address the CVE-2015-2331 flaw. \n \n Additionally the php-xdebug package has been upgraded to the latest\n 2.3.2 and the PECL packages which requires so has been rebuilt for\n php-5.5.23.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: php55 security and bug fix update\nAdvisory ID:       RHSA-2015:1053-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1053.html\nIssue date:        2015-06-04\nCVE Names:         CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 \n                   CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 \n                   CVE-2015-0232 CVE-2015-0273 CVE-2015-1351 \n                   CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 \n                   CVE-2015-2348 CVE-2015-2787 CVE-2015-4147 \n                   CVE-2015-4148 \n=====================================================================\n\n1. Summary:\n\nUpdated php55 collection packages that fix multiple security issues and\nseveral bugs are now available as part of Red Hat Software Collections 2. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php55 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a\nnumber of additional utilities. \n\nThe php55 packages have been upgraded to upstream version 5.5.21, which\nprovides multiple bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1057089)\n\nThe following security issues were fixed in the php55-php component:\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. \n(CVE-2015-0232)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP\u0027s regular expression\nextension. An attacker able to make PHP process a specially crafted regular\nexpression pattern could cause it to crash and possibly execute arbitrary\ncode. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP\u0027s OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory. \n(CVE-2015-1351)\n\nA use-after-free flaw was found in PHP\u0027s phar (PHP Archive) extension. \nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2015-2301)\n\nAn ouf-of-bounds read flaw was found in the way the File Information\n(fileinfo) extension processed certain Pascal strings. A remote attacker\ncould cause a PHP application to crash if it used fileinfo to identify the\ntype of the attacker-supplied file. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. A remote attacker could possibly use this\nflaw to make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348)\n\nA NULL pointer dereference flaw was found in PHP\u0027s pgsql extension. A\nspecially crafted table name passed to a function such as pg_insert() or\npg_select() could cause a PHP application to crash. (CVE-2015-1352)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. A specially crafted PHP file could cause PHP CGI to crash. \n(CVE-2014-9427)\n\nAll php55 users are advised to upgrade to these updated packages, which\ncorrect these issues. After installing the updated packages, the\nhttpd24-httpd service must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1132446 - php55-php-fpm misinterpreting error_log=syslog\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1178736 - CVE-2014-9427 php: out of bounds read when parsing a crafted .php file\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1185900 - CVE-2015-1351 php: use after free in opcache extension\n1185904 - CVE-2015-1352 php: NULL pointer dereference in pgsql extension\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1191049 - CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp55-2.0-1.el6.src.rpm\nphp55-php-5.5.21-2.el6.src.rpm\n\nx86_64:\nphp55-2.0-1.el6.x86_64.rpm\nphp55-php-5.5.21-2.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el6.x86_64.rpm\nphp55-php-cli-5.5.21-2.el6.x86_64.rpm\nphp55-php-common-5.5.21-2.el6.x86_64.rpm\nphp55-php-dba-5.5.21-2.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el6.x86_64.rpm\nphp55-php-devel-5.5.21-2.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el6.x86_64.rpm\nphp55-php-gd-5.5.21-2.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-imap-5.5.21-2.el6.x86_64.rpm\nphp55-php-intl-5.5.21-2.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el6.x86_64.rpm\nphp55-php-process-5.5.21-2.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el6.x86_64.rpm\nphp55-php-recode-5.5.21-2.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-soap-5.5.21-2.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-2.el6.x86_64.rpm\nphp55-php-xml-5.5.21-2.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm\nphp55-runtime-2.0-1.el6.x86_64.rpm\nphp55-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nphp55-2.0-1.el6.src.rpm\nphp55-php-5.5.21-2.el6.src.rpm\n\nx86_64:\nphp55-2.0-1.el6.x86_64.rpm\nphp55-php-5.5.21-2.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el6.x86_64.rpm\nphp55-php-cli-5.5.21-2.el6.x86_64.rpm\nphp55-php-common-5.5.21-2.el6.x86_64.rpm\nphp55-php-dba-5.5.21-2.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el6.x86_64.rpm\nphp55-php-devel-5.5.21-2.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el6.x86_64.rpm\nphp55-php-gd-5.5.21-2.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-imap-5.5.21-2.el6.x86_64.rpm\nphp55-php-intl-5.5.21-2.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el6.x86_64.rpm\nphp55-php-process-5.5.21-2.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el6.x86_64.rpm\nphp55-php-recode-5.5.21-2.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-soap-5.5.21-2.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-2.el6.x86_64.rpm\nphp55-php-xml-5.5.21-2.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm\nphp55-runtime-2.0-1.el6.x86_64.rpm\nphp55-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nphp55-2.0-1.el6.src.rpm\nphp55-php-5.5.21-2.el6.src.rpm\n\nx86_64:\nphp55-2.0-1.el6.x86_64.rpm\nphp55-php-5.5.21-2.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el6.x86_64.rpm\nphp55-php-cli-5.5.21-2.el6.x86_64.rpm\nphp55-php-common-5.5.21-2.el6.x86_64.rpm\nphp55-php-dba-5.5.21-2.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el6.x86_64.rpm\nphp55-php-devel-5.5.21-2.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el6.x86_64.rpm\nphp55-php-gd-5.5.21-2.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-imap-5.5.21-2.el6.x86_64.rpm\nphp55-php-intl-5.5.21-2.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el6.x86_64.rpm\nphp55-php-process-5.5.21-2.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el6.x86_64.rpm\nphp55-php-recode-5.5.21-2.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-soap-5.5.21-2.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-2.el6.x86_64.rpm\nphp55-php-xml-5.5.21-2.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm\nphp55-runtime-2.0-1.el6.x86_64.rpm\nphp55-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp55-2.0-1.el6.src.rpm\nphp55-php-5.5.21-2.el6.src.rpm\n\nx86_64:\nphp55-2.0-1.el6.x86_64.rpm\nphp55-php-5.5.21-2.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el6.x86_64.rpm\nphp55-php-cli-5.5.21-2.el6.x86_64.rpm\nphp55-php-common-5.5.21-2.el6.x86_64.rpm\nphp55-php-dba-5.5.21-2.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el6.x86_64.rpm\nphp55-php-devel-5.5.21-2.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el6.x86_64.rpm\nphp55-php-gd-5.5.21-2.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-imap-5.5.21-2.el6.x86_64.rpm\nphp55-php-intl-5.5.21-2.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el6.x86_64.rpm\nphp55-php-process-5.5.21-2.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el6.x86_64.rpm\nphp55-php-recode-5.5.21-2.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el6.x86_64.rpm\nphp55-php-soap-5.5.21-2.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-2.el6.x86_64.rpm\nphp55-php-xml-5.5.21-2.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm\nphp55-runtime-2.0-1.el6.x86_64.rpm\nphp55-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp55-2.0-1.el7.src.rpm\nphp55-php-5.5.21-2.el7.src.rpm\n\nx86_64:\nphp55-2.0-1.el7.x86_64.rpm\nphp55-php-5.5.21-2.el7.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el7.x86_64.rpm\nphp55-php-cli-5.5.21-2.el7.x86_64.rpm\nphp55-php-common-5.5.21-2.el7.x86_64.rpm\nphp55-php-dba-5.5.21-2.el7.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el7.x86_64.rpm\nphp55-php-devel-5.5.21-2.el7.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el7.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el7.x86_64.rpm\nphp55-php-gd-5.5.21-2.el7.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el7.x86_64.rpm\nphp55-php-intl-5.5.21-2.el7.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el7.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el7.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el7.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el7.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el7.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el7.x86_64.rpm\nphp55-php-process-5.5.21-2.el7.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el7.x86_64.rpm\nphp55-php-recode-5.5.21-2.el7.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el7.x86_64.rpm\nphp55-php-soap-5.5.21-2.el7.x86_64.rpm\nphp55-php-xml-5.5.21-2.el7.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm\nphp55-runtime-2.0-1.el7.x86_64.rpm\nphp55-scldevel-2.0-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp55-2.0-1.el7.src.rpm\nphp55-php-5.5.21-2.el7.src.rpm\n\nx86_64:\nphp55-2.0-1.el7.x86_64.rpm\nphp55-php-5.5.21-2.el7.x86_64.rpm\nphp55-php-bcmath-5.5.21-2.el7.x86_64.rpm\nphp55-php-cli-5.5.21-2.el7.x86_64.rpm\nphp55-php-common-5.5.21-2.el7.x86_64.rpm\nphp55-php-dba-5.5.21-2.el7.x86_64.rpm\nphp55-php-debuginfo-5.5.21-2.el7.x86_64.rpm\nphp55-php-devel-5.5.21-2.el7.x86_64.rpm\nphp55-php-enchant-5.5.21-2.el7.x86_64.rpm\nphp55-php-fpm-5.5.21-2.el7.x86_64.rpm\nphp55-php-gd-5.5.21-2.el7.x86_64.rpm\nphp55-php-gmp-5.5.21-2.el7.x86_64.rpm\nphp55-php-intl-5.5.21-2.el7.x86_64.rpm\nphp55-php-ldap-5.5.21-2.el7.x86_64.rpm\nphp55-php-mbstring-5.5.21-2.el7.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm\nphp55-php-odbc-5.5.21-2.el7.x86_64.rpm\nphp55-php-opcache-5.5.21-2.el7.x86_64.rpm\nphp55-php-pdo-5.5.21-2.el7.x86_64.rpm\nphp55-php-pgsql-5.5.21-2.el7.x86_64.rpm\nphp55-php-process-5.5.21-2.el7.x86_64.rpm\nphp55-php-pspell-5.5.21-2.el7.x86_64.rpm\nphp55-php-recode-5.5.21-2.el7.x86_64.rpm\nphp55-php-snmp-5.5.21-2.el7.x86_64.rpm\nphp55-php-soap-5.5.21-2.el7.x86_64.rpm\nphp55-php-xml-5.5.21-2.el7.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm\nphp55-runtime-2.0-1.el7.x86_64.rpm\nphp55-scldevel-2.0-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9427\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-1351\nhttps://access.redhat.com/security/cve/CVE-2015-1352\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2305\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVcBWDXlSAg2UNWIIRAnzoAJ9qn4wDNXMD8JU1N7k7nEzKlPpGDwCgi0Si\nMD3ZncY/P8Pl6+DgQxJQCjo=\n=MxfY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79312"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1351"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "130426"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1351",
        "trust": 3.3
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/01/24/9",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "71929",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002005",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-175",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2465",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-79312",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1351",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132161",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130426",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131577",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132158",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79312"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "130426"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1351"
      }
    ]
  },
  "id": "VAR-201503-0388",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79312"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:23:07.716000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "Fixed #68677",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115"
      },
      {
        "title": "Bug #68677",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=68677"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "Debian CVElist Bug Report Logs: php5: CVE-2015-1352",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a47d493ff1cf56b778be5b859ca113d1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: php5: CVE-2015-1351",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4a1f4d160a6239471e5c7026a7718665"
      },
      {
        "title": "Red Hat: CVE-2015-1351",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1351"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2501-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-510",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-510"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-511",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-511"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79312"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1351"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/71929"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1053.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=68677"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.8,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:079"
      },
      {
        "trust": 1.8,
        "url": "http://openwall.com/lists/oss-security/2015/01/24/9"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1351"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=777c39f4042327eac4b63c7ee87dc1c7a09a3115"
      },
      {
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1351"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191746-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2465/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-1351"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2331"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2305"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2331"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1352"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/416.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777036"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2501-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41307"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2501-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.16"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2305"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8080"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8090"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3951"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8147"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht205265."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8611"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://www.tencent.com)"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2535-1/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.22"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2501-1/"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.23"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204676"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1352"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79312"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "130426"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1351"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-79312"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "130426"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1351"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79312"
      },
      {
        "date": "2015-03-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1351"
      },
      {
        "date": "2015-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      },
      {
        "date": "2015-06-04T16:15:24",
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "date": "2015-02-17T21:26:59",
        "db": "PACKETSTORM",
        "id": "130426"
      },
      {
        "date": "2015-04-22T20:14:00",
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "date": "2015-10-01T16:33:47",
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-03-30T21:16:25",
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "date": "2015-06-04T16:12:40",
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "date": "2015-01-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-175"
      },
      {
        "date": "2015-03-30T10:59:07.867000",
        "db": "NVD",
        "id": "CVE-2015-1351"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79312"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1351"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      },
      {
        "date": "2019-12-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-175"
      },
      {
        "date": "2023-11-07T02:24:48.360000",
        "db": "NVD",
        "id": "CVE-2015-1351"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-175"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  OPcache Service disruption in extensions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002005"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-175"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0319
Vulnerability from variot

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. PHP is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability stems from the program's failure to validate the '__default_headers' value in the array. The following versions are affected: PHP prior to 5.4.39, 5.5.x prior to 5.5.23, and 5.6.x prior to 5.6.7. 6) - i386, x86_64

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

This update also fixes the following bugs:

  • The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305)

  • When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299)

  • Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm

s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.ael7b_1.src.rpm

ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm

s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg= =FREZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2658-1 July 06, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description: - php5: HTML-embedded scripting language interpreter

Details:

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)

Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. (CVE-2015-4021)

Max Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. (CVE-2015-4024)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. (CVE-2015-4147)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4644)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.2 php5-cgi 5.6.4+dfsg-4ubuntu6.2 php5-cli 5.6.4+dfsg-4ubuntu6.2 php5-fpm 5.6.4+dfsg-4ubuntu6.2

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.6 php5-cgi 5.5.12+dfsg-2ubuntu4.6 php5-cli 5.5.12+dfsg-2ubuntu4.6 php5-fpm 5.5.12+dfsg-2ubuntu4.6

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.11 php5-cgi 5.5.9+dfsg-1ubuntu4.11 php5-cli 5.5.9+dfsg-1ubuntu4.11 php5-fpm 5.5.9+dfsg-1ubuntu4.11

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.19 php5-cgi 5.3.10-1ubuntu3.19 php5-cli 5.3.10-1ubuntu3.19 php5-fpm 5.3.10-1ubuntu3.19

In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. (CVE-2014-9709)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0319",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.2.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.0"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.7"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.2.1"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.9"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.9-2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.11"
      },
      {
        "model": "pl2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.00"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.2.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.00"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.4"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.6"
      },
      {
        "model": "pl1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.1"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "3.0.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-107"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.38",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4147"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrea Palazzo",
    "sources": [
      {
        "db": "BID",
        "id": "73357"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-107"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-4147",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-4147",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-82108",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4147",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-107",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82108",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-4147",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82108"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-107"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a \"type confusion\" issue. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. PHP is prone to a remote code-execution vulnerability. \nAttackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability stems from the program\u0027s failure to validate the \u0027__default_headers\u0027 value in the array. The following versions are affected: PHP prior to 5.4.39, 5.5.x prior to 5.5.23, and 5.6.x prior to 5.6.7. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php security and bug fix update\nAdvisory ID:       RHSA-2015:1135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1135.html\nIssue date:        2015-06-23\nCVE Names:         CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 \n                   CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 \n                   CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 \n                   CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 \n                   CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 \n                   CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 \n                   CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption. \n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nppc64:\nphp-5.4.16-36.el7_1.ppc64.rpm\nphp-cli-5.4.16-36.el7_1.ppc64.rpm\nphp-common-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-gd-5.4.16-36.el7_1.ppc64.rpm\nphp-ldap-5.4.16-36.el7_1.ppc64.rpm\nphp-mysql-5.4.16-36.el7_1.ppc64.rpm\nphp-odbc-5.4.16-36.el7_1.ppc64.rpm\nphp-pdo-5.4.16-36.el7_1.ppc64.rpm\nphp-pgsql-5.4.16-36.el7_1.ppc64.rpm\nphp-process-5.4.16-36.el7_1.ppc64.rpm\nphp-recode-5.4.16-36.el7_1.ppc64.rpm\nphp-soap-5.4.16-36.el7_1.ppc64.rpm\nphp-xml-5.4.16-36.el7_1.ppc64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-5.4.16-36.el7_1.s390x.rpm\nphp-cli-5.4.16-36.el7_1.s390x.rpm\nphp-common-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-gd-5.4.16-36.el7_1.s390x.rpm\nphp-ldap-5.4.16-36.el7_1.s390x.rpm\nphp-mysql-5.4.16-36.el7_1.s390x.rpm\nphp-odbc-5.4.16-36.el7_1.s390x.rpm\nphp-pdo-5.4.16-36.el7_1.s390x.rpm\nphp-pgsql-5.4.16-36.el7_1.s390x.rpm\nphp-process-5.4.16-36.el7_1.s390x.rpm\nphp-recode-5.4.16-36.el7_1.s390x.rpm\nphp-soap-5.4.16-36.el7_1.s390x.rpm\nphp-xml-5.4.16-36.el7_1.s390x.rpm\nphp-xmlrpc-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.ael7b_1.src.rpm\n\nppc64le:\nphp-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-cli-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-common-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-gd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-ldap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-odbc-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pdo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-process-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-recode-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-soap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xml-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.el7_1.ppc64.rpm\nphp-dba-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-devel-5.4.16-36.el7_1.ppc64.rpm\nphp-embedded-5.4.16-36.el7_1.ppc64.rpm\nphp-enchant-5.4.16-36.el7_1.ppc64.rpm\nphp-fpm-5.4.16-36.el7_1.ppc64.rpm\nphp-intl-5.4.16-36.el7_1.ppc64.rpm\nphp-mbstring-5.4.16-36.el7_1.ppc64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.ppc64.rpm\nphp-pspell-5.4.16-36.el7_1.ppc64.rpm\nphp-snmp-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.el7_1.s390x.rpm\nphp-dba-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-devel-5.4.16-36.el7_1.s390x.rpm\nphp-embedded-5.4.16-36.el7_1.s390x.rpm\nphp-enchant-5.4.16-36.el7_1.s390x.rpm\nphp-fpm-5.4.16-36.el7_1.s390x.rpm\nphp-intl-5.4.16-36.el7_1.s390x.rpm\nphp-mbstring-5.4.16-36.el7_1.s390x.rpm\nphp-mysqlnd-5.4.16-36.el7_1.s390x.rpm\nphp-pspell-5.4.16-36.el7_1.s390x.rpm\nphp-snmp-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nphp-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-dba-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-devel-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-embedded-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-enchant-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-fpm-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-intl-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pspell-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-snmp-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O\ndtqycPWs+07GhjmZ6NNx5Bg=\n=FREZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ============================================================================\nUbuntu Security Notice USN-2658-1\nJuly 06, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n\nSoftware Description:\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nNeal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL\nbytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled\nfilenames starting with a NULL byte. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\nwhen connecting to remote FTP servers. (CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\ndata types. (CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\nthat the uri property is a string. A remote attacker could possibly use these issues to\nobtain sensitive information or cause a denial of service. This issue only affected Ubuntu\n15.04. (CVE-2015-4644)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libapache2-mod-php5             5.6.4+dfsg-4ubuntu6.2\n  php5-cgi                        5.6.4+dfsg-4ubuntu6.2\n  php5-cli                        5.6.4+dfsg-4ubuntu6.2\n  php5-fpm                        5.6.4+dfsg-4ubuntu6.2\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.6\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.6\n  php5-cli                        5.5.12+dfsg-2ubuntu4.6\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.6\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.11\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.11\n  php5-cli                        5.5.9+dfsg-1ubuntu4.11\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.11\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.19\n  php5-cgi                        5.3.10-1ubuntu3.19\n  php5-cli                        5.3.10-1ubuntu3.19\n  php5-fpm                        5.3.10-1ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. The php55 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a\nnumber of additional utilities. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP\u0027s OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      },
      {
        "db": "BID",
        "id": "73357"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82108"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4147"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4147",
        "trust": 3.5
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/06/01/4",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "73357",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032459",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003053",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-107",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-82108",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4147",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132161",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132406",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132531",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132158",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82108"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4147"
      },
      {
        "db": "BID",
        "id": "73357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-107"
      }
    ]
  },
  "id": "VAR-201506-0319",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82108"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:47:38.690000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "Sec Bug #69085",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69085"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "Red Hat: CVE-2015-4147",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-4147"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2658-1"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-4147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82108"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4147"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://openwall.com/lists/oss-security/2015/06/01/4"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=69085"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/73357"
      },
      {
        "trust": 1.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 1.5,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1053.html"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1032459"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4147"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4147"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/6075/security-advisory-alienvault-v5-2-addresses-55-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098669"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1351"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2305"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/19.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39203"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2658-1/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4605"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.11"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2658-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4604"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.19"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1352"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82108"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4147"
      },
      {
        "db": "BID",
        "id": "73357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-107"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-82108"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4147"
      },
      {
        "db": "BID",
        "id": "73357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-107"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82108"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4147"
      },
      {
        "date": "2015-03-17T00:00:00",
        "db": "BID",
        "id": "73357"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      },
      {
        "date": "2015-06-04T16:15:24",
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "date": "2015-07-09T23:16:17",
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "date": "2015-06-23T14:07:16",
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "date": "2015-07-07T00:23:34",
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-06-04T16:12:40",
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "date": "2015-06-09T18:59:09.503000",
        "db": "NVD",
        "id": "CVE-2015-4147"
      },
      {
        "date": "2015-03-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-107"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82108"
      },
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4147"
      },
      {
        "date": "2016-07-06T12:22:00",
        "db": "BID",
        "id": "73357"
      },
      {
        "date": "2015-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      },
      {
        "date": "2018-01-05T02:30:08.307000",
        "db": "NVD",
        "id": "CVE-2015-4147"
      },
      {
        "date": "2015-06-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-107"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-107"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/soap/soap.c of  SoapClient::__call Vulnerability in arbitrary code execution in method",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003053"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-107"
      }
    ],
    "trust": 0.6
  }
}

var-201503-0426
Vulnerability from variot

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. This vulnerability CVE-2006-7243 Vulnerability due to insufficient fix for.Skillfully crafted by a third party 2 Via the argument, the extension restriction is avoided and a file with an unexpected name may be created. PHP is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. A successful exploit could allow an attacker to access sensitive information. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP 5.4.38 and prior, 5.5.x prior to 5.5.23, and 5.6.x prior to 5.6.7. ========================================================================== Ubuntu Security Notice USN-2572-1 April 20, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2787)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.4 php5-cgi 5.5.12+dfsg-2ubuntu4.4 php5-cli 5.5.12+dfsg-2ubuntu4.4 php5-fpm 5.5.12+dfsg-2ubuntu4.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 php5-cgi 5.5.9+dfsg-1ubuntu4.9 php5-cli 5.5.9+dfsg-1ubuntu4.9 php5-fpm 5.5.9+dfsg-1ubuntu4.9

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.18 php5-cgi 5.3.10-1ubuntu3.18 php5-cli 5.3.10-1ubuntu3.18 php5-fpm 5.3.10-1ubuntu3.18

Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.30 php5-cgi 5.3.2-1ubuntu4.30 php5-cli 5.3.2-1ubuntu4.30

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

This update also fixes the following bugs:

  • The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305)

  • When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299)

  • Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm

s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.ael7b_1.src.rpm

ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm

s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg= =FREZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. (CVE-2014-9709)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0426",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.7"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "13.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "novell",
        "version": "13.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "5.5.0-dev",
        "scope": null,
        "trust": 0.3,
        "vendor": "php",
        "version": null
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2348"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-626"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.38",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2348"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "djcapelis",
    "sources": [
      {
        "db": "BID",
        "id": "73434"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-2348",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-2348",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-80309",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-2348",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-626",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80309",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-2348",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80309"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2348"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-626"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \\x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. This vulnerability CVE-2006-7243 Vulnerability due to insufficient fix for.Skillfully crafted by a third party 2 Via the argument, the extension restriction is avoided and a file with an unexpected name may be created. PHP is prone to a security-bypass vulnerability. \nAn attacker can leverage this issue to bypass security restrictions and  perform unauthorized actions. This may aid in further attacks. \nA successful exploit could allow an attacker to access sensitive information. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP 5.4.38 and prior, 5.5.x prior to 5.5.23, and 5.6.x prior to 5.6.7. ==========================================================================\nUbuntu Security Notice USN-2572-1\nApril 20, 2015\n\nphp5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only applied to\nUbuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-2787)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.4\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.4\n  php5-cli                        5.5.12+dfsg-2ubuntu4.4\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.9\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.9\n  php5-cli                        5.5.9+dfsg-1ubuntu4.9\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.9\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.18\n  php5-cgi                        5.3.10-1ubuntu3.18\n  php5-cli                        5.3.10-1ubuntu3.18\n  php5-fpm                        5.3.10-1ubuntu3.18\n\nUbuntu 10.04 LTS:\n  libapache2-mod-php5             5.3.2-1ubuntu4.30\n  php5-cgi                        5.3.2-1ubuntu4.30\n  php5-cli                        5.3.2-1ubuntu4.30\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php security and bug fix update\nAdvisory ID:       RHSA-2015:1135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1135.html\nIssue date:        2015-06-23\nCVE Names:         CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 \n                   CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 \n                   CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 \n                   CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 \n                   CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 \n                   CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 \n                   CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption. \n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nppc64:\nphp-5.4.16-36.el7_1.ppc64.rpm\nphp-cli-5.4.16-36.el7_1.ppc64.rpm\nphp-common-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-gd-5.4.16-36.el7_1.ppc64.rpm\nphp-ldap-5.4.16-36.el7_1.ppc64.rpm\nphp-mysql-5.4.16-36.el7_1.ppc64.rpm\nphp-odbc-5.4.16-36.el7_1.ppc64.rpm\nphp-pdo-5.4.16-36.el7_1.ppc64.rpm\nphp-pgsql-5.4.16-36.el7_1.ppc64.rpm\nphp-process-5.4.16-36.el7_1.ppc64.rpm\nphp-recode-5.4.16-36.el7_1.ppc64.rpm\nphp-soap-5.4.16-36.el7_1.ppc64.rpm\nphp-xml-5.4.16-36.el7_1.ppc64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-5.4.16-36.el7_1.s390x.rpm\nphp-cli-5.4.16-36.el7_1.s390x.rpm\nphp-common-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-gd-5.4.16-36.el7_1.s390x.rpm\nphp-ldap-5.4.16-36.el7_1.s390x.rpm\nphp-mysql-5.4.16-36.el7_1.s390x.rpm\nphp-odbc-5.4.16-36.el7_1.s390x.rpm\nphp-pdo-5.4.16-36.el7_1.s390x.rpm\nphp-pgsql-5.4.16-36.el7_1.s390x.rpm\nphp-process-5.4.16-36.el7_1.s390x.rpm\nphp-recode-5.4.16-36.el7_1.s390x.rpm\nphp-soap-5.4.16-36.el7_1.s390x.rpm\nphp-xml-5.4.16-36.el7_1.s390x.rpm\nphp-xmlrpc-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.ael7b_1.src.rpm\n\nppc64le:\nphp-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-cli-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-common-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-gd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-ldap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-odbc-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pdo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-process-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-recode-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-soap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xml-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.el7_1.ppc64.rpm\nphp-dba-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-devel-5.4.16-36.el7_1.ppc64.rpm\nphp-embedded-5.4.16-36.el7_1.ppc64.rpm\nphp-enchant-5.4.16-36.el7_1.ppc64.rpm\nphp-fpm-5.4.16-36.el7_1.ppc64.rpm\nphp-intl-5.4.16-36.el7_1.ppc64.rpm\nphp-mbstring-5.4.16-36.el7_1.ppc64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.ppc64.rpm\nphp-pspell-5.4.16-36.el7_1.ppc64.rpm\nphp-snmp-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.el7_1.s390x.rpm\nphp-dba-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-devel-5.4.16-36.el7_1.s390x.rpm\nphp-embedded-5.4.16-36.el7_1.s390x.rpm\nphp-enchant-5.4.16-36.el7_1.s390x.rpm\nphp-fpm-5.4.16-36.el7_1.s390x.rpm\nphp-intl-5.4.16-36.el7_1.s390x.rpm\nphp-mbstring-5.4.16-36.el7_1.s390x.rpm\nphp-mysqlnd-5.4.16-36.el7_1.s390x.rpm\nphp-pspell-5.4.16-36.el7_1.s390x.rpm\nphp-snmp-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nphp-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-dba-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-devel-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-embedded-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-enchant-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-fpm-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-intl-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pspell-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-snmp-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O\ndtqycPWs+07GhjmZ6NNx5Bg=\n=FREZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. The php55 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a\nnumber of additional utilities. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP\u0027s OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      },
      {
        "db": "BID",
        "id": "73434"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80309"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2348"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-2348",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "73434",
        "trust": 1.5
      },
      {
        "db": "SECTRACK",
        "id": "1032484",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002000",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-626",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-89630",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-80309",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2348",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131528",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132161",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132406",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132158",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80309"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2348"
      },
      {
        "db": "BID",
        "id": "73434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2348"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-626"
      }
    ]
  },
  "id": "VAR-201503-0426",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80309"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:54:45.677000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "Sec Bug #69207",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69207"
      },
      {
        "title": "Fix bug #69207 - move_uploaded_file allows nulls in path",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=1291d6bbee93b6109eb07e8f7916ff1b7fcc13e1"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "php-src-php-5.6.7",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54690"
      },
      {
        "title": "php-src-php-5.6.7",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54691"
      },
      {
        "title": "php-src-php-5.4.39",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54686"
      },
      {
        "title": "php-src-php-5.5.23",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54689"
      },
      {
        "title": "php-src-php-5.5.23",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54688"
      },
      {
        "title": "Red Hat: CVE-2015-2348",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-2348"
      },
      {
        "title": "Debian Security Advisories: DSA-3198-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c4d31fb1a942bdc1ee4d9ee7c751940"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2572-1"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-2348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-626"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2348"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=69207"
      },
      {
        "trust": 1.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 1.5,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/73434"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1053.html"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.ubuntu.com/usn/usn-2572-1"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1032484"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html"
      },
      {
        "trust": 1.1,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=1291d6bbee93b6109eb07e8f7916ff1b7fcc13e1"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=1291d6bbee93b6109eb07e8f7916ff1b7fcc13e1"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2348"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2348"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1351"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2305"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143748090628601\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144050155601375\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38762"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2572-1/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.30"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.18"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1352"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80309"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2348"
      },
      {
        "db": "BID",
        "id": "73434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2348"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-626"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-80309"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2348"
      },
      {
        "db": "BID",
        "id": "73434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2348"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-626"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80309"
      },
      {
        "date": "2015-03-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-2348"
      },
      {
        "date": "2015-03-30T00:00:00",
        "db": "BID",
        "id": "73434"
      },
      {
        "date": "2015-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      },
      {
        "date": "2015-04-20T19:22:00",
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "date": "2015-06-04T16:15:24",
        "db": "PACKETSTORM",
        "id": "132161"
      },
      {
        "date": "2015-06-23T14:07:16",
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-06-04T16:12:40",
        "db": "PACKETSTORM",
        "id": "132158"
      },
      {
        "date": "2015-03-30T10:59:14.710000",
        "db": "NVD",
        "id": "CVE-2015-2348"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-626"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80309"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-2348"
      },
      {
        "date": "2016-07-06T12:22:00",
        "db": "BID",
        "id": "73434"
      },
      {
        "date": "2015-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      },
      {
        "date": "2023-11-07T02:25:14.463000",
        "db": "NVD",
        "id": "CVE-2015-2348"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-626"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-626"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/standard/basic_functions.c of  move_uploaded_file Vulnerability that can prevent extension restrictions in the implementation of",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002000"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-626"
      }
    ],
    "trust": 0.6
  }
}

var-201412-0114
Vulnerability from variot

Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-415: Double Free ( Double release ) Has been identified. http://cwe.mitre.org/data/definitions/415.htmlService disruption by a third party (DoS) There is a possibility of being affected unspecified, such as being in a state. PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: php security update Advisory ID: RHSA-2015:1218-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1218.html Issue date: 2015-07-09 CVE Names: CVE-2014-9425 CVE-2014-9705 CVE-2014-9709 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 =====================================================================

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way PHP parsed multipart HTTP POST requests. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1177734 - CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy() 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-bcmath-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

x86_64: php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm

ppc64: php-5.3.3-46.el6_6.ppc64.rpm php-cli-5.3.3-46.el6_6.ppc64.rpm php-common-5.3.3-46.el6_6.ppc64.rpm php-debuginfo-5.3.3-46.el6_6.ppc64.rpm php-gd-5.3.3-46.el6_6.ppc64.rpm php-ldap-5.3.3-46.el6_6.ppc64.rpm php-mysql-5.3.3-46.el6_6.ppc64.rpm php-odbc-5.3.3-46.el6_6.ppc64.rpm php-pdo-5.3.3-46.el6_6.ppc64.rpm php-pgsql-5.3.3-46.el6_6.ppc64.rpm php-soap-5.3.3-46.el6_6.ppc64.rpm php-xml-5.3.3-46.el6_6.ppc64.rpm php-xmlrpc-5.3.3-46.el6_6.ppc64.rpm

s390x: php-5.3.3-46.el6_6.s390x.rpm php-cli-5.3.3-46.el6_6.s390x.rpm php-common-5.3.3-46.el6_6.s390x.rpm php-debuginfo-5.3.3-46.el6_6.s390x.rpm php-gd-5.3.3-46.el6_6.s390x.rpm php-ldap-5.3.3-46.el6_6.s390x.rpm php-mysql-5.3.3-46.el6_6.s390x.rpm php-odbc-5.3.3-46.el6_6.s390x.rpm php-pdo-5.3.3-46.el6_6.s390x.rpm php-pgsql-5.3.3-46.el6_6.s390x.rpm php-soap-5.3.3-46.el6_6.s390x.rpm php-xml-5.3.3-46.el6_6.s390x.rpm php-xmlrpc-5.3.3-46.el6_6.s390x.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: php-bcmath-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

ppc64: php-bcmath-5.3.3-46.el6_6.ppc64.rpm php-dba-5.3.3-46.el6_6.ppc64.rpm php-debuginfo-5.3.3-46.el6_6.ppc64.rpm php-devel-5.3.3-46.el6_6.ppc64.rpm php-embedded-5.3.3-46.el6_6.ppc64.rpm php-enchant-5.3.3-46.el6_6.ppc64.rpm php-fpm-5.3.3-46.el6_6.ppc64.rpm php-imap-5.3.3-46.el6_6.ppc64.rpm php-intl-5.3.3-46.el6_6.ppc64.rpm php-mbstring-5.3.3-46.el6_6.ppc64.rpm php-process-5.3.3-46.el6_6.ppc64.rpm php-pspell-5.3.3-46.el6_6.ppc64.rpm php-recode-5.3.3-46.el6_6.ppc64.rpm php-snmp-5.3.3-46.el6_6.ppc64.rpm php-tidy-5.3.3-46.el6_6.ppc64.rpm php-zts-5.3.3-46.el6_6.ppc64.rpm

s390x: php-bcmath-5.3.3-46.el6_6.s390x.rpm php-dba-5.3.3-46.el6_6.s390x.rpm php-debuginfo-5.3.3-46.el6_6.s390x.rpm php-devel-5.3.3-46.el6_6.s390x.rpm php-embedded-5.3.3-46.el6_6.s390x.rpm php-enchant-5.3.3-46.el6_6.s390x.rpm php-fpm-5.3.3-46.el6_6.s390x.rpm php-imap-5.3.3-46.el6_6.s390x.rpm php-intl-5.3.3-46.el6_6.s390x.rpm php-mbstring-5.3.3-46.el6_6.s390x.rpm php-process-5.3.3-46.el6_6.s390x.rpm php-pspell-5.3.3-46.el6_6.s390x.rpm php-recode-5.3.3-46.el6_6.s390x.rpm php-snmp-5.3.3-46.el6_6.s390x.rpm php-tidy-5.3.3-46.el6_6.s390x.rpm php-zts-5.3.3-46.el6_6.s390x.rpm

x86_64: php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-9425 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVnsPKXlSAg2UNWIIRAtXEAKC6gknTJ+I/czViSyE71AjUZ1pWSQCgo6ip /jsvmaEr/ag17pZ7M9fXiz4= =vWCv -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11

OS X El Capitan 10.11 is now available and addresses the following:

Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issue existed in Address Book framework's handling of an environment variable. This issue was addressed through improved environment variable handling. CVE-ID CVE-2015-5897 : Dan Bastone of Gotham Digital Science

AirScan Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connection Description: An issue existed in the processing of eSCL packets. This issue was addressed through improved validation checks. CVE-ID CVE-2015-5853 : an anonymous researcher

apache_mod_php Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution. This issue was addressed by updating PHP to version 5.5.27. CVE-ID CVE-2014-9425 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330

Apple Online Store Kit Available for: Mac OS X v10.6.8 and later Impact: A malicious application may gain access to a user's keychain items Description: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University

AppleEvents Available for: Mac OS X v10.6.8 and later Impact: A user connected through screen sharing can send Apple Events to a local user's session Description: An issue existed with Apple Event filtering that allowed some users to send events to other users. This was addressed by improved Apple Event handling. CVE-ID CVE-2015-5849 : Jack Lawrence (@_jackhl)

Audio Available for: Mac OS X v10.6.8 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea

bash Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in bash Description: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. These issues were addressed by updating bash version 3.2 to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187

Certificate Trust Policy Available for: Mac OS X v10.6.8 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork Cookies Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork FTPProtocol Available for: Mac OS X v10.6.8 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in the handling of FTP packets when using the PASV command. This issue was resolved through improved validation. CVE-ID CVE-2015-5912 : Amit Klein

CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A maliciously crafted URL may be able to bypass HSTS and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd

CFNetwork Proxies Available for: Mac OS X v10.6.8 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group

CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.

CoreCrypto Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.

CoreText Available for: Mac OS X v10.6.8 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

Dev Tools Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash

Dev Tools Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam

Disk Images Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco

dyld Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : TaiG Jailbreak Team

EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious application can prevent some systems from booting Description: An issue existed with the addresses covered by the protected range register. This issue was fixed by changing the protected range. CVE-ID CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore

EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashing Description: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare

Finder Available for: Mac OS X v10.6.8 and later Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option. CVE-ID CVE-2015-5901 : Apple

Game Center Available for: Mac OS X v10.6.8 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser

Heimdal Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to replay Kerberos credentials to the SMB server Description: An authentication issue existed in Kerberos credentials. This issue was addressed through additional validation of credentials using a list of recently seen credentials. CVE-ID CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu Fan of Microsoft Corporation, China

ICU Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2014-8147 CVE-2015-5922

Install Framework Legacy Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to gain root privileges Description: A restriction issue existed in the Install private framework containing a privileged executable. This issue was addressed by removing the executable. CVE-ID CVE-2015-5888 : Apple

Intel Graphics Driver Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in the Intel Graphics Driver. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5830 : Yuki MIZUNO (@mzyy94) CVE-2015-5877 : Camillus Gerard Cai

IOAudioFamily Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOAudioFamily that led to the disclosure of kernel memory content. This issue was addressed by permuting kernel pointers. CVE-ID CVE-2015-5864 : Luca Todesco

IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5871 : Ilja van Sprundel of IOActive CVE-2015-5872 : Ilja van Sprundel of IOActive CVE-2015-5873 : Ilja van Sprundel of IOActive CVE-2015-5890 : Ilja van Sprundel of IOActive

IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOGraphics which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-5865 : Luca Todesco

IOHIDFamily Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5866 : Apple CVE-2015-5867 : moony li of Trend Micro

IOStorageFamily Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the Kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through additional entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. These issues were addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser

Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issue was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney

Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in the handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory layout. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in debugging interfaces that led to the disclosure of memory content. This issue was addressed by sanitizing output from debugging interfaces. CVE-ID CVE-2015-5870 : Apple

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to cause a system denial of service Description: A state management issue existed in debugging functionality. This issue was addressed through improved validation. CVE-ID CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team

libc Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation

libpthread Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team

libxpc Available for: Mac OS X v10.6.8 and later Impact: Many SSH connections could cause a denial of service Description: launchd had no limit on the number of processes that could be started by a network connection. This issue was addressed by limiting the number of SSH processes to 40. CVE-ID CVE-2015-5881 : Apple

Login Window Available for: Mac OS X v10.6.8 and later Impact: The screen lock may not engage after the specified time period Description: An issue existed with captured display locking. The issue was addressed through improved lock handling. CVE-ID CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher

lukemftpd Available for: Mac OS X v10.6.8 and later Impact: A remote attacker may be able to deny service to the FTP server Description: A glob-processing issue existed in tnftpd. This issue was addressed through improved glob validation. CVE-ID CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com

Mail Available for: Mac OS X v10.6.8 and later Impact: Printing an email may leak sensitive user information Description: An issue existed in Mail which bypassed user preferences when printing an email. This issue was addressed through improved user preference enforcement. CVE-ID CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners

Mail Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position may be able to intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop Description: An issue existed in handling encryption parameters for large email attachments sent via Mail Drop. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail. CVE-ID CVE-2015-5884 : John McCombs of Integrated Mapping Ltd

Multipeer Connectivity Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem

NetworkExtension Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd

Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: An issue existed in parsing links in the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher

Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: A cross-site scripting issue existed in parsing text by the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)

OpenSSH Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSH Description: Multiple vulnerabilities existed in OpenSSH versions prior to 6.9. These issues were addressed by updating OpenSSH to version 6.9. CVE-ID CVE-2014-2532

OpenSSL Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287

procmail Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in procmail Description: Multiple vulnerabilities existed in procmail versions prior to 3.22. These issues were addressed by removing procmail. CVE-ID CVE-2014-3618

remote_cmds Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with root privileges Description: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary. CVE-ID CVE-2015-5889 : Philip Pettersson

removefile Available for: Mac OS X v10.6.8 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher

Ruby Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in Ruby Description: Multiple vulnerabilities existed in Ruby versions prior to 2.0.0p645. These were addressed by updating Ruby to version 2.0.0p645. CVE-ID CVE-2014-8080 CVE-2014-8090 CVE-2015-1855

Security Available for: Mac OS X v10.6.8 and later Impact: The lock state of the keychain may be incorrectly displayed to the user Description: A state management issue existed in the way keychain lock status was tracked. This issue was addressed through improved state management. CVE-ID CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple

Security Available for: Mac OS X v10.6.8 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-5894 : Hannes Oud of kWallet GmbH

Security Available for: Mac OS X v10.6.8 and later Impact: A remote server may prompt for a certificate before identifying itself Description: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. This issue was addressed by requiring the ServerKeyExchange first. CVE-ID CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute

SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5891 : Ilja van Sprundel of IOActive

SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in SMBClient that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5893 : Ilja van Sprundel of IOActive

SQLite Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-3414 CVE-2015-3415 CVE-2015-3416

Telephony Available for: Mac OS X v10.6.8 and later Impact: A local attacker can place phone calls without the user's knowledge when using Continuity Description: An issue existed in the authorization checks for placing phone calls. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-3785 : Dan Bastone of Gotham Digital Science

Terminal Available for: Mac OS X v10.6.8 and later Impact: Maliciously crafted text could mislead the user in Terminal Description: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. This issue was addressed by suppressing bidirectional override characters in Terminal. CVE-ID CVE-2015-5883 : an anonymous researcher

tidy Available for: Mac OS X v10.6.8 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in tidy. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com

Time Machine Available for: Mac OS X v10.6.8 and later Impact: A local attacker may gain access to keychain items Description: An issue existed in backups by the Time Machine framework. This issue was addressed through improved coverage of Time Machine backups. CVE-ID CVE-2015-5854 : Jonas Magazinius of Assured AB

Note: OS X El Capitan 10.11 includes the security content of Safari 9: https://support.apple.com/kb/HT205265.

OS X El Capitan 10.11 may be obtained from the Mac App Store: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO /hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6 QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54 YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR 8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1 nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e g6jld/w5tPuCFhGucE7Z =XciV -----END PGP SIGNATURE----- .

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.21"

All PHP 5.4 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.37"

All PHP 5.3 users should upgrade to the latest version. This branch is currently past the end of life and it will no longer receive security fixes.

References

[ 1 ] CVE-2014-3710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3710 [ 2 ] CVE-2014-8142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8142 [ 3 ] CVE-2014-9425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9425 [ 4 ] CVE-2014-9427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9427 [ 5 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 6 ] CVE-2015-0232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0232

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201503-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2015:080 http://www.mandriva.com/en/support/security/


Package : php Date : March 28, 2015 Affected: Business Server 2.0


Problem Description:

Multiple vulnerabilities has been discovered and corrected in php:

It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943).

A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270).

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345).

PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185).

A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237).

A flaw was found in the way file parsed property information from Composite Document Files (CDF) files. A property entry with 0 elements triggers an infinite loop (CVE-2014-0238).

The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types (CVE-2014-3515).

It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query (CVE-2014-4049).

A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478).

Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487).

The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory (CVE-2014-4721).

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 (CVE-2014-3587). NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (CVE-2014-3597).

An integer overflow flaw in PHP's unserialize() function was reported. If unserialize() were used on untrusted data, this issue could lead to a crash or potentially information disclosure (CVE-2014-3669).

A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code (CVE-2014-3670).

If client-supplied input was passed to PHP's cURL client as a URL to download, it could return local files from the server due to improper handling of null bytes (PHP#68089).

An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash (CVE-2014-3710).

A use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize() (CVE-2014-8142).

sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (CVE-2014-9427).

Free called on an uninitialized pointer in php-exif in PHP before 5.5.21 (CVE-2015-0232).

The readelf.c source file has been removed from PHP's bundled copy of file's libmagic, eliminating exposure to denial of service issues in ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620 and CVE-2014-9621 in PHP's fileinfo module.

S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding.

Taoguang Chen discovered that PHP incorrectly handled unserializing objects.

It was discovered that PHP incorrectly handled memory in the phar extension. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231).

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code (CVE-2015-2331).

It was discovered that the PHP opcache component incorrectly handled memory.

It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers.

PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to the libmagic issues. The libzip packages has been patched to address the CVE-2015-2331 flaw.

A bug in the php zip extension that could cause a crash has been fixed (mga#13820)

Additionally the jsonc and timezonedb packages has been upgraded to the latest versions and the PECL packages which requires so has been rebuilt for php-5.5.23.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://php.net/ChangeLog-5.php#5.5.9 http://php.net/ChangeLog-5.php#5.5.10 http://php.net/ChangeLog-5.php#5.5.11 http://php.net/ChangeLog-5.php#5.5.12 http://php.net/ChangeLog-5.php#5.5.13 http://php.net/ChangeLog-5.php#5.5.14 http://php.net/ChangeLog-5.php#5.5.15 http://php.net/ChangeLog-5.php#5.5.16 http://php.net/ChangeLog-5.php#5.5.17 http://php.net/ChangeLog-5.php#5.5.18 http://php.net/ChangeLog-5.php#5.5.19 http://php.net/ChangeLog-5.php#5.5.20 http://php.net/ChangeLog-5.php#5.5.21 http://php.net/ChangeLog-5.php#5.5.22 http://php.net/ChangeLog-5.php#5.5.22 http://php.net/ChangeLog-5.php#5.5.23 http://www.ubuntu.com/usn/usn-2535-1/ http://www.ubuntu.com/usn/usn-2501-1/ https://bugzilla.redhat.com/show_bug.cgi?id=1204676 http://advisories.mageia.org/MGASA-2014-0163.html http://advisories.mageia.org/MGASA-2014-0178.html http://advisories.mageia.org/MGASA-2014-0215.html http://advisories.mageia.org/MGASA-2014-0258.html http://advisories.mageia.org/MGASA-2014-0284.html http://advisories.mageia.org/MGASA-2014-0324.html http://advisories.mageia.org/MGASA-2014-0367.html http://advisories.mageia.org/MGASA-2014-0430.html http://advisories.mageia.org/MGASA-2014-0441.html http://advisories.mageia.org/MGASA-2014-0542.html http://advisories.mageia.org/MGASA-2015-0040.html https://bugs.mageia.org/show_bug.cgi?id=13820


Updated Packages:

Mandriva Business Server 2/X86_64: a4e09575e26b690bd44801a126795ce9 mbs2/x86_64/apache-mod_php-5.5.23-1.mbs2.x86_64.rpm e156aaf446f543279f758b767e5ce6f2 mbs2/x86_64/lib64php5_common5-5.5.23-1.mbs2.x86_64.rpm cf1653dd6b3606ff8983739fe7728502 mbs2/x86_64/lib64zip2-0.11.2-1.1.mbs2.x86_64.rpm 2ed6c588ca428a502ab995726d497527 mbs2/x86_64/lib64zip-devel-0.11.2-1.1.mbs2.x86_64.rpm 91fd4a50d38c904247519a34f71ac9a7 mbs2/x86_64/libzip-0.11.2-1.1.mbs2.x86_64.rpm 0fad2aa8ca3bed422588c7d7c349e3e7 mbs2/x86_64/php-bcmath-5.5.23-1.mbs2.x86_64.rpm b797a14554b170f1f2c307eebd5011ce mbs2/x86_64/php-bz2-5.5.23-1.mbs2.x86_64.rpm 83abadd87c78c719b585acbfcbf1f54a mbs2/x86_64/php-calendar-5.5.23-1.mbs2.x86_64.rpm 71b728b5c58335c37e9ee059a98179b5 mbs2/x86_64/php-cgi-5.5.23-1.mbs2.x86_64.rpm d6047e2545b396ad29b2619c3d811b49 mbs2/x86_64/php-cli-5.5.23-1.mbs2.x86_64.rpm 933344ca17f96bd844db47c993b8ce1a mbs2/x86_64/php-ctype-5.5.23-1.mbs2.x86_64.rpm 0278a991ed7a7ea1d51c6651b1157744 mbs2/x86_64/php-curl-5.5.23-1.mbs2.x86_64.rpm a3f172d95d061f6a2ba9ce562f1068ac mbs2/x86_64/php-dba-5.5.23-1.mbs2.x86_64.rpm d239cccc6594bfe8169c0b5300ca1dd0 mbs2/x86_64/php-devel-5.5.23-1.mbs2.x86_64.rpm 73a234b9c369a20c349fca7f425b405a mbs2/x86_64/php-doc-5.5.23-1.mbs2.noarch.rpm ab4caa5f1a397e2f267479f08616d027 mbs2/x86_64/php-dom-5.5.23-1.mbs2.x86_64.rpm 016b8d010a1866935f2a6889b712300c mbs2/x86_64/php-enchant-5.5.23-1.mbs2.x86_64.rpm f9bd5f358336ea8a997f85f4d690fd40 mbs2/x86_64/php-exif-5.5.23-1.mbs2.x86_64.rpm 9f0ef885d5e7abb84c1b0c6242bd1a54 mbs2/x86_64/php-fileinfo-5.5.23-1.mbs2.x86_64.rpm f551fc699944abdbd78cd1f74e1db713 mbs2/x86_64/php-filter-5.5.23-1.mbs2.x86_64.rpm 10c6ad89a0707acdff025ee0166b4361 mbs2/x86_64/php-fpm-5.5.23-1.mbs2.x86_64.rpm fad5946e3ff8bf1d3b7215fee229b934 mbs2/x86_64/php-ftp-5.5.23-1.mbs2.x86_64.rpm c74071a614cc4f8d5ac612736264aad2 mbs2/x86_64/php-gd-5.5.23-1.mbs2.x86_64.rpm 788e0972b5aa918a0c8ce2b0e30270a6 mbs2/x86_64/php-gettext-5.5.23-1.mbs2.x86_64.rpm 996120d4c1fa233bdb38aedf0718f593 mbs2/x86_64/php-gmp-5.5.23-1.mbs2.x86_64.rpm e032d9a3c8e078242347623f1ff51b5a mbs2/x86_64/php-hash-5.5.23-1.mbs2.x86_64.rpm c1da3a1898b05995091ad1c2237bdf6a mbs2/x86_64/php-iconv-5.5.23-1.mbs2.x86_64.rpm 37b4a5d86006024878d397a8478d5a42 mbs2/x86_64/php-imap-5.5.23-1.mbs2.x86_64.rpm bd10d9a55ee8db73b4d80dae1e14e4e0 mbs2/x86_64/php-ini-5.5.23-1.mbs2.x86_64.rpm 4cb54cd72bd26728bb29f5d00a5174af mbs2/x86_64/php-interbase-5.5.23-1.mbs2.x86_64.rpm 2713dca82ad94d88b379db3fa012ed2d mbs2/x86_64/php-intl-5.5.23-1.mbs2.x86_64.rpm f0a9187b81e038400dae4e01123b751c mbs2/x86_64/php-json-5.5.23-1.mbs2.x86_64.rpm c395a0cb573d9432c9e4c2a4b92d1d0f mbs2/x86_64/php-ldap-5.5.23-1.mbs2.x86_64.rpm f2374e34b874072d2268acf1c72b383a mbs2/x86_64/php-mbstring-5.5.23-1.mbs2.x86_64.rpm 7ca3ce3a9464933af1a147c206c25d0d mbs2/x86_64/php-mcrypt-5.5.23-1.mbs2.x86_64.rpm dbe828f1c2caa3eef932fc0c14a7e2e9 mbs2/x86_64/php-mssql-5.5.23-1.mbs2.x86_64.rpm 995e9f09906309252d850618c3fffaa6 mbs2/x86_64/php-mysql-5.5.23-1.mbs2.x86_64.rpm c474c1f1dc45f14ea5357092277d2f22 mbs2/x86_64/php-mysqli-5.5.23-1.mbs2.x86_64.rpm cdcb4872386b83ef3969f918bf99f941 mbs2/x86_64/php-mysqlnd-5.5.23-1.mbs2.x86_64.rpm cbb1652273fb07f216c50b8d1b5445c2 mbs2/x86_64/php-odbc-5.5.23-1.mbs2.x86_64.rpm 29ab61a3d1d00ad57c875d87b62d2e12 mbs2/x86_64/php-opcache-5.5.23-1.mbs2.x86_64.rpm 349f796a960ef2207b30a06e386f2653 mbs2/x86_64/php-openssl-5.5.23-1.mbs2.x86_64.rpm 7a7411900384da8741e32a3f6f8036c2 mbs2/x86_64/php-pcntl-5.5.23-1.mbs2.x86_64.rpm ba3b14e45177b257ada03f7ff4b16deb mbs2/x86_64/php-pdo-5.5.23-1.mbs2.x86_64.rpm ae5b57dbff67c7595e154313321ff693 mbs2/x86_64/php-pdo_dblib-5.5.23-1.mbs2.x86_64.rpm 8782f71797f7cb271a514b735b19621a mbs2/x86_64/php-pdo_firebird-5.5.23-1.mbs2.x86_64.rpm ac39db58d4100f3d2d24593d3b5907fc mbs2/x86_64/php-pdo_mysql-5.5.23-1.mbs2.x86_64.rpm 210b990793c2d616fb0aecc4fde28eb6 mbs2/x86_64/php-pdo_odbc-5.5.23-1.mbs2.x86_64.rpm 6ae4df7959ddd3a8a0724ddddbe41a71 mbs2/x86_64/php-pdo_pgsql-5.5.23-1.mbs2.x86_64.rpm 1f9bdab81fa668dd583abe873892993e mbs2/x86_64/php-pdo_sqlite-5.5.23-1.mbs2.x86_64.rpm f0cbb5dde255f5c8fa3e04e3a5314ab1 mbs2/x86_64/php-pgsql-5.5.23-1.mbs2.x86_64.rpm e46ac8c820911a6091540e135f103154 mbs2/x86_64/php-phar-5.5.23-1.mbs2.x86_64.rpm 5050a745bfc3b1f5eeced2dd85f79721 mbs2/x86_64/php-posix-5.5.23-1.mbs2.x86_64.rpm c9093134a518c07f4e8a188987f853d3 mbs2/x86_64/php-readline-5.5.23-1.mbs2.x86_64.rpm 2b48c3f35573e00b5ba4327e8edc05f2 mbs2/x86_64/php-recode-5.5.23-1.mbs2.x86_64.rpm ae2157230db4d6e28698db384c8f7fcb mbs2/x86_64/php-session-5.5.23-1.mbs2.x86_64.rpm 2610a739bfa29ff11e648c7baa1d8bc3 mbs2/x86_64/php-shmop-5.5.23-1.mbs2.x86_64.rpm b7999e11cf9d2ab510263e32cabaf312 mbs2/x86_64/php-snmp-5.5.23-1.mbs2.x86_64.rpm ab665c30f0d2f13baa1c6475b7df7cac mbs2/x86_64/php-soap-5.5.23-1.mbs2.x86_64.rpm f331837ba716316cef094765a1700101 mbs2/x86_64/php-sockets-5.5.23-1.mbs2.x86_64.rpm 134f8bb18790bd023e73919a794703a0 mbs2/x86_64/php-sqlite3-5.5.23-1.mbs2.x86_64.rpm 4b4aa44d0ac56629610bb0444f199df5 mbs2/x86_64/php-sybase_ct-5.5.23-1.mbs2.x86_64.rpm fc69f644f36308d81f37f356b76e40a1 mbs2/x86_64/php-sysvmsg-5.5.23-1.mbs2.x86_64.rpm 981b7ef6715aacfe9250b206dbbbad31 mbs2/x86_64/php-sysvsem-5.5.23-1.mbs2.x86_64.rpm 91c006555173d03f1d25899947702673 mbs2/x86_64/php-sysvshm-5.5.23-1.mbs2.x86_64.rpm 62e5fa5fa8b4d89d7835f2f68169af14 mbs2/x86_64/php-tidy-5.5.23-1.mbs2.x86_64.rpm 0c5a9237c710dd098c8bb56018f7a142 mbs2/x86_64/php-timezonedb-2015.1-1.mbs2.x86_64.rpm d94aa68a9ce76bce5c962c58f37ac5a5 mbs2/x86_64/php-tokenizer-5.5.23-1.mbs2.x86_64.rpm 317c7da32daa223560dc08bbae89d98d mbs2/x86_64/php-wddx-5.5.23-1.mbs2.x86_64.rpm 9b2cf90dfc6f6bdc0431a6f94d43a947 mbs2/x86_64/php-xml-5.5.23-1.mbs2.x86_64.rpm 0a1b6e0beeb36f24f9250a352fbff1e9 mbs2/x86_64/php-xmlreader-5.5.23-1.mbs2.x86_64.rpm 598925bc71347774e805b6fcfcbcf590 mbs2/x86_64/php-xmlrpc-5.5.23-1.mbs2.x86_64.rpm 49a1f8e773e98bb101488b805670651c mbs2/x86_64/php-xmlwriter-5.5.23-1.mbs2.x86_64.rpm 0b7c2f2fe7b3103631dd07d12d443e06 mbs2/x86_64/php-xsl-5.5.23-1.mbs2.x86_64.rpm 5cb68626d863213de934655dac8342c8 mbs2/x86_64/php-zip-5.5.23-1.mbs2.x86_64.rpm a27bab106c0ba87f220ff35937210a63 mbs2/x86_64/php-zlib-5.5.23-1.mbs2.x86_64.rpm 3dd6a6eeb12c7207446053e4785d6974 mbs2/SRPMS/libzip-0.11.2-1.1.mbs2.src.rpm 5d69769d822628a5bf1485eaa1251b8e mbs2/SRPMS/php-5.5.23-1.mbs2.src.rpm 0a629c11ca23ba56d57f61a754def293 mbs2/SRPMS/php-timezonedb-2015.1-1.mbs2.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0114",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.4 for up to  5.6.x"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 thats all  10.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "71800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9425"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.5.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.4",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9425"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Joshua Rogers",
    "sources": [
      {
        "db": "BID",
        "id": "71800"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-9425",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-9425",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-77370",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-9425",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201412-534",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-77370",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-9425",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-77370"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9425"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9425"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-415: Double Free ( Double release ) Has been identified. http://cwe.mitre.org/data/definitions/415.htmlService disruption by a third party (DoS) There is a possibility of being affected unspecified, such as being in a state. PHP is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: php security update\nAdvisory ID:       RHSA-2015:1218-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1218.html\nIssue date:        2015-07-09\nCVE Names:         CVE-2014-9425 CVE-2014-9705 CVE-2014-9709 \n                   CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 \n                   CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 \n                   CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 \n                   CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 \n                   CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 \n=====================================================================\n\n1. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1177734 - CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy()\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\nx86_64:\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\n\nppc64:\nphp-5.3.3-46.el6_6.ppc64.rpm\nphp-cli-5.3.3-46.el6_6.ppc64.rpm\nphp-common-5.3.3-46.el6_6.ppc64.rpm\nphp-debuginfo-5.3.3-46.el6_6.ppc64.rpm\nphp-gd-5.3.3-46.el6_6.ppc64.rpm\nphp-ldap-5.3.3-46.el6_6.ppc64.rpm\nphp-mysql-5.3.3-46.el6_6.ppc64.rpm\nphp-odbc-5.3.3-46.el6_6.ppc64.rpm\nphp-pdo-5.3.3-46.el6_6.ppc64.rpm\nphp-pgsql-5.3.3-46.el6_6.ppc64.rpm\nphp-soap-5.3.3-46.el6_6.ppc64.rpm\nphp-xml-5.3.3-46.el6_6.ppc64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.ppc64.rpm\n\ns390x:\nphp-5.3.3-46.el6_6.s390x.rpm\nphp-cli-5.3.3-46.el6_6.s390x.rpm\nphp-common-5.3.3-46.el6_6.s390x.rpm\nphp-debuginfo-5.3.3-46.el6_6.s390x.rpm\nphp-gd-5.3.3-46.el6_6.s390x.rpm\nphp-ldap-5.3.3-46.el6_6.s390x.rpm\nphp-mysql-5.3.3-46.el6_6.s390x.rpm\nphp-odbc-5.3.3-46.el6_6.s390x.rpm\nphp-pdo-5.3.3-46.el6_6.s390x.rpm\nphp-pgsql-5.3.3-46.el6_6.s390x.rpm\nphp-soap-5.3.3-46.el6_6.s390x.rpm\nphp-xml-5.3.3-46.el6_6.s390x.rpm\nphp-xmlrpc-5.3.3-46.el6_6.s390x.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nppc64:\nphp-bcmath-5.3.3-46.el6_6.ppc64.rpm\nphp-dba-5.3.3-46.el6_6.ppc64.rpm\nphp-debuginfo-5.3.3-46.el6_6.ppc64.rpm\nphp-devel-5.3.3-46.el6_6.ppc64.rpm\nphp-embedded-5.3.3-46.el6_6.ppc64.rpm\nphp-enchant-5.3.3-46.el6_6.ppc64.rpm\nphp-fpm-5.3.3-46.el6_6.ppc64.rpm\nphp-imap-5.3.3-46.el6_6.ppc64.rpm\nphp-intl-5.3.3-46.el6_6.ppc64.rpm\nphp-mbstring-5.3.3-46.el6_6.ppc64.rpm\nphp-process-5.3.3-46.el6_6.ppc64.rpm\nphp-pspell-5.3.3-46.el6_6.ppc64.rpm\nphp-recode-5.3.3-46.el6_6.ppc64.rpm\nphp-snmp-5.3.3-46.el6_6.ppc64.rpm\nphp-tidy-5.3.3-46.el6_6.ppc64.rpm\nphp-zts-5.3.3-46.el6_6.ppc64.rpm\n\ns390x:\nphp-bcmath-5.3.3-46.el6_6.s390x.rpm\nphp-dba-5.3.3-46.el6_6.s390x.rpm\nphp-debuginfo-5.3.3-46.el6_6.s390x.rpm\nphp-devel-5.3.3-46.el6_6.s390x.rpm\nphp-embedded-5.3.3-46.el6_6.s390x.rpm\nphp-enchant-5.3.3-46.el6_6.s390x.rpm\nphp-fpm-5.3.3-46.el6_6.s390x.rpm\nphp-imap-5.3.3-46.el6_6.s390x.rpm\nphp-intl-5.3.3-46.el6_6.s390x.rpm\nphp-mbstring-5.3.3-46.el6_6.s390x.rpm\nphp-process-5.3.3-46.el6_6.s390x.rpm\nphp-pspell-5.3.3-46.el6_6.s390x.rpm\nphp-recode-5.3.3-46.el6_6.s390x.rpm\nphp-snmp-5.3.3-46.el6_6.s390x.rpm\nphp-tidy-5.3.3-46.el6_6.s390x.rpm\nphp-zts-5.3.3-46.el6_6.s390x.rpm\n\nx86_64:\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9425\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVnsPKXlSAg2UNWIIRAtXEAKC6gknTJ+I/czViSyE71AjUZ1pWSQCgo6ip\n/jsvmaEr/ag17pZ7M9fXiz4=\n=vWCv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-30-3 OS X El Capitan 10.11\n\nOS X El Capitan 10.11 is now available and addresses the following:\n\nAddress Book\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to inject arbitrary code to\nprocesses loading the Address Book framework\nDescription:  An issue existed in Address Book framework\u0027s handling\nof an environment variable. This issue was addressed through improved\nenvironment variable handling. \nCVE-ID\nCVE-2015-5897 : Dan Bastone of Gotham Digital Science\n\nAirScan\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker with a privileged network position may be able\nto extract payload from eSCL packets sent over a secure connection\nDescription:  An issue existed in the processing of eSCL packets. \nThis issue was addressed through improved validation checks. \nCVE-ID\nCVE-2015-5853 : an anonymous researcher\n\napache_mod_php\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.5.27, including one which may have led to remote code execution. \nThis issue was addressed by updating PHP to version 5.5.27. \nCVE-ID\nCVE-2014-9425\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9705\nCVE-2014-9709\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0235\nCVE-2015-0273\nCVE-2015-1351\nCVE-2015-1352\nCVE-2015-2301\nCVE-2015-2305\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2783\nCVE-2015-2787\nCVE-2015-3329\nCVE-2015-3330\n\nApple Online Store Kit\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may gain access to a user\u0027s keychain\nitems\nDescription:  An issue existed in validation of access control lists\nfor iCloud keychain items. This issue was addressed through improved\naccess control list checks. \nCVE-ID\nCVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of\nIndiana University, Tongxin Li of Peking University, Tongxin Li of\nPeking University, Xiaolong Bai of Tsinghua University\n\nAppleEvents\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A user connected through screen sharing can send Apple\nEvents to a local user\u0027s session\nDescription:  An issue existed with Apple Event filtering that\nallowed some users to send events to other users. This was addressed\nby improved Apple Event handling. \nCVE-ID\nCVE-2015-5849 : Jack Lawrence (@_jackhl)\n\nAudio\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription:  A memory corruption issue existed in the handling of\naudio files. This issue issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\n\nbash\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in bash\nDescription:  Multiple vulnerabilities existed in bash versions prior\nto 3.2 patch level 57. These issues were addressed by updating bash\nversion 3.2 to patch level 57. \nCVE-ID\nCVE-2014-6277\nCVE-2014-7186\nCVE-2014-7187\n\nCertificate Trust Policy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork Cookies\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription:  A cross-domain cookie issue existed in the handling of\ntop level domains. The issue was address through improved\nrestrictions of cookie creation. \nCVE-ID\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork FTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Malicious FTP servers may be able to cause the client to\nperform reconnaissance on other hosts\nDescription:  An issue existed in the handling of FTP packets when\nusing the PASV command. This issue was resolved through improved\nvalidation. \nCVE-ID\nCVE-2015-5912 : Amit Klein\n\nCFNetwork HTTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A maliciously crafted URL may be able to bypass HSTS and\nleak sensitive data\nDescription:  A URL parsing vulnerability existed in HSTS handling. \nThis issue was addressed through improved URL parsing. \nCVE-ID\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork HTTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription:  An issue existed in the handling of HSTS state in\nSafari private browsing mode. This issue was addressed through\nimproved state handling. \nCVE-ID\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\n\nCFNetwork Proxies\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Connecting to a malicious web proxy may set malicious\ncookies for a website\nDescription:  An issue existed in the handling of proxy connect\nresponses. This issue was addressed by removing the set-cookie header\nwhile parsing the connect response. \nCVE-ID\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork SSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  A certificate validation issue existed in NSURL when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-ID\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\n\nCFNetwork SSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of RC4. \nAn attacker could force the use of RC4, even if the server preferred\nbetter ciphers, by blocking TLS 1.0 and higher connections until\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\naddressed by removing the fallback to SSL 3.0. \n\nCoreCrypto\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to determine a private key\nDescription:  By observing many signing or decryption attempts, an\nattacker may have been able to determine the RSA private key. This\nissue was addressed using improved encryption algorithms. \n\nCoreText\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\nDev Tools\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in dyld. This was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-5876 : beist of grayhash\n\nDev Tools\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : @PanguTeam\n\nDisk Images\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in DiskImages. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\n\ndyld\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : TaiG Jailbreak Team\n\nEFI\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application can prevent some systems from\nbooting\nDescription:  An issue existed with the addresses covered by the\nprotected range register. This issue was fixed by changing the\nprotected range. \nCVE-ID\nCVE-2015-5900 : Xeno Kovah \u0026 Corey Kallenberg from LegbaCore\n\nEFI\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious Apple Ethernet Thunderbolt adapter may be able\nto affect firmware flashing\nDescription:  Apple Ethernet Thunderbolt adapters could modify the\nhost firmware if connected during an EFI update. This issue was\naddressed by not loading option ROMs during updates. \nCVE-ID\nCVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare\n\nFinder\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The \"Secure Empty Trash\" feature may not securely delete\nfiles placed in the Trash\nDescription:  An issue existed in guaranteeing secure deletion of\nTrash files on some systems, such as those with flash storage. This\nissue was addressed by removing the \"Secure Empty Trash\" option. \nCVE-ID\nCVE-2015-5901 : Apple\n\nGame Center\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious Game Center application may be able to access a\nplayer\u0027s email address\nDescription:  An issue existed in Game Center in the handling of a\nplayer\u0027s email. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2015-5855 : Nasser Alnasser\n\nHeimdal\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to replay Kerberos credentials to\nthe SMB server\nDescription:  An authentication issue existed in Kerberos\ncredentials. This issue was addressed through additional validation\nof credentials using a list of recently seen credentials. \nCVE-ID\nCVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu\nFan of Microsoft Corporation, China\n\nICU\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in ICU\nDescription:  Multiple vulnerabilities existed in ICU versions prior\nto 53.1.0. These issues were addressed by updating ICU to version\n55.1. \nCVE-ID\nCVE-2014-8146\nCVE-2014-8147\nCVE-2015-5922\n\nInstall Framework Legacy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to gain root privileges\nDescription:  A restriction issue existed in the Install private\nframework containing a privileged executable. This issue was\naddressed by removing the executable. \nCVE-ID\nCVE-2015-5888 : Apple\n\nIntel Graphics Driver\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Multiple memory corruption issues existed in the Intel\nGraphics Driver. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5830 : Yuki MIZUNO (@mzyy94)\nCVE-2015-5877 : Camillus Gerard Cai\n\nIOAudioFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in IOAudioFamily that led to the\ndisclosure of kernel memory content. This issue was addressed by\npermuting kernel pointers. \nCVE-ID\nCVE-2015-5864 : Luca Todesco\n\nIOGraphics\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nkernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5871 : Ilja van Sprundel of IOActive\nCVE-2015-5872 : Ilja van Sprundel of IOActive\nCVE-2015-5873 : Ilja van Sprundel of IOActive\nCVE-2015-5890 : Ilja van Sprundel of IOActive\n\nIOGraphics\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in IOGraphics which could have led to\nthe disclosure of kernel memory layout. This issue was addressed\nthrough improved memory management. \nCVE-ID\nCVE-2015-5865 : Luca Todesco\n\nIOHIDFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple memory corruption issues existed in\nIOHIDFamily. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5866 : Apple\nCVE-2015-5867 : moony li of Trend Micro\n\nIOStorageFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to read kernel memory\nDescription:  A memory initialization issue existed in the kernel. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5863 : Ilja van Sprundel of IOActive\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nKernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\nCVE-2015-5896 : Maxime Villard of m00nbsd\nCVE-2015-5903 : CESG\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local process can modify other processes without\nentitlement checks\nDescription:  An issue existed where root processes using the\nprocessor_set_tasks API were allowed to retrieve the task ports of\nother processes. This issue was addressed through additional\nentitlement checks. \nCVE-ID\nCVE-2015-5882 : Pedro Vilaca, working from original research by\nMing-chieh Pan and Sung-ting Tsai; Jonathan Levin\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may control the value of stack cookies\nDescription:  Multiple weaknesses existed in the generation of user\nspace stack cookies. These issues were addressed through improved\ngeneration of stack cookies. \nCVE-ID\nCVE-2013-3951 : Stefan Esser\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to launch denial of service attacks\non targeted TCP connections without knowing the correct sequence\nnumber\nDescription:  An issue existed in xnu\u0027s validation of TCP packet\nheaders. This issue was addressed through improved TCP packet header\nvalidation. \nCVE-ID\nCVE-2015-5879 : Jonathan Looney\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a local LAN segment may disable IPv6 routing\nDescription:  An insufficient validation issue existed in the\nhandling of IPv6 router advertisements that allowed an attacker to\nset the hop limit to an arbitrary value. This issue was addressed by\nenforcing a minimum hop limit. \nCVE-ID\nCVE-2015-5869 : Dennis Spindel Ljungmark\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed that led to the disclosure of kernel\nmemory layout. This was addressed through improved initialization of\nkernel memory structures. \nCVE-ID\nCVE-2015-5842 : beist of grayhash\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in debugging interfaces that led to\nthe disclosure of memory content. This issue was addressed by\nsanitizing output from debugging interfaces. \nCVE-ID\nCVE-2015-5870 : Apple\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A state management issue existed in debugging\nfunctionality. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team\n\nlibc\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\nCorporation\n\nlibpthread\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\n\nlibxpc\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Many SSH connections could cause a denial of service\nDescription:  launchd had no limit on the number of processes that\ncould be started by a network connection. This issue was addressed by\nlimiting the number of SSH processes to 40. \nCVE-ID\nCVE-2015-5881 : Apple\n\nLogin Window\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The screen lock may not engage after the specified time\nperiod\nDescription:  An issue existed with captured display locking. The\nissue was addressed through improved lock handling. \nCVE-ID\nCVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau\ninformationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni\nVaahtera, and an anonymous researcher\n\nlukemftpd\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A remote attacker may be able to deny service to the FTP\nserver\nDescription:  A glob-processing issue existed in tnftpd. This issue\nwas addressed through improved glob validation. \nCVE-ID\nCVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com\n\nMail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Printing an email may leak sensitive user information\nDescription:  An issue existed in Mail which bypassed user\npreferences when printing an email. This issue was addressed through\nimproved user preference enforcement. \nCVE-ID\nCVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,\nDennis Klein from Eschenburg, Germany, Jeff Hammett of Systim\nTechnology Partners\n\nMail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a privileged network position may be able to\nintercept attachments of S/MIME-encrypted e-mail sent via Mail Drop\nDescription:  An issue existed in handling encryption parameters for\nlarge email attachments sent via Mail Drop. The issue is addressed by\nno longer offering Mail Drop when sending an encrypted e-mail. \nCVE-ID\nCVE-2015-5884 : John McCombs of Integrated Mapping Ltd\n\nMultipeer Connectivity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to observe unprotected\nmultipeer data\nDescription:  An issue existed in convenience initializer handling in\nwhich encryption could be actively downgraded to a non-encrypted\nsession. This issue was addressed by changing the convenience\ninitializer to require encryption. \nCVE-ID\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\n\nNetworkExtension\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An uninitialized memory issue in the kernel led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved memory initialization. \nCVE-ID\nCVE-2015-5831 : Maxime Villard of m00nbsd\n\nNotes\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to leak sensitive user information\nDescription:  An issue existed in parsing links in the Notes\napplication. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher\n\nNotes\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to leak sensitive user information\nDescription:  A cross-site scripting issue existed in parsing text by\nthe Notes application. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2015-5875 : xisigr of Tencent\u0027s Xuanwu LAB (www.tencent.com)\n\nOpenSSH\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in OpenSSH\nDescription:  Multiple vulnerabilities existed in OpenSSH versions\nprior to 6.9. These issues were addressed by updating OpenSSH to\nversion 6.9. \nCVE-ID\nCVE-2014-2532\n\nOpenSSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-0286\nCVE-2015-0287\n\nprocmail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in procmail\nDescription:  Multiple vulnerabilities existed in procmail versions\nprior to 3.22. These issues were addressed by removing procmail. \nCVE-ID\nCVE-2014-3618\n\nremote_cmds\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with root\nprivileges\nDescription:  An issue existed in the usage of environment variables\nby the rsh binary. This issue was addressed by dropping setuid\nprivileges from the rsh binary. \nCVE-ID\nCVE-2015-5889 : Philip Pettersson\n\nremovefile\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Processing malicious data may lead to unexpected application\ntermination\nDescription:  An overflow fault existed in the checkint division\nroutines. This issue was addressed with improved division routines. \nCVE-ID\nCVE-2015-5840 : an anonymous researcher\n\nRuby\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in Ruby\nDescription:  Multiple vulnerabilities existed in Ruby versions prior\nto 2.0.0p645. These were addressed by updating Ruby to version\n2.0.0p645. \nCVE-ID\nCVE-2014-8080\nCVE-2014-8090\nCVE-2015-1855\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The lock state of the keychain may be incorrectly displayed\nto the user\nDescription:  A state management issue existed in the way keychain\nlock status was tracked. This issue was addressed through improved\nstate management. \nCVE-ID\nCVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,\nEric E. Lawrence, Apple\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A trust evaluation configured to require revocation checking\nmay succeed even if revocation checking fails\nDescription:  The kSecRevocationRequirePositiveResponse flag was\nspecified but not implemented. This issue was addressed by\nimplementing the flag. \nCVE-ID\nCVE-2015-5894 : Hannes Oud of kWallet GmbH\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A remote server may prompt for a certificate before\nidentifying itself\nDescription:  Secure Transport accepted the CertificateRequest\nmessage before the ServerKeyExchange message. This issue was\naddressed by requiring the ServerKeyExchange first. \nCVE-ID\nCVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nINRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of\nMicrosoft Research, Pierre-Yves Strub of IMDEA Software Institute\n\nSMB\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5891 : Ilja van Sprundel of IOActive\n\nSMB\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in SMBClient that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-5893 : Ilja van Sprundel of IOActive\n\nSQLite\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in SQLite v3.8.5\nDescription:  Multiple vulnerabilities existed in SQLite v3.8.5. \nThese issues were addressed by updating SQLite to version 3.8.10.2. \nCVE-ID\nCVE-2015-3414\nCVE-2015-3415\nCVE-2015-3416\n\nTelephony\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker can place phone calls without the user\u0027s\nknowledge when using Continuity\nDescription:  An issue existed in the authorization checks for\nplacing phone calls. This issue was addressed through improved\nauthorization checks. \nCVE-ID\nCVE-2015-3785 : Dan Bastone of Gotham Digital Science\n\nTerminal\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Maliciously crafted text could mislead the user in Terminal\nDescription:  Terminal did not handle bidirectional override\ncharacters in the same way when displaying text and when selecting\ntext. This issue was addressed by suppressing bidirectional override\ncharacters in Terminal. \nCVE-ID\nCVE-2015-5883 : an anonymous researcher\n\ntidy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in tidy. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\n\nTime Machine\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may gain access to keychain items\nDescription:  An issue existed in backups by the Time Machine\nframework. This issue was addressed through improved coverage of Time\nMachine backups. \nCVE-ID\nCVE-2015-5854 : Jonas Magazinius of Assured AB\n\nNote:  OS X El Capitan 10.11 includes the security content of\nSafari 9: https://support.apple.com/kb/HT205265. \n\nOS X El Capitan 10.11 may be obtained from the Mac App Store:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw\nS5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO\n/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6\nQhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54\nYJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop\nhpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O\nc3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR\n8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r\nN1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT\nfJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1\nnJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e\ng6jld/w5tPuCFhGucE7Z\n=XciV\n-----END PGP SIGNATURE-----\n. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.5.21\"\n\nAll PHP 5.4 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.4.37\"\n\nAll PHP 5.3 users should upgrade to the latest version. This branch is\ncurrently past the end of life and it will no longer receive security\nfixes. \n\nReferences\n==========\n\n[ 1 ] CVE-2014-3710\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3710\n[ 2 ] CVE-2014-8142\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8142\n[ 3 ] CVE-2014-9425\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9425\n[ 4 ] CVE-2014-9427\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9427\n[ 5 ] CVE-2015-0231\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[ 6 ] CVE-2015-0232\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0232\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201503-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:080\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : php\n Date    : March 28, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in php:\n \n It was discovered that the file utility contains a flaw in the handling\n of indirect magic rules in the libmagic library, which leads to an\n infinite recursion when trying to determine the file type of certain\n files (CVE-2014-1943). \n \n A flaw was found in the way the file utility determined the type of\n Portable Executable (PE) format files, the executable format used on\n Windows. A malicious PE file could cause the file utility to crash or,\n potentially, execute arbitrary code (CVE-2014-2270). \n \n The BEGIN regular expression in the awk script detector in\n magic/Magdir/commands in file before 5.15 uses multiple wildcards\n with unlimited repetitions, which allows context-dependent attackers\n to cause a denial of service (CPU consumption) via a crafted ASCII\n file that triggers a large amount of backtracking, as demonstrated\n via a file with many newline characters (CVE-2013-7345). \n \n PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain\n socket with world-writable permissions by default, which allows any\n local user to connect to it and execute PHP scripts as the apache user\n (CVE-2014-0185). \n \n A flaw was found in the way file\u0026#039;s Composite Document Files (CDF)\n format parser handle CDF files with many summary info entries. \n The cdf_unpack_summary_info() function unnecessarily repeatedly read\n the info from the same offset.  This led to many file_printf() calls in\n cdf_file_property_info(), which caused file to use an excessive amount\n of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237). \n \n A flaw was found in the way file parsed property information from\n Composite Document Files (CDF) files.  A property entry with 0 elements\n triggers an infinite loop (CVE-2014-0238). \n \n The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type\n Confusion issue related to the SPL ArrayObject and SPLObjectStorage\n Types (CVE-2014-3515). \n \n It was discovered that PHP is vulnerable to a heap-based buffer\n overflow in the DNS TXT record parsing. A malicious server or\n man-in-the-middle attacker could possibly use this flaw to execute\n arbitrary code as the PHP interpreter if a PHP application uses\n dns_get_record() to perform a DNS query (CVE-2014-4049). \n \n A flaw was found in the way file parsed property information from\n Composite Document Files (CDF) files, where the mconvert() function did\n not correctly compute the truncated pascal string size (CVE-2014-3478). \n \n Multiple flaws were found in the way file parsed property information\n from Composite Document Files (CDF) files, due to insufficient boundary\n checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480,\n CVE-2014-3487). \n \n The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type\n Confusion issue that can cause it to leak arbitrary process memory\n (CVE-2014-4721). \n \n file before 5.19 does not properly restrict the amount of data read\n during a regex search, which allows remote attackers to cause a\n denial of service (CPU consumption) via a crafted file that triggers\n backtracking during processing of an awk rule, due to an incomplete\n fix for CVE-2013-7345 (CVE-2014-3538). NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2012-1571 (CVE-2014-3587). NOTE:\n this issue exists because of an incomplete fix for CVE-2014-4049\n (CVE-2014-3597). \n \n An integer overflow flaw in PHP\u0026#039;s unserialize() function was\n reported. If unserialize() were used on untrusted data, this\n issue could lead to a crash or potentially information disclosure\n (CVE-2014-3669). \n \n A heap corruption issue was reported in PHP\u0026#039;s exif_thumbnail()\n function. A specially-crafted JPEG image could cause the PHP\n interpreter to crash or, potentially, execute arbitrary code\n (CVE-2014-3670). \n \n If client-supplied input was passed to PHP\u0026#039;s cURL client as a URL to\n download, it could return local files from the server due to improper\n handling of null bytes (PHP#68089). \n \n An out-of-bounds read flaw was found in file\u0026#039;s donote() function in the\n way the file utility determined the note headers of a elf file. This\n could possibly lead to file executable crash (CVE-2014-3710). \n \n A use-after-free flaw was found in PHP unserialize().  An untrusted\n input could cause PHP interpreter to crash or, possibly, execute\n arbitrary code when processed using unserialize() (CVE-2014-8142). \n \n sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when\n mmap is used to read a .php file, does not properly consider the\n mapping\u0026#039;s length during processing of an invalid file that begins\n with a # character and lacks a newline character, which causes an\n out-of-bounds read and might allow remote attackers to obtain sensitive\n information from php-cgi process memory by leveraging the ability to\n upload a .php file or trigger unexpected code execution if a valid\n PHP script is present in memory locations adjacent to the mapping\n (CVE-2014-9427). \n \n Free called on an uninitialized pointer in php-exif in PHP before\n 5.5.21 (CVE-2015-0232). \n \n The readelf.c source file has been removed from PHP\u0026#039;s bundled copy of\n file\u0026#039;s libmagic, eliminating exposure to denial of service issues in\n ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620\n and CVE-2014-9621 in PHP\u0026#039;s fileinfo module. \n \n S. Paraschoudis discovered that PHP incorrectly handled memory in\n the enchant binding. \n \n Taoguang Chen discovered that PHP incorrectly handled unserializing\n objects. \n \n It was discovered that PHP incorrectly handled memory in the phar\n extension. NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2014-8142 (CVE-2015-0231). \n \n An integer overflow flaw, leading to a heap-based buffer overflow,\n was found in the way libzip, which is embedded in PHP, processed\n certain ZIP archives. If an attacker were able to supply a specially\n crafted ZIP archive to an application using libzip, it could cause\n the application to crash or, possibly, execute arbitrary code\n (CVE-2015-2331). \n \n It was discovered that the PHP opcache component incorrectly handled\n memory. \n \n It was discovered that the PHP PostgreSQL database extension\n incorrectly handled certain pointers. \n \n PHP contains a bundled copy of the file utility\u0026#039;s libmagic library,\n so it was vulnerable to the libmagic issues. The libzip packages\n has been patched to address the CVE-2015-2331 flaw. \n \n A bug in the php zip extension that could cause a crash has been fixed\n (mga#13820)\n \n Additionally the jsonc and timezonedb packages has been upgraded to\n the latest versions and the PECL packages which requires so has been\n rebuilt for php-5.5.23. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n http://php.net/ChangeLog-5.php#5.5.9\n http://php.net/ChangeLog-5.php#5.5.10\n http://php.net/ChangeLog-5.php#5.5.11\n http://php.net/ChangeLog-5.php#5.5.12\n http://php.net/ChangeLog-5.php#5.5.13\n http://php.net/ChangeLog-5.php#5.5.14\n http://php.net/ChangeLog-5.php#5.5.15\n http://php.net/ChangeLog-5.php#5.5.16\n http://php.net/ChangeLog-5.php#5.5.17\n http://php.net/ChangeLog-5.php#5.5.18\n http://php.net/ChangeLog-5.php#5.5.19\n http://php.net/ChangeLog-5.php#5.5.20\n http://php.net/ChangeLog-5.php#5.5.21\n http://php.net/ChangeLog-5.php#5.5.22\n http://php.net/ChangeLog-5.php#5.5.22\n http://php.net/ChangeLog-5.php#5.5.23\n http://www.ubuntu.com/usn/usn-2535-1/\n http://www.ubuntu.com/usn/usn-2501-1/\n https://bugzilla.redhat.com/show_bug.cgi?id=1204676\n http://advisories.mageia.org/MGASA-2014-0163.html\n http://advisories.mageia.org/MGASA-2014-0178.html\n http://advisories.mageia.org/MGASA-2014-0215.html\n http://advisories.mageia.org/MGASA-2014-0258.html\n http://advisories.mageia.org/MGASA-2014-0284.html\n http://advisories.mageia.org/MGASA-2014-0324.html\n http://advisories.mageia.org/MGASA-2014-0367.html\n http://advisories.mageia.org/MGASA-2014-0430.html\n http://advisories.mageia.org/MGASA-2014-0441.html\n http://advisories.mageia.org/MGASA-2014-0542.html\n http://advisories.mageia.org/MGASA-2015-0040.html\n https://bugs.mageia.org/show_bug.cgi?id=13820\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n a4e09575e26b690bd44801a126795ce9  mbs2/x86_64/apache-mod_php-5.5.23-1.mbs2.x86_64.rpm\n e156aaf446f543279f758b767e5ce6f2  mbs2/x86_64/lib64php5_common5-5.5.23-1.mbs2.x86_64.rpm\n cf1653dd6b3606ff8983739fe7728502  mbs2/x86_64/lib64zip2-0.11.2-1.1.mbs2.x86_64.rpm\n 2ed6c588ca428a502ab995726d497527  mbs2/x86_64/lib64zip-devel-0.11.2-1.1.mbs2.x86_64.rpm\n 91fd4a50d38c904247519a34f71ac9a7  mbs2/x86_64/libzip-0.11.2-1.1.mbs2.x86_64.rpm\n 0fad2aa8ca3bed422588c7d7c349e3e7  mbs2/x86_64/php-bcmath-5.5.23-1.mbs2.x86_64.rpm\n b797a14554b170f1f2c307eebd5011ce  mbs2/x86_64/php-bz2-5.5.23-1.mbs2.x86_64.rpm\n 83abadd87c78c719b585acbfcbf1f54a  mbs2/x86_64/php-calendar-5.5.23-1.mbs2.x86_64.rpm\n 71b728b5c58335c37e9ee059a98179b5  mbs2/x86_64/php-cgi-5.5.23-1.mbs2.x86_64.rpm\n d6047e2545b396ad29b2619c3d811b49  mbs2/x86_64/php-cli-5.5.23-1.mbs2.x86_64.rpm\n 933344ca17f96bd844db47c993b8ce1a  mbs2/x86_64/php-ctype-5.5.23-1.mbs2.x86_64.rpm\n 0278a991ed7a7ea1d51c6651b1157744  mbs2/x86_64/php-curl-5.5.23-1.mbs2.x86_64.rpm\n a3f172d95d061f6a2ba9ce562f1068ac  mbs2/x86_64/php-dba-5.5.23-1.mbs2.x86_64.rpm\n d239cccc6594bfe8169c0b5300ca1dd0  mbs2/x86_64/php-devel-5.5.23-1.mbs2.x86_64.rpm\n 73a234b9c369a20c349fca7f425b405a  mbs2/x86_64/php-doc-5.5.23-1.mbs2.noarch.rpm\n ab4caa5f1a397e2f267479f08616d027  mbs2/x86_64/php-dom-5.5.23-1.mbs2.x86_64.rpm\n 016b8d010a1866935f2a6889b712300c  mbs2/x86_64/php-enchant-5.5.23-1.mbs2.x86_64.rpm\n f9bd5f358336ea8a997f85f4d690fd40  mbs2/x86_64/php-exif-5.5.23-1.mbs2.x86_64.rpm\n 9f0ef885d5e7abb84c1b0c6242bd1a54  mbs2/x86_64/php-fileinfo-5.5.23-1.mbs2.x86_64.rpm\n f551fc699944abdbd78cd1f74e1db713  mbs2/x86_64/php-filter-5.5.23-1.mbs2.x86_64.rpm\n 10c6ad89a0707acdff025ee0166b4361  mbs2/x86_64/php-fpm-5.5.23-1.mbs2.x86_64.rpm\n fad5946e3ff8bf1d3b7215fee229b934  mbs2/x86_64/php-ftp-5.5.23-1.mbs2.x86_64.rpm\n c74071a614cc4f8d5ac612736264aad2  mbs2/x86_64/php-gd-5.5.23-1.mbs2.x86_64.rpm\n 788e0972b5aa918a0c8ce2b0e30270a6  mbs2/x86_64/php-gettext-5.5.23-1.mbs2.x86_64.rpm\n 996120d4c1fa233bdb38aedf0718f593  mbs2/x86_64/php-gmp-5.5.23-1.mbs2.x86_64.rpm\n e032d9a3c8e078242347623f1ff51b5a  mbs2/x86_64/php-hash-5.5.23-1.mbs2.x86_64.rpm\n c1da3a1898b05995091ad1c2237bdf6a  mbs2/x86_64/php-iconv-5.5.23-1.mbs2.x86_64.rpm\n 37b4a5d86006024878d397a8478d5a42  mbs2/x86_64/php-imap-5.5.23-1.mbs2.x86_64.rpm\n bd10d9a55ee8db73b4d80dae1e14e4e0  mbs2/x86_64/php-ini-5.5.23-1.mbs2.x86_64.rpm\n 4cb54cd72bd26728bb29f5d00a5174af  mbs2/x86_64/php-interbase-5.5.23-1.mbs2.x86_64.rpm\n 2713dca82ad94d88b379db3fa012ed2d  mbs2/x86_64/php-intl-5.5.23-1.mbs2.x86_64.rpm\n f0a9187b81e038400dae4e01123b751c  mbs2/x86_64/php-json-5.5.23-1.mbs2.x86_64.rpm\n c395a0cb573d9432c9e4c2a4b92d1d0f  mbs2/x86_64/php-ldap-5.5.23-1.mbs2.x86_64.rpm\n f2374e34b874072d2268acf1c72b383a  mbs2/x86_64/php-mbstring-5.5.23-1.mbs2.x86_64.rpm\n 7ca3ce3a9464933af1a147c206c25d0d  mbs2/x86_64/php-mcrypt-5.5.23-1.mbs2.x86_64.rpm\n dbe828f1c2caa3eef932fc0c14a7e2e9  mbs2/x86_64/php-mssql-5.5.23-1.mbs2.x86_64.rpm\n 995e9f09906309252d850618c3fffaa6  mbs2/x86_64/php-mysql-5.5.23-1.mbs2.x86_64.rpm\n c474c1f1dc45f14ea5357092277d2f22  mbs2/x86_64/php-mysqli-5.5.23-1.mbs2.x86_64.rpm\n cdcb4872386b83ef3969f918bf99f941  mbs2/x86_64/php-mysqlnd-5.5.23-1.mbs2.x86_64.rpm\n cbb1652273fb07f216c50b8d1b5445c2  mbs2/x86_64/php-odbc-5.5.23-1.mbs2.x86_64.rpm\n 29ab61a3d1d00ad57c875d87b62d2e12  mbs2/x86_64/php-opcache-5.5.23-1.mbs2.x86_64.rpm\n 349f796a960ef2207b30a06e386f2653  mbs2/x86_64/php-openssl-5.5.23-1.mbs2.x86_64.rpm\n 7a7411900384da8741e32a3f6f8036c2  mbs2/x86_64/php-pcntl-5.5.23-1.mbs2.x86_64.rpm\n ba3b14e45177b257ada03f7ff4b16deb  mbs2/x86_64/php-pdo-5.5.23-1.mbs2.x86_64.rpm\n ae5b57dbff67c7595e154313321ff693  mbs2/x86_64/php-pdo_dblib-5.5.23-1.mbs2.x86_64.rpm\n 8782f71797f7cb271a514b735b19621a  mbs2/x86_64/php-pdo_firebird-5.5.23-1.mbs2.x86_64.rpm\n ac39db58d4100f3d2d24593d3b5907fc  mbs2/x86_64/php-pdo_mysql-5.5.23-1.mbs2.x86_64.rpm\n 210b990793c2d616fb0aecc4fde28eb6  mbs2/x86_64/php-pdo_odbc-5.5.23-1.mbs2.x86_64.rpm\n 6ae4df7959ddd3a8a0724ddddbe41a71  mbs2/x86_64/php-pdo_pgsql-5.5.23-1.mbs2.x86_64.rpm\n 1f9bdab81fa668dd583abe873892993e  mbs2/x86_64/php-pdo_sqlite-5.5.23-1.mbs2.x86_64.rpm\n f0cbb5dde255f5c8fa3e04e3a5314ab1  mbs2/x86_64/php-pgsql-5.5.23-1.mbs2.x86_64.rpm\n e46ac8c820911a6091540e135f103154  mbs2/x86_64/php-phar-5.5.23-1.mbs2.x86_64.rpm\n 5050a745bfc3b1f5eeced2dd85f79721  mbs2/x86_64/php-posix-5.5.23-1.mbs2.x86_64.rpm\n c9093134a518c07f4e8a188987f853d3  mbs2/x86_64/php-readline-5.5.23-1.mbs2.x86_64.rpm\n 2b48c3f35573e00b5ba4327e8edc05f2  mbs2/x86_64/php-recode-5.5.23-1.mbs2.x86_64.rpm\n ae2157230db4d6e28698db384c8f7fcb  mbs2/x86_64/php-session-5.5.23-1.mbs2.x86_64.rpm\n 2610a739bfa29ff11e648c7baa1d8bc3  mbs2/x86_64/php-shmop-5.5.23-1.mbs2.x86_64.rpm\n b7999e11cf9d2ab510263e32cabaf312  mbs2/x86_64/php-snmp-5.5.23-1.mbs2.x86_64.rpm\n ab665c30f0d2f13baa1c6475b7df7cac  mbs2/x86_64/php-soap-5.5.23-1.mbs2.x86_64.rpm\n f331837ba716316cef094765a1700101  mbs2/x86_64/php-sockets-5.5.23-1.mbs2.x86_64.rpm\n 134f8bb18790bd023e73919a794703a0  mbs2/x86_64/php-sqlite3-5.5.23-1.mbs2.x86_64.rpm\n 4b4aa44d0ac56629610bb0444f199df5  mbs2/x86_64/php-sybase_ct-5.5.23-1.mbs2.x86_64.rpm\n fc69f644f36308d81f37f356b76e40a1  mbs2/x86_64/php-sysvmsg-5.5.23-1.mbs2.x86_64.rpm\n 981b7ef6715aacfe9250b206dbbbad31  mbs2/x86_64/php-sysvsem-5.5.23-1.mbs2.x86_64.rpm\n 91c006555173d03f1d25899947702673  mbs2/x86_64/php-sysvshm-5.5.23-1.mbs2.x86_64.rpm\n 62e5fa5fa8b4d89d7835f2f68169af14  mbs2/x86_64/php-tidy-5.5.23-1.mbs2.x86_64.rpm\n 0c5a9237c710dd098c8bb56018f7a142  mbs2/x86_64/php-timezonedb-2015.1-1.mbs2.x86_64.rpm\n d94aa68a9ce76bce5c962c58f37ac5a5  mbs2/x86_64/php-tokenizer-5.5.23-1.mbs2.x86_64.rpm\n 317c7da32daa223560dc08bbae89d98d  mbs2/x86_64/php-wddx-5.5.23-1.mbs2.x86_64.rpm\n 9b2cf90dfc6f6bdc0431a6f94d43a947  mbs2/x86_64/php-xml-5.5.23-1.mbs2.x86_64.rpm\n 0a1b6e0beeb36f24f9250a352fbff1e9  mbs2/x86_64/php-xmlreader-5.5.23-1.mbs2.x86_64.rpm\n 598925bc71347774e805b6fcfcbcf590  mbs2/x86_64/php-xmlrpc-5.5.23-1.mbs2.x86_64.rpm\n 49a1f8e773e98bb101488b805670651c  mbs2/x86_64/php-xmlwriter-5.5.23-1.mbs2.x86_64.rpm\n 0b7c2f2fe7b3103631dd07d12d443e06  mbs2/x86_64/php-xsl-5.5.23-1.mbs2.x86_64.rpm\n 5cb68626d863213de934655dac8342c8  mbs2/x86_64/php-zip-5.5.23-1.mbs2.x86_64.rpm\n a27bab106c0ba87f220ff35937210a63  mbs2/x86_64/php-zlib-5.5.23-1.mbs2.x86_64.rpm \n 3dd6a6eeb12c7207446053e4785d6974  mbs2/SRPMS/libzip-0.11.2-1.1.mbs2.src.rpm\n 5d69769d822628a5bf1485eaa1251b8e  mbs2/SRPMS/php-5.5.23-1.mbs2.src.rpm\n 0a629c11ca23ba56d57f61a754def293  mbs2/SRPMS/php-timezonedb-2015.1-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9425"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      },
      {
        "db": "BID",
        "id": "71800"
      },
      {
        "db": "VULHUB",
        "id": "VHN-77370"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9425"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "130701"
      },
      {
        "db": "PACKETSTORM",
        "id": "131082"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-9425",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "71800",
        "trust": 2.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2014/12/29/6",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007442",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-534",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "132618",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-77370",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9425",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130701",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131082",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-77370"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9425"
      },
      {
        "db": "BID",
        "id": "71800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "130701"
      },
      {
        "db": "PACKETSTORM",
        "id": "131082"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9425"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ]
  },
  "id": "VAR-201412-0114",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-77370"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:52:11.227000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "Bug #68676",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=68676"
      },
      {
        "title": "Fixed bug #68676 (Explicit Double Free) (24125f0)",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=24125f0f26f3787c006e4a51611ba33ee3b841cb"
      },
      {
        "title": "Fixed bug #68676 (Explicit Double Free) (2bcf69d)",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=2bcf69d073190e4f032d883f3416dea1b027a39e"
      },
      {
        "title": "Fixed bug #68676 (Explicit Double Free) (fbf3a6b)",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6"
      },
      {
        "title": "php-5.6.6",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54228"
      },
      {
        "title": "php-5.5.22",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54227"
      },
      {
        "title": "Debian CVElist Bug Report Logs: php5: CVE-2014-9425: double free in Zend/zend_ts_hash.c",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d2f5ea7f08aa49321a27b0153ce9fb30"
      },
      {
        "title": "Red Hat: CVE-2014-9425",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-9425"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-9425"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9425"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://advisories.mageia.org/mgasa-2015-0040.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=68676"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/71800"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201503-03"
      },
      {
        "trust": 1.8,
        "url": "http://openwall.com/lists/oss-security/2014/12/29/6"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=24125f0f26f3787c006e4a51611ba33ee3b841cb"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=2bcf69d073190e4f032d883f3416dea1b027a39e"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9425"
      },
      {
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=24125f0f26f3787c006e4a51611ba33ee3b841cb"
      },
      {
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=2bcf69d073190e4f032d883f3416dea1b027a39e"
      },
      {
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9425"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/oss-sec/2014/q4/1159"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9425"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41307"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8080"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2331"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8090"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3951"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8147"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht205265."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8611"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://www.tencent.com)"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201503-03.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9427"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0367.html"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.13"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.17"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3669"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.20"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.14"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.11"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8117"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4698"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9427"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.18"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0178.html"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0430.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3479"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.mageia.org/show_bug.cgi?id=13820"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.9"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4721"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3587"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204676"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3480"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3710"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0215.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8116"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0324.html"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0542.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2535-1/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4698"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2331"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.22"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0284.html"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.10"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8117"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2501-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3515"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8116"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.12"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9621"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0441.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4670"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4721"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3538"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.16"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.15"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.21"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9620"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3670"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9620"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.23"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.19"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0163.html"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0258.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0273"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-77370"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9425"
      },
      {
        "db": "BID",
        "id": "71800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "130701"
      },
      {
        "db": "PACKETSTORM",
        "id": "131082"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9425"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-77370"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9425"
      },
      {
        "db": "BID",
        "id": "71800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "130701"
      },
      {
        "db": "PACKETSTORM",
        "id": "131082"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9425"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-77370"
      },
      {
        "date": "2014-12-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-9425"
      },
      {
        "date": "2014-12-29T00:00:00",
        "db": "BID",
        "id": "71800"
      },
      {
        "date": "2015-01-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      },
      {
        "date": "2015-07-09T23:16:17",
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "date": "2015-10-01T16:33:47",
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "date": "2015-03-09T20:15:15",
        "db": "PACKETSTORM",
        "id": "130701"
      },
      {
        "date": "2015-03-30T21:16:44",
        "db": "PACKETSTORM",
        "id": "131082"
      },
      {
        "date": "2014-12-31T02:59:00.060000",
        "db": "NVD",
        "id": "CVE-2014-9425"
      },
      {
        "date": "2014-12-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-77370"
      },
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-9425"
      },
      {
        "date": "2015-11-03T19:52:00",
        "db": "BID",
        "id": "71800"
      },
      {
        "date": "2015-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      },
      {
        "date": "2023-11-07T02:23:05.040000",
        "db": "NVD",
        "id": "CVE-2014-9425"
      },
      {
        "date": "2022-08-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130701"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  Zend Engine of  zend_ts_hash.c of  zend_ts_hash_graceful_destroy Function double memory vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007442"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-534"
      }
    ],
    "trust": 0.6
  }
}

var-202002-1305
Vulnerability from variot

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. PHP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A buffer error vulnerability exists in PHP 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, and 7.4.x prior to 7.4.2. (CVE-2015-9253). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2020:5275-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:5275 Issue date: 2020-12-01 CVE Names: CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 ==================================================================== 1. Summary:

An update for rh-php73-php is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.20). (BZ#1853211)

Security Fix(es):

  • php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045)

  • php: Information disclosure in exif_read_data() (CVE-2019-11047)

  • php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)

  • oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)

  • oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)

  • php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)

  • php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)

  • php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)

  • php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)

  • php: Information disclosure in exif_read_data() function (CVE-2020-7064)

  • php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)

  • php: Out of bounds read when parsing EXIF information (CVE-2019-11050)

  • oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)

  • php: Information disclosure in function get_headers (CVE-2020-7066)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Software Collections 3.6 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c 1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data() 1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte 1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information 1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex 1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function 1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c 1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c 1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress 1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions 1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function 1820604 - CVE-2020-7066 php: Information disclosure in function get_headers 1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution 1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php73-php-7.3.20-1.el7.src.rpm

aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm

ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php73-php-7.3.20-1.el7.src.rpm

aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm

ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source: rh-php73-php-7.3.20-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source: rh-php73-php-7.3.20-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php73-php-7.3.20-1.el7.src.rpm

x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-11045 https://access.redhat.com/security/cve/CVE-2019-11047 https://access.redhat.com/security/cve/CVE-2019-11048 https://access.redhat.com/security/cve/CVE-2019-11050 https://access.redhat.com/security/cve/CVE-2019-19203 https://access.redhat.com/security/cve/CVE-2019-19204 https://access.redhat.com/security/cve/CVE-2019-19246 https://access.redhat.com/security/cve/CVE-2020-7059 https://access.redhat.com/security/cve/CVE-2020-7060 https://access.redhat.com/security/cve/CVE-2020-7062 https://access.redhat.com/security/cve/CVE-2020-7063 https://access.redhat.com/security/cve/CVE-2020-7064 https://access.redhat.com/security/cve/CVE-2020-7065 https://access.redhat.com/security/cve/CVE-2020-7066 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw becOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ KUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI 6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH rcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0 D1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh viPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi EWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC 5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo RwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB gGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4 0afoNZ3Sfdc\xaaB8 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64

For the stable distribution (buster), these problems have been fixed in version 7.3.14-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8 TjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV wtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4 M/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d 94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N QT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la ILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX gCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB 743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf AU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8 flI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX Q2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=EPNV -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-57


                                       https://security.gentoo.org/

Severity: High Title: PHP: Multiple vulnerabilities Date: March 26, 2020 Bugs: #671872, #706168, #710304, #713484 ID: 202003-57


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands.

Background

PHP is an open source general-purpose scripting language that is especially suited for web development. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 7.2.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29"

All PHP 7.3.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16"

All PHP 7.4.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4"

References

[ 1 ] CVE-2018-19518 https://nvd.nist.gov/vuln/detail/CVE-2018-19518 [ 2 ] CVE-2020-7059 https://nvd.nist.gov/vuln/detail/CVE-2020-7059 [ 3 ] CVE-2020-7060 https://nvd.nist.gov/vuln/detail/CVE-2020-7060 [ 4 ] CVE-2020-7061 https://nvd.nist.gov/vuln/detail/CVE-2020-7061 [ 5 ] CVE-2020-7062 https://nvd.nist.gov/vuln/detail/CVE-2020-7062 [ 6 ] CVE-2020-7063 https://nvd.nist.gov/vuln/detail/CVE-2020-7063 [ 7 ] CVE-2020-7064 https://nvd.nist.gov/vuln/detail/CVE-2020-7064 [ 8 ] CVE-2020-7065 https://nvd.nist.gov/vuln/detail/CVE-2020-7065 [ 9 ] CVE-2020-7066 https://nvd.nist.gov/vuln/detail/CVE-2020-7066

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202003-57

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. ========================================================================== Ubuntu Security Notice USN-4279-2 February 19, 2020

php7.0 regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary:

USN-4279-1 introduced a regression in PHP. The updated packages caused a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253)

It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059)

It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.12 php7.0-cgi 7.0.33-0ubuntu0.16.04.12 php7.0-cli 7.0.33-0ubuntu0.16.04.12 php7.0-fpm 7.0.33-0ubuntu0.16.04.12

In general, a standard system update will make all the necessary changes

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-1305",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.27"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.2"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.0"
      },
      {
        "model": "tenable.sc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.19.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.2.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.3.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.4.2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7059"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.2",
                "versionStartIncluding": "7.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.27",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.14",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.4",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7059"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu,Debian,Red Hat,Gentoo",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-316"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-7059",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-001731",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-185184",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-7059",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security@php.net",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 2.5,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-001731",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-7059",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "security@php.net",
            "id": "CVE-2020-7059",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-001731",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-316",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-185184",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-7059",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185184"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7059"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-316"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. PHP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A buffer error vulnerability exists in PHP 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, and 7.4.x prior to 7.4.2. \n(CVE-2015-9253). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: rh-php73-php security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2020:5275-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:5275\nIssue date:        2020-12-01\nCVE Names:         CVE-2019-11045 CVE-2019-11047 CVE-2019-11048\n                   CVE-2019-11050 CVE-2019-19203 CVE-2019-19204\n                   CVE-2019-19246 CVE-2020-7059 CVE-2020-7060\n                   CVE-2020-7062 CVE-2020-7063 CVE-2020-7064\n                   CVE-2020-7065 CVE-2020-7066\n====================================================================\n1. Summary:\n\nAn update for rh-php73-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nThe following packages have been upgraded to a later upstream version:\nrh-php73-php (7.3.20). (BZ#1853211)\n\nSecurity Fix(es):\n\n* php: DirectoryIterator class accepts filenames with embedded \\0 byte and\ntreats them as terminating at that byte (CVE-2019-11045)\n\n* php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in\nfile gb18030.c (CVE-2019-19203)\n\n* oniguruma: Heap-based buffer over-read in function\nfetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function\n(CVE-2020-7060)\n\n* php: NULL pointer dereference in PHP session upload progress\n(CVE-2020-7062)\n\n* php: Files added to tar with Phar::buildFromIterator have all-access\npermissions (CVE-2020-7063)\n\n* php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n* php: Using mb_strtolower() function with UTF-32LE encoding leads to\npotential code execution (CVE-2020-7065)\n\n* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n* oniguruma: Heap-based buffer overflow in str_lower_case_match in\nregexec.c (CVE-2019-19246)\n\n* php: Information disclosure in function get_headers (CVE-2020-7066)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nSoftware Collections 3.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c\n1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()\n1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte\n1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information\n1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex\n1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function\n1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c\n1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c\n1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress\n1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions\n1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function\n1820604 - CVE-2020-7066 php: Information disclosure in function get_headers\n1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution\n1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\naarch64:\nrh-php73-php-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-cli-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-common-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dba-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-devel-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-intl-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-json-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-process-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-recode-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-soap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xml-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-zip-7.3.20-1.el7.aarch64.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\naarch64:\nrh-php73-php-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-cli-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-common-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dba-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-devel-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-intl-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-json-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-process-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-recode-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-soap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xml-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-zip-7.3.20-1.el7.aarch64.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11045\nhttps://access.redhat.com/security/cve/CVE-2019-11047\nhttps://access.redhat.com/security/cve/CVE-2019-11048\nhttps://access.redhat.com/security/cve/CVE-2019-11050\nhttps://access.redhat.com/security/cve/CVE-2019-19203\nhttps://access.redhat.com/security/cve/CVE-2019-19204\nhttps://access.redhat.com/security/cve/CVE-2019-19246\nhttps://access.redhat.com/security/cve/CVE-2020-7059\nhttps://access.redhat.com/security/cve/CVE-2020-7060\nhttps://access.redhat.com/security/cve/CVE-2020-7062\nhttps://access.redhat.com/security/cve/CVE-2020-7063\nhttps://access.redhat.com/security/cve/CVE-2020-7064\nhttps://access.redhat.com/security/cve/CVE-2020-7065\nhttps://access.redhat.com/security/cve/CVE-2020-7066\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw\nbecOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ\nKUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI\n6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH\nrcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0\nD1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh\nviPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi\nEWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC\n5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo\nRwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB\ngGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4\n0afoNZ3Sfdc\\xaaB8\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.14-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8\nTjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV\nwtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4\nM/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d\n94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N\nQT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la\nILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX\ngCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB\n743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf\nAU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8\nflI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX\nQ2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=EPNV\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202003-57\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: PHP: Multiple vulnerabilities\n     Date: March 26, 2020\n     Bugs: #671872, #706168, #710304, #713484\n       ID: 202003-57\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould result in the execution of arbitrary shell commands. \n\nBackground\n==========\n\nPHP is an open source general-purpose scripting language that is\nespecially suited for web development. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 7.2.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.2.29\"\n\nAll PHP 7.3.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.3.16\"\n\nAll PHP 7.4.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.4.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-19518\n      https://nvd.nist.gov/vuln/detail/CVE-2018-19518\n[ 2 ] CVE-2020-7059\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7059\n[ 3 ] CVE-2020-7060\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7060\n[ 4 ] CVE-2020-7061\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7061\n[ 5 ] CVE-2020-7062\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7062\n[ 6 ] CVE-2020-7063\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7063\n[ 7 ] CVE-2020-7064\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7064\n[ 8 ] CVE-2020-7065\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7065\n[ 9 ] CVE-2020-7066\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7066\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-57\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n\n. ==========================================================================\nUbuntu Security Notice USN-4279-2\nFebruary 19, 2020\n\nphp7.0 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nUSN-4279-1 introduced a regression in PHP. The updated packages caused a regression. \nThis update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that PHP incorrectly handled certain scripts. \n An attacker could possibly use this issue to cause a denial of service. \n This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. \n (CVE-2015-9253)\n \n It was discovered that PHP incorrectly handled certain inputs. An attacker\n could possibly use this issue to expose sensitive information. \n (CVE-2020-7059)\n \n It was discovered that PHP incorrectly handled certain inputs. \n An attacker could possibly use this issue to execute arbitrary code. \n This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS\n and Ubuntu 19.10. (CVE-2020-7060)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.12\n  php7.0-cgi                      7.0.33-0ubuntu0.16.04.12\n  php7.0-cli                      7.0.33-0ubuntu0.16.04.12\n  php7.0-fpm                      7.0.33-0ubuntu0.16.04.12\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185184"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7059"
      },
      {
        "db": "PACKETSTORM",
        "id": "156397"
      },
      {
        "db": "PACKETSTORM",
        "id": "160292"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "156399"
      },
      {
        "db": "PACKETSTORM",
        "id": "156934"
      },
      {
        "db": "PACKETSTORM",
        "id": "156441"
      },
      {
        "db": "PACKETSTORM",
        "id": "156423"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-7059",
        "trust": 3.3
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-14",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160292",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159094",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001731",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-316",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156399",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156934",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156441",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156423",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6056",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4262",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3072",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0741",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0652",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2515",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0853",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4296",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0748",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0566",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0584",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072292",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-04665",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-185184",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7059",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156397",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185184"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      },
      {
        "db": "PACKETSTORM",
        "id": "156397"
      },
      {
        "db": "PACKETSTORM",
        "id": "160292"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "156399"
      },
      {
        "db": "PACKETSTORM",
        "id": "156934"
      },
      {
        "db": "PACKETSTORM",
        "id": "156441"
      },
      {
        "db": "PACKETSTORM",
        "id": "156423"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-316"
      }
    ]
  },
  "id": "VAR-202002-1305",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185184"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:14:59.176000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Sec Bug #79099",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=79099"
      },
      {
        "title": "Ubuntu Security Notice: php5, php7.0, php7.2, php7.3 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4279-1"
      },
      {
        "title": "Ubuntu Security Notice: php7.0 regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4279-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1347",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1347"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1346",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1346"
      },
      {
        "title": "Red Hat: Moderate: rh-php73-php security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205275 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4628-1 php7.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=688741de46e2d16edb2da10e1d501450"
      },
      {
        "title": "Red Hat: Moderate: php:7.3 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203662 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4626-1 php7.3 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=66162fd32170228a0805fd7114196e44"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-14"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-7059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7059"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.debian.org/security/2020/dsa-4628"
      },
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7059"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202003-57"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/4279-1/"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2020/feb/27"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2020/feb/31"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2021/jan/3"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2020/dsa-4626"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=79099"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2021-14"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7059"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-7059"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7060"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4262/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156423/debian-security-advisory-4628-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0748/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156441/ubuntu-security-notice-usn-4279-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159094/red-hat-security-advisory-2020-3662-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160292/red-hat-security-advisory-2020-5275-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0566/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0741/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156934/gentoo-linux-security-advisory-202003-57.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0652/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0853/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4296/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0584/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3072/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6056"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-31420"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156399/debian-security-advisory-4626-1.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11045"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11047"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11050"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7065"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7062"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7064"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7066"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7063"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9253"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/4279-1"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11050"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19203"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11045"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7066"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7065"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11047"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19203"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19204"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7063"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19246"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11048"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11048"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19204"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7060"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7064"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19246"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7062"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11046"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.3/7.3.11-0ubuntu0.19.10.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.11"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5275"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11042"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11041"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11039"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11039"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13224"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11042"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11041"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16163"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16163"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11049"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.3"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19518"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7061"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4279-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.12"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.0"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185184"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      },
      {
        "db": "PACKETSTORM",
        "id": "156397"
      },
      {
        "db": "PACKETSTORM",
        "id": "160292"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "156399"
      },
      {
        "db": "PACKETSTORM",
        "id": "156934"
      },
      {
        "db": "PACKETSTORM",
        "id": "156441"
      },
      {
        "db": "PACKETSTORM",
        "id": "156423"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-316"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-185184"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      },
      {
        "db": "PACKETSTORM",
        "id": "156397"
      },
      {
        "db": "PACKETSTORM",
        "id": "160292"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "156399"
      },
      {
        "db": "PACKETSTORM",
        "id": "156934"
      },
      {
        "db": "PACKETSTORM",
        "id": "156441"
      },
      {
        "db": "PACKETSTORM",
        "id": "156423"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-316"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185184"
      },
      {
        "date": "2020-02-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7059"
      },
      {
        "date": "2020-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      },
      {
        "date": "2020-02-18T15:04:45",
        "db": "PACKETSTORM",
        "id": "156397"
      },
      {
        "date": "2020-12-01T16:36:40",
        "db": "PACKETSTORM",
        "id": "160292"
      },
      {
        "date": "2020-09-08T18:10:32",
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "date": "2020-02-18T15:05:02",
        "db": "PACKETSTORM",
        "id": "156399"
      },
      {
        "date": "2020-03-27T13:06:15",
        "db": "PACKETSTORM",
        "id": "156934"
      },
      {
        "date": "2020-02-20T17:44:31",
        "db": "PACKETSTORM",
        "id": "156441"
      },
      {
        "date": "2020-02-19T15:28:10",
        "db": "PACKETSTORM",
        "id": "156423"
      },
      {
        "date": "2020-02-10T08:15:12.673000",
        "db": "NVD",
        "id": "CVE-2020-7059"
      },
      {
        "date": "2020-02-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-316"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185184"
      },
      {
        "date": "2021-07-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7059"
      },
      {
        "date": "2020-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      },
      {
        "date": "2022-07-01T12:42:02.707000",
        "db": "NVD",
        "id": "CVE-2020-7059"
      },
      {
        "date": "2022-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-316"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-316"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP Out-of-bounds read vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001731"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-316"
      }
    ],
    "trust": 0.6
  }
}

var-201512-0520
Vulnerability from variot

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. PHP is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following products and versions are affected: PHP 5.5.29 and prior and 5.6.x prior to 5.6.14, Apple OS X 10.11.1 and prior.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.17-i486-1_slack14.1.txz: Upgraded. This release fixes bugs and security issues.


  • IMPORTANT: READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES *

PHP 5.4.x has been declared EOL (end of life) and is no longer receiving upstream support. PHP 5.5.x is also no longer on active support status and security fixes will continue only until 5 months from now. For this reason we have provided PHP 5.6 packages as security updates. Be aware that PHP 5.6 is not 100% compatible with PHP 5.4, and some changes may be required to existing web pages written for PHP 5.4. For information on how to migrate from PHP 5.4, please see: http://php.net/manual/en/migration55.php http://php.net/manual/en/migration56.php The final PHP 5.4 packages may be found in /pasture in case there is a need to revert this update. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.17-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.17-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.17-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.17-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 69eba2b2193b19396987c73ef901a68a php-5.6.17-i486-1_slack14.1.txz

Slackware x86_64 14.0 package: 23d8436b3e90027bb7ffb7b0cf8e918c php-5.6.17-x86_64-1_slack14.1.txz

Slackware 14.1 package: a3958009db7633258fbd7ebaf5952a5c php-5.6.17-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: f1b1cfdf325e66590bdad15170968fee php-5.6.17-x86_64-1_slack14.1.txz

Slackware -current package: 239e452ac1570edfb9a574098c8e6b7b n/php-5.6.17-i586-1.txz

Slackware x86_64 -current package: 02a07c1a33d393bb67b7ade06dc4d237 n/php-5.6.17-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.6.17-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

Finally, make sure to make any needed changes for compatibility with PHP 5.6. See the links mentioned above.

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-2786-1 October 28, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

PHP could be made to crash if it processed a specially crafted file.

Software Description: - php5: HTML-embedded scripting language interpreter

Details:

It was discovered that the PHP phar extension incorrectly handled certain files. (CVE-2015-7803, CVE-2015-7804)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1 php5-cgi 5.6.11+dfsg-1ubuntu3.1 php5-cli 5.6.11+dfsg-1ubuntu3.1 php5-fpm 5.6.11+dfsg-1ubuntu3.1

Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4 php5-cgi 5.6.4+dfsg-4ubuntu6.4 php5-cli 5.6.4+dfsg-4ubuntu6.4 php5-fpm 5.6.4+dfsg-4ubuntu6.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14 php5-cgi 5.5.9+dfsg-1ubuntu4.14 php5-cli 5.5.9+dfsg-1ubuntu4.14 php5-fpm 5.5.9+dfsg-1ubuntu4.14

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.21 php5-cgi 5.3.10-1ubuntu3.21 php5-cli 5.3.10-1ubuntu3.21 php5-fpm 5.3.10-1ubuntu3.21

In general, a standard system update will make all the necessary changes. This could lead to a denial of service.

CVE-2015-7804

The phar extension does not correctly process directory entries
found in archive files with the name "/", leading to a denial of
service and, potentially, information disclosure.

The update for Debian stable (jessie) contains additional bug fixes from PHP upstream version 5.6.14, as described in the upstream changelog:

https://php.net/ChangeLog-5.php#5.6.13

Note to users of the the oldstable distribution (wheezy): PHP 5.4 has reached end-of-life on September 14th, 2015. As a result, there will be no more new upstream releases. The security support of PHP 5.4 in Debian oldstable (wheezy) will be best effort only, and you are strongly advised to upgrade to latest Debian stable release (jessie), which includes PHP 5.6.

For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.45-0+deb7u2.

For the stable distribution (jessie), these problems have been fixed in version 5.6.14+dfsg-0+deb8u1.

For the testing distribution (stretch) and the unstable distribution (sid), these problems have been fixed in version 5.6.14+dfsg-1.

We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rh-php56-php security update Advisory ID: RHSA-2016:0457-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0457.html Issue date: 2016-03-15 CVE Names: CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 =====================================================================

  1. Summary:

Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An attacker could use these flaws to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)

All rh-php56-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file 1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath 1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize() 1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items 1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues 1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer 1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion 1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class 1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset() 1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() 1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: rh-php56-php-5.6.5-8.el6.src.rpm

x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source: rh-php56-php-5.6.5-8.el6.src.rpm

x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: rh-php56-php-5.6.5-8.el6.src.rpm

x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: rh-php56-php-5.6.5-8.el6.src.rpm

x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php56-php-5.6.5-8.el7.src.rpm

x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):

Source: rh-php56-php-5.6.5-8.el7.src.rpm

x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):

Source: rh-php56-php-5.6.5-8.el7.src.rpm

x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php56-php-5.6.5-8.el7.src.rpm

x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-5589 https://access.redhat.com/security/cve/CVE-2015-5590 https://access.redhat.com/security/cve/CVE-2015-6831 https://access.redhat.com/security/cve/CVE-2015-6832 https://access.redhat.com/security/cve/CVE-2015-6833 https://access.redhat.com/security/cve/CVE-2015-6834 https://access.redhat.com/security/cve/CVE-2015-6835 https://access.redhat.com/security/cve/CVE-2015-6836 https://access.redhat.com/security/cve/CVE-2015-6837 https://access.redhat.com/security/cve/CVE-2015-6838 https://access.redhat.com/security/cve/CVE-2015-7803 https://access.redhat.com/security/cve/CVE-2015-7804 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch sZ3mH+O8FzxQYqRnfS39Ew8= =8DIR -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0520",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.29"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.14"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-699"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.5.29",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7803"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "hugh, and emmanuel.",
    "sources": [
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-699"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-7803",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-7803",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-85764",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-7803",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7803",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201510-699",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85764",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-7803",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85764"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-699"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. PHP is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following products and versions are affected: PHP 5.5.29 and prior and 5.6.x prior to 5.6.14, Apple OS X 10.11.1 and prior. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.6.17-i486-1_slack14.1.txz:  Upgraded. \n  This release fixes bugs and security issues. \n  *****************************************************************\n  * IMPORTANT:  READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES *\n  *****************************************************************\n  PHP 5.4.x has been declared EOL (end of life) and is no longer receiving\n  upstream support.  PHP 5.5.x is also no longer on active support status and\n  security fixes will continue only until 5 months from now.  For this reason\n  we have provided PHP 5.6 packages as security updates.  Be aware that PHP\n  5.6 is not 100% compatible with PHP 5.4, and some changes may be required\n  to existing web pages written for PHP 5.4. \n  For information on how to migrate from PHP 5.4, please see:\n    http://php.net/manual/en/migration55.php\n    http://php.net/manual/en/migration56.php\n  The final PHP 5.4 packages may be found in /pasture in case there is a need\n  to revert this update. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.17-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.17-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.17-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.17-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n69eba2b2193b19396987c73ef901a68a  php-5.6.17-i486-1_slack14.1.txz\n\nSlackware x86_64 14.0 package:\n23d8436b3e90027bb7ffb7b0cf8e918c  php-5.6.17-x86_64-1_slack14.1.txz\n\nSlackware 14.1 package:\na3958009db7633258fbd7ebaf5952a5c  php-5.6.17-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf1b1cfdf325e66590bdad15170968fee  php-5.6.17-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n239e452ac1570edfb9a574098c8e6b7b  n/php-5.6.17-i586-1.txz\n\nSlackware x86_64 -current package:\n02a07c1a33d393bb67b7ade06dc4d237  n/php-5.6.17-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.6.17-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\nFinally, make sure to make any needed changes for compatibility with PHP 5.6. \nSee the links mentioned above. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. ============================================================================\nUbuntu Security Notice USN-2786-1\nOctober 28, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nPHP could be made to crash if it processed a specially crafted file. \n\nSoftware Description:\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nIt was discovered that the PHP phar extension incorrectly handled certain\nfiles. (CVE-2015-7803, CVE-2015-7804)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libapache2-mod-php5             5.6.11+dfsg-1ubuntu3.1\n  php5-cgi                        5.6.11+dfsg-1ubuntu3.1\n  php5-cli                        5.6.11+dfsg-1ubuntu3.1\n  php5-fpm                        5.6.11+dfsg-1ubuntu3.1\n\nUbuntu 15.04:\n  libapache2-mod-php5             5.6.4+dfsg-4ubuntu6.4\n  php5-cgi                        5.6.4+dfsg-4ubuntu6.4\n  php5-cli                        5.6.4+dfsg-4ubuntu6.4\n  php5-fpm                        5.6.4+dfsg-4ubuntu6.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.14\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.14\n  php5-cli                        5.5.9+dfsg-1ubuntu4.14\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.14\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.21\n  php5-cgi                        5.3.10-1ubuntu3.21\n  php5-cli                        5.3.10-1ubuntu3.21\n  php5-fpm                        5.3.10-1ubuntu3.21\n\nIn general, a standard system update will make all the necessary changes.  This could lead to a denial of service. \n\nCVE-2015-7804\n\n    The phar extension does not correctly process directory entries\n    found in archive files with the name \"/\", leading to a denial of\n    service and, potentially, information disclosure. \n\nThe update for Debian stable (jessie) contains additional bug fixes\nfrom PHP upstream version 5.6.14, as described in the upstream\nchangelog:\n\n    https://php.net/ChangeLog-5.php#5.6.13\n\nNote to users of the the oldstable distribution (wheezy): PHP 5.4 has\nreached end-of-life on September 14th, 2015.  As a result, there will\nbe no more new upstream releases.  The security support of PHP 5.4 in\nDebian oldstable (wheezy) will be best effort only, and you are\nstrongly advised to upgrade to latest Debian stable release (jessie),\nwhich includes PHP 5.6. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.45-0+deb7u2. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.14+dfsg-0+deb8u1. \n\nFor the testing distribution (stretch) and the unstable distribution\n(sid), these problems have been fixed in version 5.6.14+dfsg-1. \n\nWe recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rh-php56-php security update\nAdvisory ID:       RHSA-2016:0457-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0457.html\nIssue date:        2016-03-15\nCVE Names:         CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 \n                   CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 \n                   CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 \n                   CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 \n=====================================================================\n\n1. Summary:\n\nUpdated rh-php56-php packages that fix multiple security issues are now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834,\nCVE-2015-6835, CVE-2015-6836)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. An attacker could use these flaws to cause a PHP application to crash\nif it performed Extensible Stylesheet Language (XSL) transformations using\nuntrusted XSLT files and allowed the use of PHP functions to be used as\nXSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)\n\nAll rh-php56-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file\n1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath\n1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize()\n1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items\n1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues\n1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer\n1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion\n1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class\n1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset()\n1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream()\n1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5589\nhttps://access.redhat.com/security/cve/CVE-2015-5590\nhttps://access.redhat.com/security/cve/CVE-2015-6831\nhttps://access.redhat.com/security/cve/CVE-2015-6832\nhttps://access.redhat.com/security/cve/CVE-2015-6833\nhttps://access.redhat.com/security/cve/CVE-2015-6834\nhttps://access.redhat.com/security/cve/CVE-2015-6835\nhttps://access.redhat.com/security/cve/CVE-2015-6836\nhttps://access.redhat.com/security/cve/CVE-2015-6837\nhttps://access.redhat.com/security/cve/CVE-2015-6838\nhttps://access.redhat.com/security/cve/CVE-2015-7803\nhttps://access.redhat.com/security/cve/CVE-2015-7804\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch\nsZ3mH+O8FzxQYqRnfS39Ew8=\n=8DIR\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      },
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85764"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7803"
      },
      {
        "db": "PACKETSTORM",
        "id": "135595"
      },
      {
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "db": "PACKETSTORM",
        "id": "134109"
      },
      {
        "db": "PACKETSTORM",
        "id": "136246"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7803",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "76959",
        "trust": 2.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/10/05/8",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97526033",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006375",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-699",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "134112",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "134109",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "135595",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-85764",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136246",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85764"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7803"
      },
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      },
      {
        "db": "PACKETSTORM",
        "id": "135595"
      },
      {
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "db": "PACKETSTORM",
        "id": "134109"
      },
      {
        "db": "PACKETSTORM",
        "id": "136246"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-699"
      }
    ]
  },
  "id": "VAR-201512-0520",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85764"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:56:31.210000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
      },
      {
        "title": "HT205637",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205637"
      },
      {
        "title": "HT205637",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205637"
      },
      {
        "title": "Sec Bug #69720",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69720"
      },
      {
        "title": "Fix bug #69720: Null pointer dereference in phar_get_fp_offset()",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2786-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3380-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d50561d10f97424f73a756c92be32e03"
      },
      {
        "title": "Red Hat: CVE-2015-7803",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7803"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-601",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-601"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-602",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-602"
      },
      {
        "title": "Apple: OS X El Capitan 10.11.2, Security Update\u00a02015-005 Yosemite, and Security Update 2015-008 Mavericks",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b4f5fe7974fd9e73002edba00722e010"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-7803"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7803"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=69720"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/76959"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205637"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2015/10/05/8"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.3,
        "url": "http://www.ubuntu.com/usn/usn-2786-1"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.debian.org/security/2015/dsa-3380"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.461720"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=d698f0ae51f67c9cce870b09c59df3d6ba959244"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7803"
      },
      {
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97526033/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7803"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7803"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7804"
      },
      {
        "trust": 0.3,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "https://bugs.php.net/bug.php?id=70433"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2786-1/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7803"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2016\u0026amp;m=slackware-security.461720"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2786-1/"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/manual/en/migration56.php"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/manual/en/migration55.php"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://php.net/changelog-5.php#5.6.13"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0457.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5589"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5590"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5590"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5589"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85764"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7803"
      },
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      },
      {
        "db": "PACKETSTORM",
        "id": "135595"
      },
      {
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "db": "PACKETSTORM",
        "id": "134109"
      },
      {
        "db": "PACKETSTORM",
        "id": "136246"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-699"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-85764"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7803"
      },
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      },
      {
        "db": "PACKETSTORM",
        "id": "135595"
      },
      {
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "db": "PACKETSTORM",
        "id": "134109"
      },
      {
        "db": "PACKETSTORM",
        "id": "136246"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-699"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85764"
      },
      {
        "date": "2015-12-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7803"
      },
      {
        "date": "2015-10-05T00:00:00",
        "db": "BID",
        "id": "76959"
      },
      {
        "date": "2015-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      },
      {
        "date": "2016-02-04T21:45:02",
        "db": "PACKETSTORM",
        "id": "135595"
      },
      {
        "date": "2015-10-28T18:47:28",
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "date": "2015-10-28T18:46:49",
        "db": "PACKETSTORM",
        "id": "134109"
      },
      {
        "date": "2016-03-15T06:19:00",
        "db": "PACKETSTORM",
        "id": "136246"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-12-11T12:00:11.387000",
        "db": "NVD",
        "id": "CVE-2015-7803"
      },
      {
        "date": "2015-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-699"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85764"
      },
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7803"
      },
      {
        "date": "2016-07-05T21:22:00",
        "db": "BID",
        "id": "76959"
      },
      {
        "date": "2015-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      },
      {
        "date": "2023-11-07T02:28:01.547000",
        "db": "NVD",
        "id": "CVE-2015-7803"
      },
      {
        "date": "2015-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-699"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-699"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/phar/util.c of  phar_get_entry_data Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006375"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-699"
      }
    ],
    "trust": 0.6
  }
}

var-200704-0209
Vulnerability from variot

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. PHP is prone to multiple format-string vulnerabilities due to a design error when casting 64-bit variables to 32 bits. Attackers may be able to exploit these issues to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions. These issues affect PHP versions prior to 4.4.5 and 5.2.1 running on 64-bit computers. An attacker who plays by ear can execute arbitrary code with the help of specific negative parameter numbers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01086137 Version: 1

HPSBTU02232 SSRT071429 rev.1 - Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-06-25 Last Updated: 2007-06-25

Potential Security Impact: Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX).

References: CVE-2006-4625 CVE-2007-0988 CVE-2007-1286 CVE-2007-1380 CVE-2007-1700 CVE-2007-1701 CVE-2007-1710 CVE-2007-1835 CVE-2007-1884 CVE-2007-1885 CVE-2007-1886

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions running running PHP Hypertext Processing Engine v 4.4.4 are affected:

HP Internet Express for Tru64 UNIX (IX) v 6.6 and earlier Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) v 6.6.4 and earlier

BACKGROUND

RESOLUTION

HP is providing PHP v 4.4.6 as part of Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) v 6.6.5, which resolves the potential vulnerabilities.

Until the update is available in the mainstream product release, HP is releasing the following two setld-based kits publicly for use by any customer.

The resolutions contained in the kits are targeted for availability in the following mainstream product release:

HP Internet Express for Tru64 UNIX v 6.7

The kits distribute the following:

Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) with PHP v 4.4.6 installable kit Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) with PHP v 4.4.6 installable kit and source files

Secure Web Server for HP Tru64 UNIX v 6.6.5 PREREQUISITE: HP Tru64 UNIX v 5.1A or later Name: sws_v6_6_5_kit.tar.gz Location: http://h30097.www3.hp.com/internet/download.htm#sws

Secure Web Server for HP Tru64 UNIX v 6.6.5 including Source Files PREREQUISITE: HP Tru64 UNIX v 5.1A or later Name: sws_v6_6_5_src_kit.tar.gz Location: http://h30097.www3.hp.com/internet/download.htm#sws

PRODUCT SPECIFIC INFORMATION

HISTORY Version:1 (rev.1) - 25 June 2007 Initial release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBRoETyuAfOvwtKn1ZEQKROACggBC5RrNrpby62nQmYPEBLnLT8LoAoOKr X4BXLpHPsJJL+xua0KFkk+Te =oBJf -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200704-0209",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.1.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.1.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.1.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.1.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.4.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.4.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.2.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.2.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.2.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.0.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.0.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "4.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "4.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "4.4.5"
      },
      {
        "model": "windows vista",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "64_bit"
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "64-bit"
      },
      {
        "model": "-rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.1"
      },
      {
        "model": "candidate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.03"
      },
      {
        "model": "candidate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.02"
      },
      {
        "model": "candidate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.01"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.3"
      },
      {
        "model": "-dev",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.2"
      },
      {
        "model": "rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.7"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.7"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.7"
      },
      {
        "model": "pl1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.3"
      },
      {
        "model": "pl2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.1"
      },
      {
        "model": "pl1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.00"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2"
      },
      {
        "model": "tru64 unix compaq secure web server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.2"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9.2"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9.1"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.8.2"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.8.1"
      },
      {
        "model": "tru64 unix compaq secure web server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "tru64 unix compaq secure web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.1"
      },
      {
        "model": "tru64 unix compaq secure web server a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "tru64 unix compaq secure web server g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.0"
      },
      {
        "model": "tru64 unix compaq secure web server f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.0"
      },
      {
        "model": "systems management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7.168"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3.132"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "secure web server for hp tru64 unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.6.4"
      },
      {
        "model": "internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.9"
      },
      {
        "model": "internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.8"
      },
      {
        "model": "internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.7"
      },
      {
        "model": "internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.4"
      },
      {
        "model": "internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.6"
      },
      {
        "model": "internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4"
      },
      {
        "model": "internet express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.1"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "4.4.5"
      },
      {
        "model": "systems management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "internet express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003647"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-094"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:64_bit:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1884"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stefan Esser is credited with the discovery of these vulnerabilities.",
    "sources": [
      {
        "db": "BID",
        "id": "23219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-094"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2007-1884",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-1884",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-25246",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-1884",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200704-094",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25246",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003647"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-094"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. PHP is prone to multiple format-string vulnerabilities due to a design error when casting 64-bit variables to 32 bits. \nAttackers may be able to exploit these issues to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions. \nThese issues affect PHP versions prior to 4.4.5 and 5.2.1 running on 64-bit computers. An attacker who plays by ear can execute arbitrary code with the help of specific negative parameter numbers. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01086137\nVersion: 1\n\nHPSBTU02232 SSRT071429 rev.1 - Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-06-25\nLast Updated: 2007-06-25\n\n\nPotential Security Impact: Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX). \n\nReferences: CVE-2006-4625 CVE-2007-0988 CVE-2007-1286 CVE-2007-1380 CVE-2007-1700 CVE-2007-1701 CVE-2007-1710 CVE-2007-1835 CVE-2007-1884 CVE-2007-1885 CVE-2007-1886 \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following supported software versions running running PHP Hypertext Processing Engine v 4.4.4 are affected: \n\nHP Internet Express for Tru64 UNIX (IX) v 6.6 and earlier \nSecure Web Server for HP Tru64 UNIX Powered by Apache (SWS) v 6.6.4 and earlier \n\nBACKGROUND\n\n\nRESOLUTION\n\nHP is providing PHP v 4.4.6 as part of Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) v 6.6.5, which resolves the potential vulnerabilities. \n\nUntil the update is available in the mainstream product release, HP is releasing the following two setld-based kits publicly for use by any customer. \n\nThe resolutions contained in the kits are targeted for availability in the following mainstream product release:\n\nHP Internet Express for Tru64 UNIX v 6.7\n\nThe kits distribute the following:\n\nSecure Web Server for HP Tru64 UNIX Powered by Apache (SWS) with PHP v 4.4.6 installable kit \nSecure Web Server for HP Tru64 UNIX Powered by Apache (SWS) with PHP v 4.4.6 installable kit and source files \n\nSecure Web Server for HP Tru64 UNIX v 6.6.5 \nPREREQUISITE: HP Tru64 UNIX v 5.1A or later \nName: sws_v6_6_5_kit.tar.gz \nLocation: http://h30097.www3.hp.com/internet/download.htm#sws \n \nSecure Web Server for HP Tru64 UNIX v 6.6.5 including Source Files \nPREREQUISITE: HP Tru64 UNIX v 5.1A or later \nName: sws_v6_6_5_src_kit.tar.gz \nLocation: http://h30097.www3.hp.com/internet/download.htm#sws \n \n\nPRODUCT SPECIFIC INFORMATION \n\nHISTORY \nVersion:1 (rev.1) - 25 June 2007 Initial release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRoETyuAfOvwtKn1ZEQKROACggBC5RrNrpby62nQmYPEBLnLT8LoAoOKr\nX4BXLpHPsJJL+xua0KFkk+Te\n=oBJf\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003647"
      },
      {
        "db": "BID",
        "id": "23219"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25246"
      },
      {
        "db": "PACKETSTORM",
        "id": "57345"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-1884",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "23219",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2374",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1991",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "34767",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "33955",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "25423",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "25850",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003647",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-094",
        "trust": 0.7
      },
      {
        "db": "HP",
        "id": "HPSBTU02232",
        "trust": 0.6
      },
      {
        "db": "HP",
        "id": "HPSBMA02215",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-87735",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-87555",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-25246",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "57345",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25246"
      },
      {
        "db": "BID",
        "id": "23219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003647"
      },
      {
        "db": "PACKETSTORM",
        "id": "57345"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-094"
      }
    ]
  },
  "id": "VAR-200704-0209",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25246"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:53:11.784000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "PHP 5.2.1 Release Announcement",
        "trust": 0.8,
        "url": "http://www.php.net/releases/5_2_1.php"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003647"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1884"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.php.net/releases/5_2_1.php"
      },
      {
        "trust": 2.0,
        "url": "http://www.php-security.org/mopb/mopb-38-2007.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/23219"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/33955"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/34767"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25423"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25850"
      },
      {
        "trust": 1.6,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01056506"
      },
      {
        "trust": 1.6,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01086137"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/1991"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2374"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33755"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1884"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1884"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2374"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/1991"
      },
      {
        "trust": 0.3,
        "url": "http://www8.itrc.hp.com/service/cki/docdisplay.do?docid=c01056506"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/releases/4_4_5.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026amp;cc=us\u0026amp;objectid=c01056506"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026amp;cc=us\u0026amp;objectid=c01086137"
      },
      {
        "trust": 0.1,
        "url": "http://h30097.www3.hp.com/internet/download.htm#sws"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4625"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1886"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1710"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0988"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1700"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1701"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1380"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1884"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1885"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25246"
      },
      {
        "db": "BID",
        "id": "23219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003647"
      },
      {
        "db": "PACKETSTORM",
        "id": "57345"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-094"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25246"
      },
      {
        "db": "BID",
        "id": "23219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003647"
      },
      {
        "db": "PACKETSTORM",
        "id": "57345"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-094"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-04-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25246"
      },
      {
        "date": "2007-03-30T00:00:00",
        "db": "BID",
        "id": "23219"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003647"
      },
      {
        "date": "2007-06-29T05:36:18",
        "db": "PACKETSTORM",
        "id": "57345"
      },
      {
        "date": "2007-04-06T01:19:00",
        "db": "NVD",
        "id": "CVE-2007-1884"
      },
      {
        "date": "2007-04-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-094"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25246"
      },
      {
        "date": "2007-07-05T23:27:00",
        "db": "BID",
        "id": "23219"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003647"
      },
      {
        "date": "2018-10-30T16:25:35.747000",
        "db": "NVD",
        "id": "CVE-2007-1884"
      },
      {
        "date": "2007-04-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-094"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "57345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-094"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  printf Function family integer sign error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003647"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "23219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-094"
      }
    ],
    "trust": 0.9
  }
}

var-201609-0496
Vulnerability from variot

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. Supplementary information : CWE Vulnerability type by CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( injection ) Has been identified. http://cwe.mitre.org/data/definitions/74.htmlAny type of session data can be inserted by a third party using session name management. PHP is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition. ========================================================================== Ubuntu Security Notice USN-3095-1 October 04, 2016

php5, php7.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP. A remote attacker could use this issue to inject arbitrary session data. (CVE-2016-7125)

It was discovered that PHP incorrectly handled certain gamma values in the imagegammacorrect function. (CVE-2016-7127)

It was discovered that PHP incorrectly handled certain crafted TIFF image thumbnails. (CVE-2016-7128)

It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7413)

It was discovered that PHP incorrectly handled certain memory operations. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7133)

It was discovered that PHP incorrectly handled long strings in curl_escape calls. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7134)

Taoguang Chen discovered that PHP incorrectly handled certain failures when unserializing data. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7411)

It was discovered that PHP incorrectly handled certain flags in the MySQL driver. (CVE-2016-7412)

It was discovered that PHP incorrectly handled ZIP file signature verification when processing a PHAR archive. (CVE-2016-7414)

It was discovered that PHP incorrectly handled certain locale operations. (CVE-2016-7416)

It was discovered that PHP incorrectly handled SplArray unserializing. (CVE-2016-7417)

Ke Liu discovered that PHP incorrectly handled unserializing wddxPacket XML documents with incorrect boolean elements. (CVE-2016-7418)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.3 php7.0-cgi 7.0.8-0ubuntu0.16.04.3 php7.0-cli 7.0.8-0ubuntu0.16.04.3 php7.0-curl 7.0.8-0ubuntu0.16.04.3 php7.0-fpm 7.0.8-0ubuntu0.16.04.3 php7.0-gd 7.0.8-0ubuntu0.16.04.3 php7.0-mysql 7.0.8-0ubuntu0.16.04.3

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.20 php5-cgi 5.5.9+dfsg-1ubuntu4.20 php5-cli 5.5.9+dfsg-1ubuntu4.20 php5-curl 5.5.9+dfsg-1ubuntu4.20 php5-fpm 5.5.9+dfsg-1ubuntu4.20 php5-gd 5.5.9+dfsg-1ubuntu4.20 php5-mysqlnd 5.5.9+dfsg-1ubuntu4.20

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.25 php5-cgi 5.3.10-1ubuntu3.25 php5-cli 5.3.10-1ubuntu3.25 php5-curl 5.3.10-1ubuntu3.25 php5-fpm 5.3.10-1ubuntu3.25 php5-gd 5.3.10-1ubuntu3.25 php5-mysqlnd 5.3.10-1ubuntu3.25

In general, a standard system update will make all the necessary changes.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.25-i586-1_slack14.2.txz: Upgraded. For more information, see: http://php.net/ChangeLog-5.php#5.6.25 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7134 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.25-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.25-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.25-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.25-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.25-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.25-x86_64-1_slack14.2.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.25-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.25-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 142ce77a026d2a2a4a7b4d4e56a7fac1 php-5.6.25-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: b551196f6d0324ec2372d9ed314b19c8 php-5.6.25-x86_64-1_slack14.0.txz

Slackware 14.1 package: 516e77d0b67e3ed3c9b3b81d7ef282b9 php-5.6.25-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: e83b3b602bf36a7a15b6e5e0cd6da8f3 php-5.6.25-x86_64-1_slack14.1.txz

Slackware 14.2 package: 9b137ae0ae651fe0a15dc4007bc9047e php-5.6.25-i586-1_slack14.2.txz

Slackware x86_64 14.2 package: 5c5fd6030ff16093fb5fadd691a7a07f php-5.6.25-x86_64-1_slack14.2.txz

Slackware -current package: c530cbb5f23c4bda6fbadc826e57d6f4 n/php-5.6.25-i586-1.txz

Slackware x86_64 -current package: 07e604c9f080061a7f6716295032c3bb n/php-5.6.25-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.6.25-i586-1_slack14.2.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update Advisory ID: RHSA-2016:2750-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html Issue date: 2016-11-15 CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 =====================================================================

  1. Summary:

An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.

The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)

Security Fixes in the rh-php56-php component:

  • Several Moderate and Low impact security issues were found in PHP. Under certain circumstances, these issues could cause PHP to crash, disclose portions of its memory, execute arbitrary code, or impact PHP application integrity. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)

  • Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)

Red Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch() 1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23) 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19) 1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3) 1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) 1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36) 1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c 1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated 1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent 1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives 1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile() 1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data 1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd 1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method 1323103 - CVE-2016-4073 php: Negative size parameter in memcpy 1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name 1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error() 1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode 1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file 1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads 1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure 1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream() 1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition 1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input 1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used 1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used 1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow 1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c 1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects 1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches 1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns 1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal 1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread 1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc 1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities() 1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file() 1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow 1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow 1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec 1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread 1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize 1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351603 - CVE-2016-6128 gd: Invalid color index not properly handled 1358395 - CVE-2016-5399 php: Improper error handling in bzread() 1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex 1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization 1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE 1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment 1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc() 1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http 1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize() 1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c 1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener 1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex 1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object 1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability 1374699 - CVE-2016-7126 php: select_colors write out-of-bounds 1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access 1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF 1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access 1374707 - CVE-2016-7130 php: wddx_deserialize null dereference 1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml 1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-7456 https://access.redhat.com/security/cve/CVE-2014-9767 https://access.redhat.com/security/cve/CVE-2015-2325 https://access.redhat.com/security/cve/CVE-2015-2326 https://access.redhat.com/security/cve/CVE-2015-2327 https://access.redhat.com/security/cve/CVE-2015-2328 https://access.redhat.com/security/cve/CVE-2015-3210 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8381 https://access.redhat.com/security/cve/CVE-2015-8383 https://access.redhat.com/security/cve/CVE-2015-8384 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2015-8392 https://access.redhat.com/security/cve/CVE-2015-8395 https://access.redhat.com/security/cve/CVE-2015-8835 https://access.redhat.com/security/cve/CVE-2015-8865 https://access.redhat.com/security/cve/CVE-2015-8866 https://access.redhat.com/security/cve/CVE-2015-8867 https://access.redhat.com/security/cve/CVE-2015-8873 https://access.redhat.com/security/cve/CVE-2015-8874 https://access.redhat.com/security/cve/CVE-2015-8876 https://access.redhat.com/security/cve/CVE-2015-8877 https://access.redhat.com/security/cve/CVE-2015-8879 https://access.redhat.com/security/cve/CVE-2016-1903 https://access.redhat.com/security/cve/CVE-2016-2554 https://access.redhat.com/security/cve/CVE-2016-3074 https://access.redhat.com/security/cve/CVE-2016-3141 https://access.redhat.com/security/cve/CVE-2016-3142 https://access.redhat.com/security/cve/CVE-2016-4070 https://access.redhat.com/security/cve/CVE-2016-4071 https://access.redhat.com/security/cve/CVE-2016-4072 https://access.redhat.com/security/cve/CVE-2016-4073 https://access.redhat.com/security/cve/CVE-2016-4342 https://access.redhat.com/security/cve/CVE-2016-4343 https://access.redhat.com/security/cve/CVE-2016-4473 https://access.redhat.com/security/cve/CVE-2016-4537 https://access.redhat.com/security/cve/CVE-2016-4538 https://access.redhat.com/security/cve/CVE-2016-4539 https://access.redhat.com/security/cve/CVE-2016-4540 https://access.redhat.com/security/cve/CVE-2016-4541 https://access.redhat.com/security/cve/CVE-2016-4542 https://access.redhat.com/security/cve/CVE-2016-4543 https://access.redhat.com/security/cve/CVE-2016-4544 https://access.redhat.com/security/cve/CVE-2016-5093 https://access.redhat.com/security/cve/CVE-2016-5094 https://access.redhat.com/security/cve/CVE-2016-5096 https://access.redhat.com/security/cve/CVE-2016-5114 https://access.redhat.com/security/cve/CVE-2016-5399 https://access.redhat.com/security/cve/CVE-2016-5766 https://access.redhat.com/security/cve/CVE-2016-5767 https://access.redhat.com/security/cve/CVE-2016-5768 https://access.redhat.com/security/cve/CVE-2016-5770 https://access.redhat.com/security/cve/CVE-2016-5771 https://access.redhat.com/security/cve/CVE-2016-5772 https://access.redhat.com/security/cve/CVE-2016-5773 https://access.redhat.com/security/cve/CVE-2016-6128 https://access.redhat.com/security/cve/CVE-2016-6207 https://access.redhat.com/security/cve/CVE-2016-6288 https://access.redhat.com/security/cve/CVE-2016-6289 https://access.redhat.com/security/cve/CVE-2016-6290 https://access.redhat.com/security/cve/CVE-2016-6291 https://access.redhat.com/security/cve/CVE-2016-6292 https://access.redhat.com/security/cve/CVE-2016-6294 https://access.redhat.com/security/cve/CVE-2016-6295 https://access.redhat.com/security/cve/CVE-2016-6296 https://access.redhat.com/security/cve/CVE-2016-6297 https://access.redhat.com/security/cve/CVE-2016-7124 https://access.redhat.com/security/cve/CVE-2016-7125 https://access.redhat.com/security/cve/CVE-2016-7126 https://access.redhat.com/security/cve/CVE-2016-7127 https://access.redhat.com/security/cve/CVE-2016-7128 https://access.redhat.com/security/cve/CVE-2016-7129 https://access.redhat.com/security/cve/CVE-2016-7130 https://access.redhat.com/security/cve/CVE-2016-7131 https://access.redhat.com/security/cve/CVE-2016-7132 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs UCuj+0gWfBsWXOgFhgH0uL8= =FcPG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .


Gentoo Linux Security Advisory GLSA 201611-22


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: November 30, 2016 Bugs: #578734, #581834, #584204, #587246, #591710, #594498, #597586, #599326 ID: 201611-22


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 5.6.28 >= 5.6.28

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.28"

References

[ 1 ] CVE-2015-8865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865 [ 2 ] CVE-2016-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074 [ 3 ] CVE-2016-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071 [ 4 ] CVE-2016-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072 [ 5 ] CVE-2016-4073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073 [ 6 ] CVE-2016-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537 [ 7 ] CVE-2016-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538 [ 8 ] CVE-2016-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539 [ 9 ] CVE-2016-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540 [ 10 ] CVE-2016-4541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541 [ 11 ] CVE-2016-4542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542 [ 12 ] CVE-2016-4543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543 [ 13 ] CVE-2016-4544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544 [ 14 ] CVE-2016-5385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385 [ 15 ] CVE-2016-6289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289 [ 16 ] CVE-2016-6290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290 [ 17 ] CVE-2016-6291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291 [ 18 ] CVE-2016-6292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292 [ 19 ] CVE-2016-6294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294 [ 20 ] CVE-2016-6295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295 [ 21 ] CVE-2016-6296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296 [ 22 ] CVE-2016-6297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297 [ 23 ] CVE-2016-7124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124 [ 24 ] CVE-2016-7125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125 [ 25 ] CVE-2016-7126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126 [ 26 ] CVE-2016-7127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127 [ 27 ] CVE-2016-7128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128 [ 28 ] CVE-2016-7129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129 [ 29 ] CVE-2016-7130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130 [ 30 ] CVE-2016-7131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131 [ 31 ] CVE-2016-7132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132 [ 32 ] CVE-2016-7133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133 [ 33 ] CVE-2016-7134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134 [ 34 ] CVE-2016-7411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411 [ 35 ] CVE-2016-7412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412 [ 36 ] CVE-2016-7413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413 [ 37 ] CVE-2016-7414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414 [ 38 ] CVE-2016-7416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416 [ 39 ] CVE-2016-7417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417 [ 40 ] CVE-2016-7418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201611-22

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0496",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "7.0.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "7.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "7.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "7.0.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "7.0.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "7.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "7.0.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "7.0.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "7.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "7.0.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.24"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.0.10"
      },
      {
        "model": "big-ip afm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip gtm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip ltm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "big-ip afm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip apm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip link controller build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "7.0.10"
      },
      {
        "model": "big-ip pem hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "big-ip afm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip aam hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip afm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip afm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip psm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip afm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip pem hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip gtm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip afm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip afm hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip pem hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip link controller hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip link controller hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip link controller hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip link controller hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip afm build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-iq device hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-ip apm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip dns build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip afm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "big-ip pem hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip edge gateway 10.2.3-hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip ltm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip afm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip link controller hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip afm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip pem hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip afm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip websafe hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip link controller hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip gtm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip apm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip aam hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip gtm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip gtm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip afm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip apm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip ltm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip afm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip aam hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.21"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq cloud hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip gtm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip ltm hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip afm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.19"
      },
      {
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip apm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip gtm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.11"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-iq centralized management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-iq cloud hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "big-ip pem hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip apm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip aam hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip apm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip ltm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip ltm hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip afm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip afm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip pem hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip ltm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "big-ip aam hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-iq centralized management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.20"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip ltm hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip link controller hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip link controller hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip pem hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.14"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip afm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "7.0"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "big-ip apm hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip link controller hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip pem hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip dns hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "big-ip websafe hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "big-iq centralized management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.0"
      },
      {
        "model": "big-ip ltm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.10"
      },
      {
        "model": "big-ip afm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.24"
      },
      {
        "model": "big-ip link controller build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip link controller hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-iq adc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip afm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip websafe hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip gtm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip link controller hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip gtm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip afm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip apm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip psm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.12"
      },
      {
        "model": "big-ip dns hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip link controller hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-iq cloud and orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.0"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip gtm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "big-ip aam build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip gtm build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2"
      },
      {
        "model": "big-ip apm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.23"
      },
      {
        "model": "big-ip ltm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip websafe hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "big-ip pem hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.13"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip psm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip websafe hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip link controller build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "big-ip psm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip dns hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip gtm hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip analytics build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "big-ip afm hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip websafe hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "model": "big-ip ltm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip afm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip aam hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip afm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.25"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "big-ip aam hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1.1"
      },
      {
        "model": "big-ip pem hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.17"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip ltm hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.22"
      },
      {
        "model": "big-ip apm build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip pem hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip websafe hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip pem hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-iq device hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "big-ip gtm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "big-ip afm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip apm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92552"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7125"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.24",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7125"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "taoguangchen.",
    "sources": [
      {
        "db": "BID",
        "id": "92552"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-7125",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-7125",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-7125",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-7125",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-079",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-7125",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-7125"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7125"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. Supplementary information : CWE Vulnerability type by CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( injection ) Has been identified. http://cwe.mitre.org/data/definitions/74.htmlAny type of session data can be inserted by a third party using session name management. PHP is prone to a vulnerability that lets attackers inject and execute arbitrary code. \nSuccessful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition. ==========================================================================\nUbuntu Security Notice USN-3095-1\nOctober 04, 2016\n\nphp5, php7.0 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. A remote attacker could use this issue to inject arbitrary session\ndata. (CVE-2016-7125)\n\nIt was discovered that PHP incorrectly handled certain gamma values in the\nimagegammacorrect function. (CVE-2016-7127)\n\nIt was discovered that PHP incorrectly handled certain crafted TIFF image\nthumbnails. \n(CVE-2016-7128)\n\nIt was discovered that PHP incorrectly handled unserializing certain\nwddxPacket XML documents. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131,\nCVE-2016-7132, CVE-2016-7413)\n\nIt was discovered that PHP incorrectly handled certain memory operations. This issue only\naffected Ubuntu 16.04 LTS. (CVE-2016-7133)\n\nIt was discovered that PHP incorrectly handled long strings in curl_escape\ncalls. This\nissue only affected Ubuntu 16.04 LTS. (CVE-2016-7134)\n\nTaoguang Chen discovered that PHP incorrectly handled certain failures when\nunserializing data. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2016-7411)\n\nIt was discovered that PHP incorrectly handled certain flags in the MySQL\ndriver. (CVE-2016-7412)\n\nIt was discovered that PHP incorrectly handled ZIP file signature\nverification when processing a PHAR archive. (CVE-2016-7414)\n\nIt was discovered that PHP incorrectly handled certain locale operations. (CVE-2016-7416)\n\nIt was discovered that PHP incorrectly handled SplArray unserializing. (CVE-2016-7417)\n\nKe Liu discovered that PHP incorrectly handled unserializing wddxPacket XML\ndocuments with incorrect boolean elements. (CVE-2016-7418)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libapache2-mod-php7.0           7.0.8-0ubuntu0.16.04.3\n  php7.0-cgi                      7.0.8-0ubuntu0.16.04.3\n  php7.0-cli                      7.0.8-0ubuntu0.16.04.3\n  php7.0-curl                     7.0.8-0ubuntu0.16.04.3\n  php7.0-fpm                      7.0.8-0ubuntu0.16.04.3\n  php7.0-gd                       7.0.8-0ubuntu0.16.04.3\n  php7.0-mysql                    7.0.8-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.20\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.20\n  php5-cli                        5.5.9+dfsg-1ubuntu4.20\n  php5-curl                       5.5.9+dfsg-1ubuntu4.20\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.20\n  php5-gd                         5.5.9+dfsg-1ubuntu4.20\n  php5-mysqlnd                    5.5.9+dfsg-1ubuntu4.20\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.25\n  php5-cgi                        5.3.10-1ubuntu3.25\n  php5-cli                        5.3.10-1ubuntu3.25\n  php5-curl                       5.3.10-1ubuntu3.25\n  php5-fpm                        5.3.10-1ubuntu3.25\n  php5-gd                         5.3.10-1ubuntu3.25\n  php5-mysqlnd                    5.3.10-1ubuntu3.25\n\nIn general, a standard system update will make all the necessary changes. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/php-5.6.25-i586-1_slack14.2.txz:  Upgraded. \n  For more information, see:\n    http://php.net/ChangeLog-5.php#5.6.25\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7125\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7126\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7127\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7128\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7129\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7130\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7131\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7132\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7133\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7134\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.25-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.25-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.25-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.25-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.25-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.25-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.25-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.25-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n142ce77a026d2a2a4a7b4d4e56a7fac1  php-5.6.25-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nb551196f6d0324ec2372d9ed314b19c8  php-5.6.25-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n516e77d0b67e3ed3c9b3b81d7ef282b9  php-5.6.25-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne83b3b602bf36a7a15b6e5e0cd6da8f3  php-5.6.25-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n9b137ae0ae651fe0a15dc4007bc9047e  php-5.6.25-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n5c5fd6030ff16093fb5fadd691a7a07f  php-5.6.25-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc530cbb5f23c4bda6fbadc826e57d6f4  n/php-5.6.25-i586-1.txz\n\nSlackware x86_64 -current package:\n07e604c9f080061a7f6716295032c3bb  n/php-5.6.25-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.6.25-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rh-php56 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2016:2750-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2750.html\nIssue date:        2016-11-15\nCVE Names:         CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 \n                   CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 \n                   CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 \n                   CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 \n                   CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 \n                   CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 \n                   CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 \n                   CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 \n                   CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 \n                   CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 \n                   CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 \n                   CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 \n                   CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 \n                   CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 \n                   CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 \n                   CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 \n                   CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 \n                   CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 \n                   CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 \n                   CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 \n                   CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 \n                   CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 \n                   CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 \n                   CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 \n                   CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 \n                   CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 \n                   CVE-2016-7132 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php56, rh-php56-php, and rh-php56-php-pear is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The rh-php56 packages provide a recent stable release of PHP\nwith PEAR 1.9.5 and enhanced language features including constant\nexpressions, variadic functions, arguments unpacking, and the interactive\ndebuger. The memcache, mongo, and XDebug extensions are also included. \n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which\nprovides a number of bug fixes and enhancements over the previous version. \n(BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Under\ncertain circumstances, these issues could cause PHP to crash, disclose\nportions of its memory, execute arbitrary code, or impact PHP application\nintegrity. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-7456,\nCVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867,\nCVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879,\nCVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142,\nCVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342,\nCVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539,\nCVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544,\nCVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399,\nCVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771,\nCVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288,\nCVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294,\nCVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125,\nCVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130,\nCVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the\nrh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,\nCVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383,\nCVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391,\nCVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-3074, CVE-2016-4473, and CVE-2016-5399. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch()\n1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23)\n1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)\n1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)\n1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories\n1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)\n1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)\n1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)\n1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)\n1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)\n1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)\n1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)\n1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)\n1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)\n1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c\n1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated\n1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent\n1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives\n1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile()\n1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data\n1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd\n1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method\n1323103 - CVE-2016-4073 php: Negative size parameter in memcpy\n1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \\0 inside name\n1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error()\n1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode\n1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file\n1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads\n1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure\n1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream()\n1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition\n1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input\n1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used\n1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used\n1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow\n1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c\n1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects\n1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches\n1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns\n1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal\n1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread\n1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc\n1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities()\n1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file()\n1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow\n1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec\n1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread\n1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize\n1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351603 - CVE-2016-6128 gd: Invalid color index not properly handled\n1358395 - CVE-2016-5399 php: Improper error handling in bzread()\n1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex\n1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization\n1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment\n1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()\n1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http\n1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize()\n1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c\n1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex\n1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object\n1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability\n1374699 - CVE-2016-7126 php: select_colors write out-of-bounds\n1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access\n1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF\n1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access\n1374707 - CVE-2016-7130 php: wddx_deserialize null dereference\n1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml\n1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-7456\nhttps://access.redhat.com/security/cve/CVE-2014-9767\nhttps://access.redhat.com/security/cve/CVE-2015-2325\nhttps://access.redhat.com/security/cve/CVE-2015-2326\nhttps://access.redhat.com/security/cve/CVE-2015-2327\nhttps://access.redhat.com/security/cve/CVE-2015-2328\nhttps://access.redhat.com/security/cve/CVE-2015-3210\nhttps://access.redhat.com/security/cve/CVE-2015-3217\nhttps://access.redhat.com/security/cve/CVE-2015-5073\nhttps://access.redhat.com/security/cve/CVE-2015-8381\nhttps://access.redhat.com/security/cve/CVE-2015-8383\nhttps://access.redhat.com/security/cve/CVE-2015-8384\nhttps://access.redhat.com/security/cve/CVE-2015-8385\nhttps://access.redhat.com/security/cve/CVE-2015-8386\nhttps://access.redhat.com/security/cve/CVE-2015-8388\nhttps://access.redhat.com/security/cve/CVE-2015-8391\nhttps://access.redhat.com/security/cve/CVE-2015-8392\nhttps://access.redhat.com/security/cve/CVE-2015-8395\nhttps://access.redhat.com/security/cve/CVE-2015-8835\nhttps://access.redhat.com/security/cve/CVE-2015-8865\nhttps://access.redhat.com/security/cve/CVE-2015-8866\nhttps://access.redhat.com/security/cve/CVE-2015-8867\nhttps://access.redhat.com/security/cve/CVE-2015-8873\nhttps://access.redhat.com/security/cve/CVE-2015-8874\nhttps://access.redhat.com/security/cve/CVE-2015-8876\nhttps://access.redhat.com/security/cve/CVE-2015-8877\nhttps://access.redhat.com/security/cve/CVE-2015-8879\nhttps://access.redhat.com/security/cve/CVE-2016-1903\nhttps://access.redhat.com/security/cve/CVE-2016-2554\nhttps://access.redhat.com/security/cve/CVE-2016-3074\nhttps://access.redhat.com/security/cve/CVE-2016-3141\nhttps://access.redhat.com/security/cve/CVE-2016-3142\nhttps://access.redhat.com/security/cve/CVE-2016-4070\nhttps://access.redhat.com/security/cve/CVE-2016-4071\nhttps://access.redhat.com/security/cve/CVE-2016-4072\nhttps://access.redhat.com/security/cve/CVE-2016-4073\nhttps://access.redhat.com/security/cve/CVE-2016-4342\nhttps://access.redhat.com/security/cve/CVE-2016-4343\nhttps://access.redhat.com/security/cve/CVE-2016-4473\nhttps://access.redhat.com/security/cve/CVE-2016-4537\nhttps://access.redhat.com/security/cve/CVE-2016-4538\nhttps://access.redhat.com/security/cve/CVE-2016-4539\nhttps://access.redhat.com/security/cve/CVE-2016-4540\nhttps://access.redhat.com/security/cve/CVE-2016-4541\nhttps://access.redhat.com/security/cve/CVE-2016-4542\nhttps://access.redhat.com/security/cve/CVE-2016-4543\nhttps://access.redhat.com/security/cve/CVE-2016-4544\nhttps://access.redhat.com/security/cve/CVE-2016-5093\nhttps://access.redhat.com/security/cve/CVE-2016-5094\nhttps://access.redhat.com/security/cve/CVE-2016-5096\nhttps://access.redhat.com/security/cve/CVE-2016-5114\nhttps://access.redhat.com/security/cve/CVE-2016-5399\nhttps://access.redhat.com/security/cve/CVE-2016-5766\nhttps://access.redhat.com/security/cve/CVE-2016-5767\nhttps://access.redhat.com/security/cve/CVE-2016-5768\nhttps://access.redhat.com/security/cve/CVE-2016-5770\nhttps://access.redhat.com/security/cve/CVE-2016-5771\nhttps://access.redhat.com/security/cve/CVE-2016-5772\nhttps://access.redhat.com/security/cve/CVE-2016-5773\nhttps://access.redhat.com/security/cve/CVE-2016-6128\nhttps://access.redhat.com/security/cve/CVE-2016-6207\nhttps://access.redhat.com/security/cve/CVE-2016-6288\nhttps://access.redhat.com/security/cve/CVE-2016-6289\nhttps://access.redhat.com/security/cve/CVE-2016-6290\nhttps://access.redhat.com/security/cve/CVE-2016-6291\nhttps://access.redhat.com/security/cve/CVE-2016-6292\nhttps://access.redhat.com/security/cve/CVE-2016-6294\nhttps://access.redhat.com/security/cve/CVE-2016-6295\nhttps://access.redhat.com/security/cve/CVE-2016-6296\nhttps://access.redhat.com/security/cve/CVE-2016-6297\nhttps://access.redhat.com/security/cve/CVE-2016-7124\nhttps://access.redhat.com/security/cve/CVE-2016-7125\nhttps://access.redhat.com/security/cve/CVE-2016-7126\nhttps://access.redhat.com/security/cve/CVE-2016-7127\nhttps://access.redhat.com/security/cve/CVE-2016-7128\nhttps://access.redhat.com/security/cve/CVE-2016-7129\nhttps://access.redhat.com/security/cve/CVE-2016-7130\nhttps://access.redhat.com/security/cve/CVE-2016-7131\nhttps://access.redhat.com/security/cve/CVE-2016-7132\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs\nUCuj+0gWfBsWXOgFhgH0uL8=\n=FcPG\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201611-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: November 30, 2016\n     Bugs: #578734, #581834, #584204, #587246, #591710, #594498,\n           #597586, #599326\n       ID: 201611-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/php                 \u003c 5.6.28                  \u003e= 5.6.28\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.28\"\n\nReferences\n==========\n\n[  1 ] CVE-2015-8865\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865\n[  2 ] CVE-2016-3074\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074\n[  3 ] CVE-2016-4071\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071\n[  4 ] CVE-2016-4072\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072\n[  5 ] CVE-2016-4073\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073\n[  6 ] CVE-2016-4537\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537\n[  7 ] CVE-2016-4538\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538\n[  8 ] CVE-2016-4539\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539\n[  9 ] CVE-2016-4540\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540\n[ 10 ] CVE-2016-4541\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541\n[ 11 ] CVE-2016-4542\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542\n[ 12 ] CVE-2016-4543\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543\n[ 13 ] CVE-2016-4544\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544\n[ 14 ] CVE-2016-5385\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385\n[ 15 ] CVE-2016-6289\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289\n[ 16 ] CVE-2016-6290\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290\n[ 17 ] CVE-2016-6291\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291\n[ 18 ] CVE-2016-6292\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292\n[ 19 ] CVE-2016-6294\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294\n[ 20 ] CVE-2016-6295\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295\n[ 21 ] CVE-2016-6296\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296\n[ 22 ] CVE-2016-6297\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297\n[ 23 ] CVE-2016-7124\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124\n[ 24 ] CVE-2016-7125\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125\n[ 25 ] CVE-2016-7126\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126\n[ 26 ] CVE-2016-7127\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127\n[ 27 ] CVE-2016-7128\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128\n[ 28 ] CVE-2016-7129\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129\n[ 29 ] CVE-2016-7130\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130\n[ 30 ] CVE-2016-7131\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131\n[ 31 ] CVE-2016-7132\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132\n[ 32 ] CVE-2016-7133\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133\n[ 33 ] CVE-2016-7134\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134\n[ 34 ] CVE-2016-7411\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411\n[ 35 ] CVE-2016-7412\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412\n[ 36 ] CVE-2016-7413\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413\n[ 37 ] CVE-2016-7414\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414\n[ 38 ] CVE-2016-7416\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416\n[ 39 ] CVE-2016-7417\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417\n[ 40 ] CVE-2016-7418\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201611-22\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7125"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      },
      {
        "db": "BID",
        "id": "92552"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-7125"
      },
      {
        "db": "PACKETSTORM",
        "id": "138970"
      },
      {
        "db": "PACKETSTORM",
        "id": "138664"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-7125",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "92552",
        "trust": 2.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/09/02/9",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2016-19",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1036680",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004620",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "34769",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-079",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-7125",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138970",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138664",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139729",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139968",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-7125"
      },
      {
        "db": "BID",
        "id": "92552"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      },
      {
        "db": "PACKETSTORM",
        "id": "138970"
      },
      {
        "db": "PACKETSTORM",
        "id": "138664"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7125"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ]
  },
  "id": "VAR-201609-0496",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.40921953
  },
  "last_update_date": "2023-12-18T10:50:52.062000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Fix bug #72681 - consume data even if we\u0027re not storing them",
        "trust": 0.8,
        "url": "https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1"
      },
      {
        "title": "Sec Bug #72681",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=72681"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "title": "PHP 7 ChangeLog",
        "trust": 0.8,
        "url": "http://www.php.net/changelog-7.php"
      },
      {
        "title": "PHP\u0027ext/session/session.c\u0027 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63904"
      },
      {
        "title": "Red Hat: CVE-2016-7125",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-7125"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-7125"
      },
      {
        "title": "Ubuntu Security Notice: php5, php7.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3095-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3689-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=f4846741b59710ba951a63ede598cb9d"
      },
      {
        "title": "Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162750 - security advisory"
      },
      {
        "title": "Tenable Security Advisories: [R6] SecurityCenter 5.4.1 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-19"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-7125"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-74",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7125"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://bugs.php.net/bug.php?id=72681"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/92552"
      },
      {
        "trust": 1.7,
        "url": "http://www.php.net/changelog-7.php"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1"
      },
      {
        "trust": 1.7,
        "url": "http://openwall.com/lists/oss-security/2016/09/02/9"
      },
      {
        "trust": 1.7,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201611-22"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2750.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036680"
      },
      {
        "trust": 1.1,
        "url": "https://www.tenable.com/security/tns-2016-19"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7125"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7125"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/34769"
      },
      {
        "trust": 0.3,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=61156f0d68704df748b5cbf08c77582c208db8c9"
      },
      {
        "trust": 0.3,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 0.3,
        "url": "http://php.net/changelog-7.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024488"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35232053.html?sr=59127075"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7128"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7127"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7125"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7129"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-7125"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7131"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7124"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7132"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7130"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7134"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7133"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7126"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/74.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3095-1/"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7413"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7414"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7417"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7416"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.25"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.3"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7411"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.20"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7418"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3095-1"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7133"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7134"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.6.25"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6288"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5093"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4342"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4473"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5096"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4070"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7417"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7416"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5385"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7134"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7411"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7413"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7414"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7133"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7418"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3074"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-7125"
      },
      {
        "db": "BID",
        "id": "92552"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      },
      {
        "db": "PACKETSTORM",
        "id": "138970"
      },
      {
        "db": "PACKETSTORM",
        "id": "138664"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7125"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-7125"
      },
      {
        "db": "BID",
        "id": "92552"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      },
      {
        "db": "PACKETSTORM",
        "id": "138970"
      },
      {
        "db": "PACKETSTORM",
        "id": "138664"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7125"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-7125"
      },
      {
        "date": "2016-07-26T00:00:00",
        "db": "BID",
        "id": "92552"
      },
      {
        "date": "2016-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      },
      {
        "date": "2016-10-04T22:23:00",
        "db": "PACKETSTORM",
        "id": "138970"
      },
      {
        "date": "2016-09-10T01:59:23",
        "db": "PACKETSTORM",
        "id": "138664"
      },
      {
        "date": "2016-11-15T16:44:45",
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "date": "2016-12-01T16:38:01",
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "date": "2016-09-12T01:59:03.427000",
        "db": "NVD",
        "id": "CVE-2016-7125"
      },
      {
        "date": "2016-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-7125"
      },
      {
        "date": "2016-12-20T02:04:00",
        "db": "BID",
        "id": "92552"
      },
      {
        "date": "2016-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      },
      {
        "date": "2018-01-05T02:31:12.337000",
        "db": "NVD",
        "id": "CVE-2016-7125"
      },
      {
        "date": "2016-09-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/session/session.c Vulnerable to insertion of arbitrary types of session data",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004620"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-079"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0266
Vulnerability from variot

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. PHP is prone to a remote denial-of-service vulnerability. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. An algorithmic complexity vulnerability exists in the 'multipart_buffer_headers' function in PHP's main/rfc1867.c file. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. 6) - i386, x86_64

  1. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

This update also fixes the following bugs:

  • The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305)

  • When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299)

  • Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm

s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.ael7b_1.src.rpm

ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm

s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg= =FREZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

CVE-2015-4024

Denial of service when processing multipart/form-data requests.

CVE-2015-4022

Integer overflow in the ftp_genlist() function may result in
denial of service or potentially the execution of arbitrary code.

For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.41-0+deb7u1.

For the stable distribution (jessie), these problems have been fixed in version 5.6.9+dfsg-0+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 5.6.9+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in version 5.6.9+dfsg-1.

We recommend that you upgrade your php5 packages

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0266",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "system management homepage",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "7.5.3.1"
      },
      {
        "model": "software collections",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "enterprise linux server",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "enterprise linux desktop",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.9"
      },
      {
        "model": "enterprise linux server eus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.5"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.14"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.28"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.19"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.15"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.35"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.30"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.33"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.17"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.7"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.32"
      },
      {
        "model": "tealeaf customer experience 9.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.34"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.4"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.41"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.16"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.25"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.37"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.36"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.27"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.29"
      },
      {
        "model": "tealeaf customer experience 9.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system chassis management module 2pet",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "flex system chassis management module 2pet14c-2.5.5c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.18"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.31"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.23"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.21"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-131"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4024"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.40",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.5.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4024"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2015-4024",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-4024",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-81985",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4024",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-131",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81985",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-4024",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81985"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-131"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4024"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. PHP is prone to a remote denial-of-service vulnerability. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. An algorithmic complexity vulnerability exists in the \u0027multipart_buffer_headers\u0027 function in PHP\u0027s main/rfc1867.c file. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. 6) - i386, x86_64\n\n3. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php security and bug fix update\nAdvisory ID:       RHSA-2015:1135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1135.html\nIssue date:        2015-06-23\nCVE Names:         CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 \n                   CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 \n                   CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 \n                   CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 \n                   CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 \n                   CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 \n                   CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption. \n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nppc64:\nphp-5.4.16-36.el7_1.ppc64.rpm\nphp-cli-5.4.16-36.el7_1.ppc64.rpm\nphp-common-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-gd-5.4.16-36.el7_1.ppc64.rpm\nphp-ldap-5.4.16-36.el7_1.ppc64.rpm\nphp-mysql-5.4.16-36.el7_1.ppc64.rpm\nphp-odbc-5.4.16-36.el7_1.ppc64.rpm\nphp-pdo-5.4.16-36.el7_1.ppc64.rpm\nphp-pgsql-5.4.16-36.el7_1.ppc64.rpm\nphp-process-5.4.16-36.el7_1.ppc64.rpm\nphp-recode-5.4.16-36.el7_1.ppc64.rpm\nphp-soap-5.4.16-36.el7_1.ppc64.rpm\nphp-xml-5.4.16-36.el7_1.ppc64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-5.4.16-36.el7_1.s390x.rpm\nphp-cli-5.4.16-36.el7_1.s390x.rpm\nphp-common-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-gd-5.4.16-36.el7_1.s390x.rpm\nphp-ldap-5.4.16-36.el7_1.s390x.rpm\nphp-mysql-5.4.16-36.el7_1.s390x.rpm\nphp-odbc-5.4.16-36.el7_1.s390x.rpm\nphp-pdo-5.4.16-36.el7_1.s390x.rpm\nphp-pgsql-5.4.16-36.el7_1.s390x.rpm\nphp-process-5.4.16-36.el7_1.s390x.rpm\nphp-recode-5.4.16-36.el7_1.s390x.rpm\nphp-soap-5.4.16-36.el7_1.s390x.rpm\nphp-xml-5.4.16-36.el7_1.s390x.rpm\nphp-xmlrpc-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.ael7b_1.src.rpm\n\nppc64le:\nphp-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-cli-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-common-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-gd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-ldap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-odbc-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pdo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-process-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-recode-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-soap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xml-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.el7_1.ppc64.rpm\nphp-dba-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-devel-5.4.16-36.el7_1.ppc64.rpm\nphp-embedded-5.4.16-36.el7_1.ppc64.rpm\nphp-enchant-5.4.16-36.el7_1.ppc64.rpm\nphp-fpm-5.4.16-36.el7_1.ppc64.rpm\nphp-intl-5.4.16-36.el7_1.ppc64.rpm\nphp-mbstring-5.4.16-36.el7_1.ppc64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.ppc64.rpm\nphp-pspell-5.4.16-36.el7_1.ppc64.rpm\nphp-snmp-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.el7_1.s390x.rpm\nphp-dba-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-devel-5.4.16-36.el7_1.s390x.rpm\nphp-embedded-5.4.16-36.el7_1.s390x.rpm\nphp-enchant-5.4.16-36.el7_1.s390x.rpm\nphp-fpm-5.4.16-36.el7_1.s390x.rpm\nphp-intl-5.4.16-36.el7_1.s390x.rpm\nphp-mbstring-5.4.16-36.el7_1.s390x.rpm\nphp-mysqlnd-5.4.16-36.el7_1.s390x.rpm\nphp-pspell-5.4.16-36.el7_1.s390x.rpm\nphp-snmp-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nphp-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-dba-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-devel-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-embedded-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-enchant-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-fpm-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-intl-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pspell-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-snmp-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O\ndtqycPWs+07GhjmZ6NNx5Bg=\n=FREZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nCVE-2015-4024\n\n    Denial of service when processing multipart/form-data requests. \n\nCVE-2015-4022\n\n    Integer overflow in the ftp_genlist() function may result in\n    denial of service or potentially the execution of arbitrary code. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1. \n\nWe recommend that you upgrade your php5 packages",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      },
      {
        "db": "BID",
        "id": "74903"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81985"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4024"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4024",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "74903",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032432",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003050",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-131",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-89209",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-81985",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4024",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132440",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132406",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132619",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132442",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132198",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81985"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4024"
      },
      {
        "db": "BID",
        "id": "74903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-131"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4024"
      }
    ]
  },
  "id": "VAR-201506-0266",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81985"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:30:13.501000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "Sec Bug #69364",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69364"
      },
      {
        "title": "RHSA-2015:1135",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "title": "RHSA-2015:1187",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "TLSA-2015-15",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-15j.html"
      },
      {
        "title": "Debian Security Advisories: DSA-3280-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=46f85ac4e3abfa7a18e115fb47892db6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-535",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-535"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-534",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-534"
      },
      {
        "title": "Tenable Security Advisories: [R4] SecurityCenter 5.0.0.1 Affected by Third-party Library",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-06"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-536",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-536"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2658-1"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      },
      {
        "title": "php-load-test",
        "trust": 0.1,
        "url": "https://github.com/typcn/php-load-test "
      },
      {
        "title": "phpbug69364-test",
        "trust": 0.1,
        "url": "https://github.com/qqq232575/phpbug69364-test "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-4024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81985"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4024"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/74903"
      },
      {
        "trust": 2.4,
        "url": "http://www.debian.org/security/2015/dsa-3280"
      },
      {
        "trust": 2.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 2.1,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=69364"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1186.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1219.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158616.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/159031.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158915.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1032432"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4024"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4024"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "http://git.php.net/?p=php-src.git;a=commitdiff;h=4605d536d23b00813d11cc906bb48d39bdcf5f25"
      },
      {
        "trust": 0.3,
        "url": "https://www.oracle.com/technetwork/topics/security/bulletinjul2017-3814622.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/6075/security-advisory-alienvault-v5-2-addresses-55-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972384"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4605"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4604"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/typcn/php-load-test"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39138"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2658-1/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81985"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4024"
      },
      {
        "db": "BID",
        "id": "74903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-131"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4024"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81985"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4024"
      },
      {
        "db": "BID",
        "id": "74903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-131"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4024"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81985"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4024"
      },
      {
        "date": "2015-05-14T00:00:00",
        "db": "BID",
        "id": "74903"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      },
      {
        "date": "2015-06-25T14:18:12",
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "date": "2015-07-09T23:16:17",
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "date": "2015-06-23T14:07:16",
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "date": "2015-07-09T23:16:26",
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "date": "2015-06-25T14:18:25",
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "date": "2015-06-10T01:21:58",
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "date": "2015-06-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-131"
      },
      {
        "date": "2015-06-09T18:59:06.770000",
        "db": "NVD",
        "id": "CVE-2015-4024"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81985"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4024"
      },
      {
        "date": "2017-07-21T13:07:00",
        "db": "BID",
        "id": "74903"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      },
      {
        "date": "2019-12-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-131"
      },
      {
        "date": "2019-12-27T16:08:55.810000",
        "db": "NVD",
        "id": "CVE-2015-4024"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-131"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  main/rfc1867.c of  multipart_buffer_headers Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003050"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-131"
      }
    ],
    "trust": 0.6
  }
}

var-201512-0521
Vulnerability from variot

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. PHP is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The 'phar_parse_zipfile' function in PHP's ext/phar/zip.c file has a one-by-one error vulnerability. The following products and versions are affected: PHP 5.5.29 and prior and 5.6.x prior to 5.6.14, Apple OS X 10.11.1 and prior.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.17-i486-1_slack14.1.txz: Upgraded. This release fixes bugs and security issues.


  • IMPORTANT: READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES *

PHP 5.4.x has been declared EOL (end of life) and is no longer receiving upstream support. PHP 5.5.x is also no longer on active support status and security fixes will continue only until 5 months from now. For this reason we have provided PHP 5.6 packages as security updates. Be aware that PHP 5.6 is not 100% compatible with PHP 5.4, and some changes may be required to existing web pages written for PHP 5.4. For information on how to migrate from PHP 5.4, please see: http://php.net/manual/en/migration55.php http://php.net/manual/en/migration56.php The final PHP 5.4 packages may be found in /pasture in case there is a need to revert this update. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.17-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.17-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.17-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.17-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 69eba2b2193b19396987c73ef901a68a php-5.6.17-i486-1_slack14.1.txz

Slackware x86_64 14.0 package: 23d8436b3e90027bb7ffb7b0cf8e918c php-5.6.17-x86_64-1_slack14.1.txz

Slackware 14.1 package: a3958009db7633258fbd7ebaf5952a5c php-5.6.17-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: f1b1cfdf325e66590bdad15170968fee php-5.6.17-x86_64-1_slack14.1.txz

Slackware -current package: 239e452ac1570edfb9a574098c8e6b7b n/php-5.6.17-i586-1.txz

Slackware x86_64 -current package: 02a07c1a33d393bb67b7ade06dc4d237 n/php-5.6.17-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.6.17-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

Finally, make sure to make any needed changes for compatibility with PHP 5.6. See the links mentioned above.

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-2786-1 October 28, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

PHP could be made to crash if it processed a specially crafted file.

Software Description: - php5: HTML-embedded scripting language interpreter

Details:

It was discovered that the PHP phar extension incorrectly handled certain files. (CVE-2015-7803, CVE-2015-7804)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1 php5-cgi 5.6.11+dfsg-1ubuntu3.1 php5-cli 5.6.11+dfsg-1ubuntu3.1 php5-fpm 5.6.11+dfsg-1ubuntu3.1

Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4 php5-cgi 5.6.4+dfsg-4ubuntu6.4 php5-cli 5.6.4+dfsg-4ubuntu6.4 php5-fpm 5.6.4+dfsg-4ubuntu6.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14 php5-cgi 5.5.9+dfsg-1ubuntu4.14 php5-cli 5.5.9+dfsg-1ubuntu4.14 php5-fpm 5.5.9+dfsg-1ubuntu4.14

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.21 php5-cgi 5.3.10-1ubuntu3.21 php5-cli 5.3.10-1ubuntu3.21 php5-fpm 5.3.10-1ubuntu3.21

In general, a standard system update will make all the necessary changes.

CVE-2015-7803

The phar extension could crash with a NULL pointer dereference
when processing tar archives containing links referring to
non-existing files.  This could lead to a denial of service.

CVE-2015-7804

The phar extension does not correctly process directory entries
found in archive files with the name "/", leading to a denial of
service and, potentially, information disclosure.

The update for Debian stable (jessie) contains additional bug fixes from PHP upstream version 5.6.14, as described in the upstream changelog:

https://php.net/ChangeLog-5.php#5.6.13

Note to users of the the oldstable distribution (wheezy): PHP 5.4 has reached end-of-life on September 14th, 2015. As a result, there will be no more new upstream releases. The security support of PHP 5.4 in Debian oldstable (wheezy) will be best effort only, and you are strongly advised to upgrade to latest Debian stable release (jessie), which includes PHP 5.6.

For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.45-0+deb7u2.

For the stable distribution (jessie), these problems have been fixed in version 5.6.14+dfsg-0+deb8u1.

For the testing distribution (stretch) and the unstable distribution (sid), these problems have been fixed in version 5.6.14+dfsg-1.

We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rh-php56-php security update Advisory ID: RHSA-2016:0457-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0457.html Issue date: 2016-03-15 CVE Names: CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 =====================================================================

  1. Summary:

Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-5589, CVE-2015-5590, CVE-2015-6833, CVE-2015-7803, CVE-2015-7804)

Two NULL pointer dereference flaws were found in the XSLTProcessor class in PHP. An attacker could use these flaws to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)

All rh-php56-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file 1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath 1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize() 1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items 1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues 1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer 1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion 1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class 1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset() 1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() 1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: rh-php56-php-5.6.5-8.el6.src.rpm

x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source: rh-php56-php-5.6.5-8.el6.src.rpm

x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: rh-php56-php-5.6.5-8.el6.src.rpm

x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: rh-php56-php-5.6.5-8.el6.src.rpm

x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php56-php-5.6.5-8.el7.src.rpm

x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):

Source: rh-php56-php-5.6.5-8.el7.src.rpm

x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):

Source: rh-php56-php-5.6.5-8.el7.src.rpm

x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php56-php-5.6.5-8.el7.src.rpm

x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-5589 https://access.redhat.com/security/cve/CVE-2015-5590 https://access.redhat.com/security/cve/CVE-2015-6831 https://access.redhat.com/security/cve/CVE-2015-6832 https://access.redhat.com/security/cve/CVE-2015-6833 https://access.redhat.com/security/cve/CVE-2015-6834 https://access.redhat.com/security/cve/CVE-2015-6835 https://access.redhat.com/security/cve/CVE-2015-6836 https://access.redhat.com/security/cve/CVE-2015-6837 https://access.redhat.com/security/cve/CVE-2015-6838 https://access.redhat.com/security/cve/CVE-2015-7803 https://access.redhat.com/security/cve/CVE-2015-7804 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch sZ3mH+O8FzxQYqRnfS39Ew8= =8DIR -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0521",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "apple",
        "version": "10.11.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.1"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.14"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.5.29",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7804"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "hugh, and emmanuel.",
    "sources": [
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-7804",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-7804",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-85765",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7804",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201510-700",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85765",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85765"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. PHP is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The \u0027phar_parse_zipfile\u0027 function in PHP\u0027s ext/phar/zip.c file has a one-by-one error vulnerability. The following products and versions are affected: PHP 5.5.29 and prior and 5.6.x prior to 5.6.14, Apple OS X 10.11.1 and prior. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.6.17-i486-1_slack14.1.txz:  Upgraded. \n  This release fixes bugs and security issues. \n  *****************************************************************\n  * IMPORTANT:  READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES *\n  *****************************************************************\n  PHP 5.4.x has been declared EOL (end of life) and is no longer receiving\n  upstream support.  PHP 5.5.x is also no longer on active support status and\n  security fixes will continue only until 5 months from now.  For this reason\n  we have provided PHP 5.6 packages as security updates.  Be aware that PHP\n  5.6 is not 100% compatible with PHP 5.4, and some changes may be required\n  to existing web pages written for PHP 5.4. \n  For information on how to migrate from PHP 5.4, please see:\n    http://php.net/manual/en/migration55.php\n    http://php.net/manual/en/migration56.php\n  The final PHP 5.4 packages may be found in /pasture in case there is a need\n  to revert this update. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.17-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.17-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.17-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.17-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n69eba2b2193b19396987c73ef901a68a  php-5.6.17-i486-1_slack14.1.txz\n\nSlackware x86_64 14.0 package:\n23d8436b3e90027bb7ffb7b0cf8e918c  php-5.6.17-x86_64-1_slack14.1.txz\n\nSlackware 14.1 package:\na3958009db7633258fbd7ebaf5952a5c  php-5.6.17-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf1b1cfdf325e66590bdad15170968fee  php-5.6.17-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n239e452ac1570edfb9a574098c8e6b7b  n/php-5.6.17-i586-1.txz\n\nSlackware x86_64 -current package:\n02a07c1a33d393bb67b7ade06dc4d237  n/php-5.6.17-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.6.17-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\nFinally, make sure to make any needed changes for compatibility with PHP 5.6. \nSee the links mentioned above. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. ============================================================================\nUbuntu Security Notice USN-2786-1\nOctober 28, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nPHP could be made to crash if it processed a specially crafted file. \n\nSoftware Description:\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nIt was discovered that the PHP phar extension incorrectly handled certain\nfiles. (CVE-2015-7803, CVE-2015-7804)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libapache2-mod-php5             5.6.11+dfsg-1ubuntu3.1\n  php5-cgi                        5.6.11+dfsg-1ubuntu3.1\n  php5-cli                        5.6.11+dfsg-1ubuntu3.1\n  php5-fpm                        5.6.11+dfsg-1ubuntu3.1\n\nUbuntu 15.04:\n  libapache2-mod-php5             5.6.4+dfsg-4ubuntu6.4\n  php5-cgi                        5.6.4+dfsg-4ubuntu6.4\n  php5-cli                        5.6.4+dfsg-4ubuntu6.4\n  php5-fpm                        5.6.4+dfsg-4ubuntu6.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.14\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.14\n  php5-cli                        5.5.9+dfsg-1ubuntu4.14\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.14\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.21\n  php5-cgi                        5.3.10-1ubuntu3.21\n  php5-cli                        5.3.10-1ubuntu3.21\n  php5-fpm                        5.3.10-1ubuntu3.21\n\nIn general, a standard system update will make all the necessary changes. \n\nCVE-2015-7803\n\n    The phar extension could crash with a NULL pointer dereference\n    when processing tar archives containing links referring to\n    non-existing files.  This could lead to a denial of service. \n\nCVE-2015-7804\n\n    The phar extension does not correctly process directory entries\n    found in archive files with the name \"/\", leading to a denial of\n    service and, potentially, information disclosure. \n\nThe update for Debian stable (jessie) contains additional bug fixes\nfrom PHP upstream version 5.6.14, as described in the upstream\nchangelog:\n\n    https://php.net/ChangeLog-5.php#5.6.13\n\nNote to users of the the oldstable distribution (wheezy): PHP 5.4 has\nreached end-of-life on September 14th, 2015.  As a result, there will\nbe no more new upstream releases.  The security support of PHP 5.4 in\nDebian oldstable (wheezy) will be best effort only, and you are\nstrongly advised to upgrade to latest Debian stable release (jessie),\nwhich includes PHP 5.6. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.45-0+deb7u2. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.14+dfsg-0+deb8u1. \n\nFor the testing distribution (stretch) and the unstable distribution\n(sid), these problems have been fixed in version 5.6.14+dfsg-1. \n\nWe recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rh-php56-php security update\nAdvisory ID:       RHSA-2016:0457-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0457.html\nIssue date:        2016-03-15\nCVE Names:         CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 \n                   CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 \n                   CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 \n                   CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 \n=====================================================================\n\n1. Summary:\n\nUpdated rh-php56-php packages that fix multiple security issues are now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834,\nCVE-2015-6835, CVE-2015-6836)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-5589,\nCVE-2015-5590, CVE-2015-6833, CVE-2015-7803, CVE-2015-7804)\n\nTwo NULL pointer dereference flaws were found in the XSLTProcessor class in\nPHP. An attacker could use these flaws to cause a PHP application to crash\nif it performed Extensible Stylesheet Language (XSL) transformations using\nuntrusted XSLT files and allowed the use of PHP functions to be used as\nXSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)\n\nAll rh-php56-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file\n1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath\n1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize()\n1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items\n1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues\n1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer\n1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion\n1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class\n1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset()\n1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream()\n1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5589\nhttps://access.redhat.com/security/cve/CVE-2015-5590\nhttps://access.redhat.com/security/cve/CVE-2015-6831\nhttps://access.redhat.com/security/cve/CVE-2015-6832\nhttps://access.redhat.com/security/cve/CVE-2015-6833\nhttps://access.redhat.com/security/cve/CVE-2015-6834\nhttps://access.redhat.com/security/cve/CVE-2015-6835\nhttps://access.redhat.com/security/cve/CVE-2015-6836\nhttps://access.redhat.com/security/cve/CVE-2015-6837\nhttps://access.redhat.com/security/cve/CVE-2015-6838\nhttps://access.redhat.com/security/cve/CVE-2015-7803\nhttps://access.redhat.com/security/cve/CVE-2015-7804\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch\nsZ3mH+O8FzxQYqRnfS39Ew8=\n=8DIR\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7804"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      },
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85765"
      },
      {
        "db": "PACKETSTORM",
        "id": "135595"
      },
      {
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "db": "PACKETSTORM",
        "id": "134109"
      },
      {
        "db": "PACKETSTORM",
        "id": "136246"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7804",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "76959",
        "trust": 2.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/10/05/8",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU97526033",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006376",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-700",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-85765",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135595",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134112",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134109",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136246",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85765"
      },
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      },
      {
        "db": "PACKETSTORM",
        "id": "135595"
      },
      {
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "db": "PACKETSTORM",
        "id": "134109"
      },
      {
        "db": "PACKETSTORM",
        "id": "136246"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ]
  },
  "id": "VAR-201512-0521",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85765"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:58:04.596000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
      },
      {
        "title": "HT205637",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205637"
      },
      {
        "title": "HT205637",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205637"
      },
      {
        "title": "Sec Bug #70433",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=70433"
      },
      {
        "title": "Better fix for bug #70433",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=1ddf72180a52d247db88ea42a3e35f824a8fbda1"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "title": "PHP Fixes for digital error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58493"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85765"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7804"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://bugs.php.net/bug.php?id=70433"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/76959"
      },
      {
        "trust": 1.7,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205637"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2015/10/05/8"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2786-1"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3380"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=1ddf72180a52d247db88ea42a3e35f824a8fbda1"
      },
      {
        "trust": 1.0,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.461720"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7804"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97526033/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7804"
      },
      {
        "trust": 0.7,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=1ddf72180a52d247db88ea42a3e35f824a8fbda1"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7803"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7804"
      },
      {
        "trust": 0.3,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "https://bugs.php.net/bug.php?id=69720"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2786-1/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2016\u0026amp;m=slackware-security.461720"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/manual/en/migration56.php"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/manual/en/migration55.php"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://php.net/changelog-5.php#5.6.13"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0457.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5589"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5590"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5590"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5589"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85765"
      },
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      },
      {
        "db": "PACKETSTORM",
        "id": "135595"
      },
      {
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "db": "PACKETSTORM",
        "id": "134109"
      },
      {
        "db": "PACKETSTORM",
        "id": "136246"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-85765"
      },
      {
        "db": "BID",
        "id": "76959"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      },
      {
        "db": "PACKETSTORM",
        "id": "135595"
      },
      {
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "db": "PACKETSTORM",
        "id": "134109"
      },
      {
        "db": "PACKETSTORM",
        "id": "136246"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85765"
      },
      {
        "date": "2015-10-05T00:00:00",
        "db": "BID",
        "id": "76959"
      },
      {
        "date": "2015-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      },
      {
        "date": "2016-02-04T21:45:02",
        "db": "PACKETSTORM",
        "id": "135595"
      },
      {
        "date": "2015-10-28T18:47:28",
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "date": "2015-10-28T18:46:49",
        "db": "PACKETSTORM",
        "id": "134109"
      },
      {
        "date": "2016-03-15T06:19:00",
        "db": "PACKETSTORM",
        "id": "136246"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-12-11T12:00:12.307000",
        "db": "NVD",
        "id": "CVE-2015-7804"
      },
      {
        "date": "2015-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85765"
      },
      {
        "date": "2016-07-05T21:22:00",
        "db": "BID",
        "id": "76959"
      },
      {
        "date": "2015-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      },
      {
        "date": "2023-11-07T02:28:01.620000",
        "db": "NVD",
        "id": "CVE-2015-7804"
      },
      {
        "date": "2015-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134112"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/phar/zip.c of  phar_parse_zipfile Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006376"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-700"
      }
    ],
    "trust": 0.6
  }
}

var-201603-0113
Vulnerability from variot

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. One of these archive extensions is PHAR, which allows applications to be packaged with a single file that contains everything needed to run the application. A security vulnerability exists in the 'phar_parse_zipfile' function in the zip.c file in PHP 5.5.32 and prior and 5.6.x versions of the PHAR extension prior to 5.6.19. ============================================================================ Ubuntu Security Notice USN-2952-2 April 27, 2016

php5 regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10

Summary:

USN-2952-1 caused a regression in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. (CVE-2014-9767) It was discovered that the PHP Soap client incorrectly validated data types. (CVE-2015-8835, CVE-2016-3185) It was discovered that the PHP MySQL native driver incorrectly handled TLS connections to MySQL databases. A man in the middle attacker could possibly use this issue to downgrade and snoop on TLS connections. This vulnerability is known as BACKRONYM. (CVE-2015-8838) It was discovered that PHP incorrectly handled the imagerotate function. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903) Hans Jerry Illikainen discovered that the PHP phar extension incorrectly handled certain tar archives. (CVE-2016-2554) It was discovered that the PHP WDDX extension incorrectly handled certain malformed XML data. (CVE-2016-3141) It was discovered that the PHP phar extension incorrectly handled certain zip files. (CVE-2016-3142) It was discovered that the PHP libxml_disable_entity_loader() setting was shared between threads. When running under PHP-FPM, this could result in XML external entity injection and entity expansion issues. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number) It was discovered that the PHP openssl_random_pseudo_bytes() function did not return cryptographically strong pseudo-random bytes. (No CVE number) It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. (CVE number pending) It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE number pending) It was discovered that the PHP rawurlencode() function incorrectly handled large strings. (CVE number pending) It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. (CVE number pending) It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. (CVE number pending)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.3 php5-cgi 5.6.11+dfsg-1ubuntu3.3 php5-cli 5.6.11+dfsg-1ubuntu3.3 php5-fpm 5.6.11+dfsg-1ubuntu3.3 php5-gd 5.6.11+dfsg-1ubuntu3.3 php5-mysqlnd 5.6.11+dfsg-1ubuntu3.3 php5-snmp 5.6.11+dfsg-1ubuntu3.3

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update Advisory ID: RHSA-2016:2750-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html Issue date: 2016-11-15 CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 =====================================================================

  1. Summary:

An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.

The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)

Security Fixes in the rh-php56-php component:

  • Several Moderate and Low impact security issues were found in PHP. Under certain circumstances, these issues could cause PHP to crash, disclose portions of its memory, execute arbitrary code, or impact PHP application integrity. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)

  • Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted regular expression could cause PHP to crash or, possibly, execute arbitrary code. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)

Red Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch() 1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23) 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19) 1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3) 1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) 1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36) 1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c 1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated 1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent 1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives 1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile() 1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data 1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd 1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method 1323103 - CVE-2016-4073 php: Negative size parameter in memcpy 1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name 1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error() 1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode 1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file 1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads 1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure 1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream() 1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition 1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input 1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used 1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used 1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow 1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c 1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects 1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches 1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns 1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal 1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread 1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc 1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities() 1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file() 1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow 1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow 1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec 1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread 1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize 1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351603 - CVE-2016-6128 gd: Invalid color index not properly handled 1358395 - CVE-2016-5399 php: Improper error handling in bzread() 1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex 1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization 1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE 1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment 1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc() 1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http 1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize() 1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c 1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener 1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex 1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object 1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability 1374699 - CVE-2016-7126 php: select_colors write out-of-bounds 1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access 1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF 1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access 1374707 - CVE-2016-7130 php: wddx_deserialize null dereference 1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml 1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-7456 https://access.redhat.com/security/cve/CVE-2014-9767 https://access.redhat.com/security/cve/CVE-2015-2325 https://access.redhat.com/security/cve/CVE-2015-2326 https://access.redhat.com/security/cve/CVE-2015-2327 https://access.redhat.com/security/cve/CVE-2015-2328 https://access.redhat.com/security/cve/CVE-2015-3210 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8381 https://access.redhat.com/security/cve/CVE-2015-8383 https://access.redhat.com/security/cve/CVE-2015-8384 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2015-8392 https://access.redhat.com/security/cve/CVE-2015-8395 https://access.redhat.com/security/cve/CVE-2015-8835 https://access.redhat.com/security/cve/CVE-2015-8865 https://access.redhat.com/security/cve/CVE-2015-8866 https://access.redhat.com/security/cve/CVE-2015-8867 https://access.redhat.com/security/cve/CVE-2015-8873 https://access.redhat.com/security/cve/CVE-2015-8874 https://access.redhat.com/security/cve/CVE-2015-8876 https://access.redhat.com/security/cve/CVE-2015-8877 https://access.redhat.com/security/cve/CVE-2015-8879 https://access.redhat.com/security/cve/CVE-2016-1903 https://access.redhat.com/security/cve/CVE-2016-2554 https://access.redhat.com/security/cve/CVE-2016-3074 https://access.redhat.com/security/cve/CVE-2016-3141 https://access.redhat.com/security/cve/CVE-2016-3142 https://access.redhat.com/security/cve/CVE-2016-4070 https://access.redhat.com/security/cve/CVE-2016-4071 https://access.redhat.com/security/cve/CVE-2016-4072 https://access.redhat.com/security/cve/CVE-2016-4073 https://access.redhat.com/security/cve/CVE-2016-4342 https://access.redhat.com/security/cve/CVE-2016-4343 https://access.redhat.com/security/cve/CVE-2016-4473 https://access.redhat.com/security/cve/CVE-2016-4537 https://access.redhat.com/security/cve/CVE-2016-4538 https://access.redhat.com/security/cve/CVE-2016-4539 https://access.redhat.com/security/cve/CVE-2016-4540 https://access.redhat.com/security/cve/CVE-2016-4541 https://access.redhat.com/security/cve/CVE-2016-4542 https://access.redhat.com/security/cve/CVE-2016-4543 https://access.redhat.com/security/cve/CVE-2016-4544 https://access.redhat.com/security/cve/CVE-2016-5093 https://access.redhat.com/security/cve/CVE-2016-5094 https://access.redhat.com/security/cve/CVE-2016-5096 https://access.redhat.com/security/cve/CVE-2016-5114 https://access.redhat.com/security/cve/CVE-2016-5399 https://access.redhat.com/security/cve/CVE-2016-5766 https://access.redhat.com/security/cve/CVE-2016-5767 https://access.redhat.com/security/cve/CVE-2016-5768 https://access.redhat.com/security/cve/CVE-2016-5770 https://access.redhat.com/security/cve/CVE-2016-5771 https://access.redhat.com/security/cve/CVE-2016-5772 https://access.redhat.com/security/cve/CVE-2016-5773 https://access.redhat.com/security/cve/CVE-2016-6128 https://access.redhat.com/security/cve/CVE-2016-6207 https://access.redhat.com/security/cve/CVE-2016-6288 https://access.redhat.com/security/cve/CVE-2016-6289 https://access.redhat.com/security/cve/CVE-2016-6290 https://access.redhat.com/security/cve/CVE-2016-6291 https://access.redhat.com/security/cve/CVE-2016-6292 https://access.redhat.com/security/cve/CVE-2016-6294 https://access.redhat.com/security/cve/CVE-2016-6295 https://access.redhat.com/security/cve/CVE-2016-6296 https://access.redhat.com/security/cve/CVE-2016-6297 https://access.redhat.com/security/cve/CVE-2016-7124 https://access.redhat.com/security/cve/CVE-2016-7125 https://access.redhat.com/security/cve/CVE-2016-7126 https://access.redhat.com/security/cve/CVE-2016-7127 https://access.redhat.com/security/cve/CVE-2016-7128 https://access.redhat.com/security/cve/CVE-2016-7129 https://access.redhat.com/security/cve/CVE-2016-7130 https://access.redhat.com/security/cve/CVE-2016-7131 https://access.redhat.com/security/cve/CVE-2016-7132 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs UCuj+0gWfBsWXOgFhgH0uL8= =FcPG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201603-0113",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.13"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.32"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.19"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.11.4"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3142"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-445"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.5.32",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3142"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2016-3142",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-3142",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-91961",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 4.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.2,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-3142",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-3142",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-445",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-91961",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-3142",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3142"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3142"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-445"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. One of these archive extensions is PHAR, which allows applications to be packaged with a single file that contains everything needed to run the application. A security vulnerability exists in the \u0027phar_parse_zipfile\u0027 function in the zip.c file in PHP 5.5.32 and prior and 5.6.x versions of the PHAR extension prior to 5.6.19. ============================================================================\nUbuntu Security Notice USN-2952-2\nApril 27, 2016\n\nphp5 regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n\nSummary:\n\nUSN-2952-1 caused a regression in PHP. One of the backported patches\ncaused a regression in the PHP Soap client. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that the PHP Zip extension incorrectly handled\n directories when processing certain zip files. A remote attacker could\n possibly use this issue to create arbitrary directories. (CVE-2014-9767)\n  It was discovered that the PHP Soap client incorrectly validated data\n types. \n (CVE-2015-8835, CVE-2016-3185)\n  It was discovered that the PHP MySQL native driver incorrectly handled TLS\n connections to MySQL databases. A man in the middle attacker could possibly\n use this issue to downgrade and snoop on TLS connections. This\n vulnerability is known as BACKRONYM. (CVE-2015-8838)\n  It was discovered that PHP incorrectly handled the imagerotate function. This issue\n only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903)\n  Hans Jerry Illikainen discovered that the PHP phar extension incorrectly\n handled certain tar archives. (CVE-2016-2554)\n  It was discovered that the PHP WDDX extension incorrectly handled certain\n malformed XML data. (CVE-2016-3141)\n  It was discovered that the PHP phar extension incorrectly handled certain\n zip files. \n (CVE-2016-3142)\n  It was discovered that the PHP libxml_disable_entity_loader() setting was\n shared between threads. When running under PHP-FPM, this could result in\n XML external entity injection and entity expansion issues. This issue only\n applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number)\n  It was discovered that the PHP openssl_random_pseudo_bytes() function did\n not return cryptographically strong pseudo-random bytes. (No CVE number)\n  It was discovered that the PHP Fileinfo component incorrectly handled\n certain magic files. (CVE number pending)\n  It was discovered that the PHP php_snmp_error() function incorrectly\n handled string formatting. This issue only applied to Ubuntu 14.04 LTS and Ubuntu\n 15.10. (CVE number pending)\n  It was discovered that the PHP rawurlencode() function incorrectly handled\n large strings. (CVE number pending)\n  It was discovered that the PHP phar extension incorrectly handled certain\n filenames in archives. (CVE number pending)\n  It was discovered that the PHP mb_strcut() function incorrectly handled\n string formatting. (CVE number pending)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libapache2-mod-php5             5.6.11+dfsg-1ubuntu3.3\n  php5-cgi                        5.6.11+dfsg-1ubuntu3.3\n  php5-cli                        5.6.11+dfsg-1ubuntu3.3\n  php5-fpm                        5.6.11+dfsg-1ubuntu3.3\n  php5-gd                         5.6.11+dfsg-1ubuntu3.3\n  php5-mysqlnd                    5.6.11+dfsg-1ubuntu3.3\n  php5-snmp                       5.6.11+dfsg-1ubuntu3.3\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rh-php56 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2016:2750-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2750.html\nIssue date:        2016-11-15\nCVE Names:         CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 \n                   CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 \n                   CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 \n                   CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 \n                   CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 \n                   CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 \n                   CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 \n                   CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 \n                   CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 \n                   CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 \n                   CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 \n                   CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 \n                   CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 \n                   CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 \n                   CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 \n                   CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 \n                   CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 \n                   CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 \n                   CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 \n                   CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 \n                   CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 \n                   CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 \n                   CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 \n                   CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 \n                   CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 \n                   CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 \n                   CVE-2016-7132 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php56, rh-php56-php, and rh-php56-php-pear is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The rh-php56 packages provide a recent stable release of PHP\nwith PEAR 1.9.5 and enhanced language features including constant\nexpressions, variadic functions, arguments unpacking, and the interactive\ndebuger. The memcache, mongo, and XDebug extensions are also included. \n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which\nprovides a number of bug fixes and enhancements over the previous version. \n(BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Under\ncertain circumstances, these issues could cause PHP to crash, disclose\nportions of its memory, execute arbitrary code, or impact PHP application\nintegrity. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-7456,\nCVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867,\nCVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879,\nCVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142,\nCVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342,\nCVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539,\nCVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544,\nCVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399,\nCVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771,\nCVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288,\nCVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294,\nCVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125,\nCVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130,\nCVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the\nrh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted\nregular expression could cause PHP to crash or, possibly, execute arbitrary\ncode. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,\nCVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383,\nCVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391,\nCVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-3074, CVE-2016-4473, and CVE-2016-5399. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch()\n1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23)\n1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)\n1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)\n1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories\n1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)\n1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)\n1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)\n1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)\n1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)\n1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)\n1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)\n1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)\n1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)\n1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c\n1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated\n1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent\n1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives\n1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile()\n1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data\n1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd\n1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method\n1323103 - CVE-2016-4073 php: Negative size parameter in memcpy\n1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \\0 inside name\n1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error()\n1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode\n1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file\n1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads\n1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure\n1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream()\n1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition\n1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input\n1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used\n1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used\n1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow\n1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c\n1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects\n1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches\n1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns\n1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal\n1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread\n1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc\n1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities()\n1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file()\n1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow\n1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec\n1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread\n1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize\n1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351603 - CVE-2016-6128 gd: Invalid color index not properly handled\n1358395 - CVE-2016-5399 php: Improper error handling in bzread()\n1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex\n1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization\n1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment\n1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()\n1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http\n1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize()\n1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c\n1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex\n1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object\n1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability\n1374699 - CVE-2016-7126 php: select_colors write out-of-bounds\n1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access\n1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF\n1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access\n1374707 - CVE-2016-7130 php: wddx_deserialize null dereference\n1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml\n1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-7456\nhttps://access.redhat.com/security/cve/CVE-2014-9767\nhttps://access.redhat.com/security/cve/CVE-2015-2325\nhttps://access.redhat.com/security/cve/CVE-2015-2326\nhttps://access.redhat.com/security/cve/CVE-2015-2327\nhttps://access.redhat.com/security/cve/CVE-2015-2328\nhttps://access.redhat.com/security/cve/CVE-2015-3210\nhttps://access.redhat.com/security/cve/CVE-2015-3217\nhttps://access.redhat.com/security/cve/CVE-2015-5073\nhttps://access.redhat.com/security/cve/CVE-2015-8381\nhttps://access.redhat.com/security/cve/CVE-2015-8383\nhttps://access.redhat.com/security/cve/CVE-2015-8384\nhttps://access.redhat.com/security/cve/CVE-2015-8385\nhttps://access.redhat.com/security/cve/CVE-2015-8386\nhttps://access.redhat.com/security/cve/CVE-2015-8388\nhttps://access.redhat.com/security/cve/CVE-2015-8391\nhttps://access.redhat.com/security/cve/CVE-2015-8392\nhttps://access.redhat.com/security/cve/CVE-2015-8395\nhttps://access.redhat.com/security/cve/CVE-2015-8835\nhttps://access.redhat.com/security/cve/CVE-2015-8865\nhttps://access.redhat.com/security/cve/CVE-2015-8866\nhttps://access.redhat.com/security/cve/CVE-2015-8867\nhttps://access.redhat.com/security/cve/CVE-2015-8873\nhttps://access.redhat.com/security/cve/CVE-2015-8874\nhttps://access.redhat.com/security/cve/CVE-2015-8876\nhttps://access.redhat.com/security/cve/CVE-2015-8877\nhttps://access.redhat.com/security/cve/CVE-2015-8879\nhttps://access.redhat.com/security/cve/CVE-2016-1903\nhttps://access.redhat.com/security/cve/CVE-2016-2554\nhttps://access.redhat.com/security/cve/CVE-2016-3074\nhttps://access.redhat.com/security/cve/CVE-2016-3141\nhttps://access.redhat.com/security/cve/CVE-2016-3142\nhttps://access.redhat.com/security/cve/CVE-2016-4070\nhttps://access.redhat.com/security/cve/CVE-2016-4071\nhttps://access.redhat.com/security/cve/CVE-2016-4072\nhttps://access.redhat.com/security/cve/CVE-2016-4073\nhttps://access.redhat.com/security/cve/CVE-2016-4342\nhttps://access.redhat.com/security/cve/CVE-2016-4343\nhttps://access.redhat.com/security/cve/CVE-2016-4473\nhttps://access.redhat.com/security/cve/CVE-2016-4537\nhttps://access.redhat.com/security/cve/CVE-2016-4538\nhttps://access.redhat.com/security/cve/CVE-2016-4539\nhttps://access.redhat.com/security/cve/CVE-2016-4540\nhttps://access.redhat.com/security/cve/CVE-2016-4541\nhttps://access.redhat.com/security/cve/CVE-2016-4542\nhttps://access.redhat.com/security/cve/CVE-2016-4543\nhttps://access.redhat.com/security/cve/CVE-2016-4544\nhttps://access.redhat.com/security/cve/CVE-2016-5093\nhttps://access.redhat.com/security/cve/CVE-2016-5094\nhttps://access.redhat.com/security/cve/CVE-2016-5096\nhttps://access.redhat.com/security/cve/CVE-2016-5114\nhttps://access.redhat.com/security/cve/CVE-2016-5399\nhttps://access.redhat.com/security/cve/CVE-2016-5766\nhttps://access.redhat.com/security/cve/CVE-2016-5767\nhttps://access.redhat.com/security/cve/CVE-2016-5768\nhttps://access.redhat.com/security/cve/CVE-2016-5770\nhttps://access.redhat.com/security/cve/CVE-2016-5771\nhttps://access.redhat.com/security/cve/CVE-2016-5772\nhttps://access.redhat.com/security/cve/CVE-2016-5773\nhttps://access.redhat.com/security/cve/CVE-2016-6128\nhttps://access.redhat.com/security/cve/CVE-2016-6207\nhttps://access.redhat.com/security/cve/CVE-2016-6288\nhttps://access.redhat.com/security/cve/CVE-2016-6289\nhttps://access.redhat.com/security/cve/CVE-2016-6290\nhttps://access.redhat.com/security/cve/CVE-2016-6291\nhttps://access.redhat.com/security/cve/CVE-2016-6292\nhttps://access.redhat.com/security/cve/CVE-2016-6294\nhttps://access.redhat.com/security/cve/CVE-2016-6295\nhttps://access.redhat.com/security/cve/CVE-2016-6296\nhttps://access.redhat.com/security/cve/CVE-2016-6297\nhttps://access.redhat.com/security/cve/CVE-2016-7124\nhttps://access.redhat.com/security/cve/CVE-2016-7125\nhttps://access.redhat.com/security/cve/CVE-2016-7126\nhttps://access.redhat.com/security/cve/CVE-2016-7127\nhttps://access.redhat.com/security/cve/CVE-2016-7128\nhttps://access.redhat.com/security/cve/CVE-2016-7129\nhttps://access.redhat.com/security/cve/CVE-2016-7130\nhttps://access.redhat.com/security/cve/CVE-2016-7131\nhttps://access.redhat.com/security/cve/CVE-2016-7132\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs\nUCuj+0gWfBsWXOgFhgH0uL8=\n=FcPG\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3142"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      },
      {
        "db": "VULHUB",
        "id": "VHN-91961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3142"
      },
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-3142",
        "trust": 2.9
      },
      {
        "db": "SECTRACK",
        "id": "1035255",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU91632741",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001929",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-445",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "84306",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-91961",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3142",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136823",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139729",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136759",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3142"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      },
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3142"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-445"
      }
    ]
  },
  "id": "VAR-201603-0113",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91961"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:44:21.304000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206567"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206567"
      },
      {
        "title": "Sec Bug #71498",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=71498"
      },
      {
        "title": "Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()",
        "trust": 0.8,
        "url": "https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "https://secure.php.net/changelog-5.php"
      },
      {
        "title": "PHP PHAR Fixes for extended buffer overflow vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60736"
      },
      {
        "title": "Red Hat: CVE-2016-3142",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-3142"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2952-1"
      },
      {
        "title": "Ubuntu Security Notice: php5 regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2952-2"
      },
      {
        "title": "Apple: OS X El Capitan v10.11.5 and Security Update 2016-003",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3c550201b398ce302f3a9adf27215fda"
      },
      {
        "title": "Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162750 - security advisory"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-3142"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-445"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3142"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=71498"
      },
      {
        "trust": 1.8,
        "url": "https://php.net/changelog-5.php"
      },
      {
        "trust": 1.4,
        "url": "http://www.ubuntu.com/usn/usn-2952-1"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2750.html"
      },
      {
        "trust": 1.3,
        "url": "http://www.ubuntu.com/usn/usn-2952-2"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/ht206567"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1035255"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html"
      },
      {
        "trust": 1.0,
        "url": "https://git.php.net/?p=php-src.git%3ba=commit%3bh=a6fdc5bb27b20d889de0cd29318b3968aabb57bd"
      },
      {
        "trust": 0.8,
        "url": "https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3142"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91632741/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3142"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9767"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8838"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3141"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2554"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3142"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2952-1/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1575298"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6288"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5093"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4342"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4473"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5096"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4070"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3185"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.22"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3142"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      },
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3142"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-445"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-91961"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-3142"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      },
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3142"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-445"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-91961"
      },
      {
        "date": "2016-03-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-3142"
      },
      {
        "date": "2016-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      },
      {
        "date": "2016-04-28T00:01:19",
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "date": "2016-11-15T16:44:45",
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "date": "2016-04-21T14:02:00",
        "db": "PACKETSTORM",
        "id": "136759"
      },
      {
        "date": "2016-03-31T16:59:01.210000",
        "db": "NVD",
        "id": "CVE-2016-3142"
      },
      {
        "date": "2016-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-445"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-91961"
      },
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-3142"
      },
      {
        "date": "2016-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      },
      {
        "date": "2023-11-07T02:32:11.727000",
        "db": "NVD",
        "id": "CVE-2016-3142"
      },
      {
        "date": "2016-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-445"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136823"
      },
      {
        "db": "PACKETSTORM",
        "id": "136759"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-445"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  PHAR Extension  zip.c Inside  phar_parse_zipfile Vulnerabilities that capture important information in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001929"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-445"
      }
    ],
    "trust": 0.6
  }
}

var-202002-0084
Vulnerability from variot

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. PHP is prone to an 'open_basedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to read and write files in unauthorized locations. This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. In such cases, 'open_basedir' restrictions are expected to isolate users from each other. PHP 5.2.11 and 5.3.0 are vulnerable; other versions may also be affected. Successful exploits will allow attackers to make the applications that use the affected library, unresponsive, denying service to legitimate users. The libc library of the following platforms are affected: NetBSD 5.1 OpenBSD 5.0 FreeBSD 8.2 Apple Mac OSX Other versions may also be affected. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0084",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.7.2"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.0"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "5.0"
      },
      {
        "model": "freebsd",
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "openbsd",
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": "php",
        "scope": null,
        "trust": 0.8,
        "vendor": "the php group",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.9"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.12"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.10",
                "versionStartIncluding": "5.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.7.2",
                "versionStartIncluding": "10.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:8.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:openbsd:openbsd:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maksymilian Arciemowicz",
    "sources": [
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ],
    "trust": 1.2
  },
  "cve": "CVE-2011-3336",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2011-005609",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-51281",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2011-005609",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-3336",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2011-005609",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201111-154",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-51281",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. PHP is prone to an  \u0027open_basedir\u0027 restriction-bypass vulnerability because of a design error. \nSuccessful exploits could allow an attacker to read and write files in unauthorized locations. \nThis vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. In such cases, \u0027open_basedir\u0027 restrictions are expected to isolate users from each other. \nPHP 5.2.11 and 5.3.0 are vulnerable; other versions may also be affected. \nSuccessful exploits will allow attackers to make the applications that use the affected library, unresponsive, denying service to legitimate users. \nThe libc library of the following platforms are affected:\nNetBSD 5.1\nOpenBSD 5.0\nFreeBSD 8.2\nApple Mac OSX\nOther versions may also be affected. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-51281",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-3336",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "50541",
        "trust": 2.0
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2011110082",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154",
        "trust": 0.7
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2012030272",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "37032",
        "trust": 0.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "36288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106589",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-51281",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ]
  },
  "id": "VAR-202002-0084",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:04:51.356000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.apple.com/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.freebsd.org/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.openbsd.org/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.php.net/"
      },
      {
        "title": "NetBSD/OpenBSD/FreeBSD/Apple Multiple vendors libc Library Stack Lost Denial of Service Vulnerability Fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108022"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.securityfocus.com/archive/1/520390"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/50541"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2014/mar/166"
      },
      {
        "trust": 1.7,
        "url": "https://cxsecurity.com/issue/wlb-2011110082"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3336"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3336"
      },
      {
        "trust": 0.6,
        "url": "http://cxsecurity.com/issue/wlb-2012030272"
      },
      {
        "trust": 0.3,
        "url": "http://securityreason.com/achievement_securityalert/70"
      },
      {
        "trust": 0.3,
        "url": "http://securityreason.com/achievement_exploitalert/14"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://securityreason.com/achievement_securityalert/102"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/520390"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "date": "2009-11-13T00:00:00",
        "db": "BID",
        "id": "37032"
      },
      {
        "date": "2011-11-04T00:00:00",
        "db": "BID",
        "id": "50541"
      },
      {
        "date": "2020-03-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "date": "2020-02-12T20:15:13.353000",
        "db": "NVD",
        "id": "CVE-2011-3336"
      },
      {
        "date": "1900-01-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "date": "2015-03-19T08:39:00",
        "db": "BID",
        "id": "37032"
      },
      {
        "date": "2014-03-17T11:35:00",
        "db": "BID",
        "id": "50541"
      },
      {
        "date": "2020-03-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "date": "2020-02-18T19:49:54.197000",
        "db": "NVD",
        "id": "CVE-2011-3336"
      },
      {
        "date": "2021-07-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "regcomp of  BSD implementation Resource exhaustion vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ],
    "trust": 0.6
  }
}

var-201205-0311
Vulnerability from variot

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-03


                                        http://security.gentoo.org/

Severity: High Title: PHP: Multiple vulnerabilities Date: September 24, 2012 Bugs: #384301, #396311, #396533, #399247, #399567, #399573, #401997, #410957, #414553, #421489, #427354, #429630 ID: 201209-03


Synopsis

Multiple vulnerabilities were found in PHP, the worst of which lead to remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 5.3.15 >= 5.3.15 < 5.4.5 >= 5.4.5 ------------------------------------------------------------------- # Package 1 only applies to users of these architectures: arm

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.15"

All PHP users on ARM should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.5"

References

[ 1 ] CVE-2011-1398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1398 [ 2 ] CVE-2011-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3379 [ 3 ] CVE-2011-4566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4566 [ 4 ] CVE-2011-4885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4885 [ 5 ] CVE-2012-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0057 [ 6 ] CVE-2012-0788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0788 [ 7 ] CVE-2012-0789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0789 [ 8 ] CVE-2012-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0830 [ 9 ] CVE-2012-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0831 [ 10 ] CVE-2012-1172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1172 [ 11 ] CVE-2012-1823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1823 [ 12 ] CVE-2012-2143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2143 [ 13 ] CVE-2012-2311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2311 [ 14 ] CVE-2012-2335 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2335 [ 15 ] CVE-2012-2336 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2336 [ 16 ] CVE-2012-2386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2386 [ 17 ] CVE-2012-2688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2688 [ 18 ] CVE-2012-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3365 [ 19 ] CVE-2012-3450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3450

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201209-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . Please refer to the following Mandriva advisories for further information: MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180, MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03839862

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03839862 Version: 1

HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2013-07-18 Last Updated: 2013-07-18

Potential Security Impact: Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain extended privileges, disclosure of information, unauthorized access, XSS

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS.

References: CVE-2011-3389 (SSRT100740) Remote disclosure of information CVE-2012-0883 (SSRT101209) Remote gain extended privileges CVE-2012-2110 (SSRT101210) Remote Denial of Service (DoS) CVE-2012-2311 (SSRT100992) Remote execution of arbitrary code CVE-2012-2329 (SSRT100992) Remote Denial of Service (DoS) CVE-2012-2335 (SSRT100992) Remote execution of arbitrary code CVE-2012-2336 (SSRT100992) Remote Denial of Service (DoS) CVE-2013-2355 (SSRT100696) Remote unauthorized Access CVE-2013-2356 (SSRT100835) Remote disclosure of information CVE-2013-2357 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2358 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2359 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2360 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2361 (SSRT101007) XSS CVE-2013-2362 (SSRT101076, ZDI-CAN-1676) Local Denial of Service (DoS) CVE-2013-2363 (SSRT101150) Remote disclosure of information CVE-2013-2364 (SSRT101151) XSS CVE-2013-5217 (SSRT101137) Remote unauthorized access

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-2110 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2329 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-2335 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2336 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2355 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-2356 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8 CVE-2013-2357 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2358 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2359 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2360 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2361 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2362 (AV:L/AC:H/Au:S/C:N/I:N/A:P) 1.0 CVE-2013-2363 (AV:N/AC:H/Au:N/C:C/I:N/A:P) 6.1 CVE-2013-2364 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0 CVE-2013-5217 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

The Hewlett-Packard Company thanks agix for working with the TippingPoint Zero Day Initiative to report vulnerability CVE-2013-2362 to security-alert@hp.com

RESOLUTION

HP has made System Management Homepage (SMH) v7.2.1 or subsequent available for Windows and Linux to resolve the vulnerabilities.

Information and updates for SMH can be found at the following location:

http://h18013.www1.hp.com/products/servers/management/agents/index.html

HISTORY Version:1 (rev.1) - 18 July 2013 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlHoGuMACgkQ4B86/C0qfVmlbwCg5muoKwOcRb0N/+BZa47f7lC9 CCoAoJo1hIDxLxljNZM2GDOcYGgJi1hH =kSG1 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2012:068-1 http://www.mandriva.com/security/


Package : php Date : May 10, 2012 Affected: 2010.1, 2011.


Problem Description:

A vulnerability has been found and corrected in php(-cgi):

PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files.

The updated packages have been patched to correct this issue.

Update:

It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete (CVE-2012-2335, CVE-2012-2336). The updated packages provides the latest version (5.3.13) which provides a solution to this flaw.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2336 https://bugs.php.net/bug.php?id=61910 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ http://www.openwall.com/lists/oss-security/2012/05/09/9


Updated Packages:

Mandriva Linux 2010.1: 140d36ed5578274826846a0ff7ca05a9 2010.1/i586/apache-mod_php-5.3.13-0.1mdv2010.2.i586.rpm 24775050f82b736c2133fc30f93e809e 2010.1/i586/libphp5_common5-5.3.13-0.1mdv2010.2.i586.rpm f3fb19456fe4b8fd41f4306c007e85fb 2010.1/i586/php-bcmath-5.3.13-0.1mdv2010.2.i586.rpm 99a812ad5970bc37414909de5ef578fa 2010.1/i586/php-bz2-5.3.13-0.1mdv2010.2.i586.rpm 634f717747ee4db7cdd19a93ffd2d5ef 2010.1/i586/php-calendar-5.3.13-0.1mdv2010.2.i586.rpm 3429fa2b956f67b8602489e4b7d3757a 2010.1/i586/php-cgi-5.3.13-0.1mdv2010.2.i586.rpm 51a1d975e31b445ef71901cd04d8fd3a 2010.1/i586/php-cli-5.3.13-0.1mdv2010.2.i586.rpm ba763fffd3798434cb0cde5c8f7a8891 2010.1/i586/php-ctype-5.3.13-0.1mdv2010.2.i586.rpm ebf996e845619b26515e6f3e828c8fbf 2010.1/i586/php-curl-5.3.13-0.1mdv2010.2.i586.rpm ec57b30c43f5678b8cd822fd85df5e34 2010.1/i586/php-dba-5.3.13-0.1mdv2010.2.i586.rpm 85799e72a9511c0f54ff2435fba0aaab 2010.1/i586/php-devel-5.3.13-0.1mdv2010.2.i586.rpm 823c9544385c894e4c5edd1b52bf4e92 2010.1/i586/php-doc-5.3.13-0.1mdv2010.2.i586.rpm 5d753655d5615e92db188468903b8d16 2010.1/i586/php-dom-5.3.13-0.1mdv2010.2.i586.rpm 705fbff48501d08bae719a2d7841d8c2 2010.1/i586/php-enchant-5.3.13-0.1mdv2010.2.i586.rpm 4f78075bddc8fa173a7384e545e3cd5c 2010.1/i586/php-exif-5.3.13-0.1mdv2010.2.i586.rpm e8fefd604fd5006361419135c9059076 2010.1/i586/php-fileinfo-5.3.13-0.1mdv2010.2.i586.rpm bc65e927149d5277ad634b0bad8a868a 2010.1/i586/php-filter-5.3.13-0.1mdv2010.2.i586.rpm ea6a6fd721db888225dfea83a0ad99d9 2010.1/i586/php-fpm-5.3.13-0.1mdv2010.2.i586.rpm 7fb6a2914e72a63ec9401c9662f9bc2b 2010.1/i586/php-ftp-5.3.13-0.1mdv2010.2.i586.rpm 0df19020817d838aba51f052c29f6532 2010.1/i586/php-gd-5.3.13-0.1mdv2010.2.i586.rpm 5ce28c873da3fc5e0feda8e3cad2247a 2010.1/i586/php-gettext-5.3.13-0.1mdv2010.2.i586.rpm acbe524bfc8e156906c70124496a3161 2010.1/i586/php-gmp-5.3.13-0.1mdv2010.2.i586.rpm d03bc0f91411297408ac3dbbd5c426b3 2010.1/i586/php-hash-5.3.13-0.1mdv2010.2.i586.rpm 19bc92bd8b1a4ea4b86b497f5f48933c 2010.1/i586/php-iconv-5.3.13-0.1mdv2010.2.i586.rpm a891fe8d9bcbbfc4458fb31a23720338 2010.1/i586/php-imap-5.3.13-0.1mdv2010.2.i586.rpm edec73af34ecb6b42ed0a14dadb8949d 2010.1/i586/php-ini-5.3.13-0.1mdv2010.2.i586.rpm 529135563f982966be228d0e7055a97d 2010.1/i586/php-intl-5.3.13-0.1mdv2010.2.i586.rpm 2de32f3e7d7da5e06a83f9bf8eac6318 2010.1/i586/php-json-5.3.13-0.1mdv2010.2.i586.rpm 2b4f232c6bd026de886d8199dba4c2f2 2010.1/i586/php-ldap-5.3.13-0.1mdv2010.2.i586.rpm c14fe2ed7cfeb5320fed29676af9e682 2010.1/i586/php-mbstring-5.3.13-0.1mdv2010.2.i586.rpm 606e65e002f946dcf9fa8f7f3950f81d 2010.1/i586/php-mcrypt-5.3.13-0.1mdv2010.2.i586.rpm 84e35a42b7861251869a439b0031f225 2010.1/i586/php-mssql-5.3.13-0.1mdv2010.2.i586.rpm 95caf9f4d272fdeae006851e482a2461 2010.1/i586/php-mysql-5.3.13-0.1mdv2010.2.i586.rpm 5bb6f61f906e8572f66cbbcb0a3a667b 2010.1/i586/php-mysqli-5.3.13-0.1mdv2010.2.i586.rpm 28e5bdd198862a80dfea2ab9e86b9678 2010.1/i586/php-mysqlnd-5.3.13-0.1mdv2010.2.i586.rpm 802e12a27b7256dbba5b9029e7bbb00b 2010.1/i586/php-odbc-5.3.13-0.1mdv2010.2.i586.rpm f3f2b22190a0180e4adddd36ac43b808 2010.1/i586/php-openssl-5.3.13-0.1mdv2010.2.i586.rpm 850ed2a02899e7ef950368f1e6936e7b 2010.1/i586/php-pcntl-5.3.13-0.1mdv2010.2.i586.rpm 128bc6c67ee8960e29c893a0a210f967 2010.1/i586/php-pdo-5.3.13-0.1mdv2010.2.i586.rpm 31d3d8d11a8ec860ff748b4491ed637d 2010.1/i586/php-pdo_dblib-5.3.13-0.1mdv2010.2.i586.rpm 840fd711e567a690f46a5aa686a47019 2010.1/i586/php-pdo_mysql-5.3.13-0.1mdv2010.2.i586.rpm 6b979eef99f357fc4e283c98c5ef96ea 2010.1/i586/php-pdo_odbc-5.3.13-0.1mdv2010.2.i586.rpm 9b5d0ca325bbfcf6b87f74748caceb76 2010.1/i586/php-pdo_pgsql-5.3.13-0.1mdv2010.2.i586.rpm 70c688be75e34b79a9a35462570a2ada 2010.1/i586/php-pdo_sqlite-5.3.13-0.1mdv2010.2.i586.rpm e67f4f8ded56378452b8a548b126266b 2010.1/i586/php-pgsql-5.3.13-0.1mdv2010.2.i586.rpm 4d26258bb774b1d9aff74d3fdc1e3c2c 2010.1/i586/php-phar-5.3.13-0.1mdv2010.2.i586.rpm 74bc08429969529762425997772f8a5d 2010.1/i586/php-posix-5.3.13-0.1mdv2010.2.i586.rpm e697d56093f50bbde693541d67b7566c 2010.1/i586/php-pspell-5.3.13-0.1mdv2010.2.i586.rpm 0fc94be46e664a52fbc9111958cd4146 2010.1/i586/php-readline-5.3.13-0.1mdv2010.2.i586.rpm af7e1bb5a2722063cc52af223dc90787 2010.1/i586/php-recode-5.3.13-0.1mdv2010.2.i586.rpm fee14325fb3a764988c4e2a69c7938b4 2010.1/i586/php-session-5.3.13-0.1mdv2010.2.i586.rpm e89aba4b7dec345be125261046d31b92 2010.1/i586/php-shmop-5.3.13-0.1mdv2010.2.i586.rpm 69f2a66fef9892c0405d3a03c72096b2 2010.1/i586/php-snmp-5.3.13-0.1mdv2010.2.i586.rpm 4db2b4b3d7670603b5922a122dc975aa 2010.1/i586/php-soap-5.3.13-0.1mdv2010.2.i586.rpm e02779584cc1c588d75346f6995ad5a6 2010.1/i586/php-sockets-5.3.13-0.1mdv2010.2.i586.rpm aae3b1c32441f481c49f7f38c1c96294 2010.1/i586/php-sqlite3-5.3.13-0.1mdv2010.2.i586.rpm b4255e1825f289410b71b6a210229b8e 2010.1/i586/php-sqlite-5.3.13-0.1mdv2010.2.i586.rpm dd54ede221fd579f1ebd81be6930010b 2010.1/i586/php-sybase_ct-5.3.13-0.1mdv2010.2.i586.rpm 4bdebc41d1b654e904d39c8f89be51a2 2010.1/i586/php-sysvmsg-5.3.13-0.1mdv2010.2.i586.rpm 3d485895eca51f5f801323baf1f0f8bf 2010.1/i586/php-sysvsem-5.3.13-0.1mdv2010.2.i586.rpm a5c65e02a46da5f9a1be3235565926a3 2010.1/i586/php-sysvshm-5.3.13-0.1mdv2010.2.i586.rpm 1a1e6a0a91388e7113f2774bb0f16c01 2010.1/i586/php-tidy-5.3.13-0.1mdv2010.2.i586.rpm cf565e35c341273ed2b4378c9f0980c8 2010.1/i586/php-tokenizer-5.3.13-0.1mdv2010.2.i586.rpm b1fd12591b6500464a97eb2ae47b2f60 2010.1/i586/php-wddx-5.3.13-0.1mdv2010.2.i586.rpm f0f801ce893ad8eb55bb21d010af641a 2010.1/i586/php-xml-5.3.13-0.1mdv2010.2.i586.rpm 055873d10551544750bd05555cc63155 2010.1/i586/php-xmlreader-5.3.13-0.1mdv2010.2.i586.rpm 69a6e3930ed1b2d1ddac5df5719bc6d6 2010.1/i586/php-xmlrpc-5.3.13-0.1mdv2010.2.i586.rpm de7f360c56f74b036ea924d9f7c76b59 2010.1/i586/php-xmlwriter-5.3.13-0.1mdv2010.2.i586.rpm 4cbd130cf269dd2769dd084322eaf77a 2010.1/i586/php-xsl-5.3.13-0.1mdv2010.2.i586.rpm 1d32b52e968a2bd7c4ff6b640f38ae36 2010.1/i586/php-zip-5.3.13-0.1mdv2010.2.i586.rpm 9508241b048c6acc033c16494f797289 2010.1/i586/php-zlib-5.3.13-0.1mdv2010.2.i586.rpm cd0e0682df60061148366ab6b10394d2 2010.1/SRPMS/apache-mod_php-5.3.13-0.1mdv2010.2.src.rpm f454d177e9bd631df2a4eeca3d33fe38 2010.1/SRPMS/php-5.3.13-0.1mdv2010.2.src.rpm 281be8fe2bb8cd404ade445f64c616da 2010.1/SRPMS/php-ini-5.3.13-0.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64: 5c32f90215090901240e661f8e2224a9 2010.1/x86_64/apache-mod_php-5.3.13-0.1mdv2010.2.x86_64.rpm c21032781b826fe3a8202eff5b7ef8b5 2010.1/x86_64/lib64php5_common5-5.3.13-0.1mdv2010.2.x86_64.rpm a2d0b2b43aa856d5872679d455e56a1e 2010.1/x86_64/php-bcmath-5.3.13-0.1mdv2010.2.x86_64.rpm 5421084c1b946cb2c5eeebfed07ac829 2010.1/x86_64/php-bz2-5.3.13-0.1mdv2010.2.x86_64.rpm 48aa03dcba36a09689dc6c7f2497741c 2010.1/x86_64/php-calendar-5.3.13-0.1mdv2010.2.x86_64.rpm c503b930c9d60cbd4d4ea58d8a6deda7 2010.1/x86_64/php-cgi-5.3.13-0.1mdv2010.2.x86_64.rpm 228b72cbf197c817d866d1fe3c7ed6b2 2010.1/x86_64/php-cli-5.3.13-0.1mdv2010.2.x86_64.rpm c9435be90a6e5fae1a980109c9bc9aca 2010.1/x86_64/php-ctype-5.3.13-0.1mdv2010.2.x86_64.rpm 0eb2e95722b4af3006f560c8441d687f 2010.1/x86_64/php-curl-5.3.13-0.1mdv2010.2.x86_64.rpm ccebc661c63d1028540c1212de90bbae 2010.1/x86_64/php-dba-5.3.13-0.1mdv2010.2.x86_64.rpm 2edc5f5c47a0ee2bbf001fae9024849f 2010.1/x86_64/php-devel-5.3.13-0.1mdv2010.2.x86_64.rpm 3b3eeb211bf45ede0abaae347d8bc745 2010.1/x86_64/php-doc-5.3.13-0.1mdv2010.2.x86_64.rpm 29f9a4fcee784caeaa54d88ae6f1fda9 2010.1/x86_64/php-dom-5.3.13-0.1mdv2010.2.x86_64.rpm eda0d150731e178912024b0ff6665835 2010.1/x86_64/php-enchant-5.3.13-0.1mdv2010.2.x86_64.rpm cf52bd1d68b75ba6841fe6258b9a1f69 2010.1/x86_64/php-exif-5.3.13-0.1mdv2010.2.x86_64.rpm 0243226aa4bf036a4054b48966f80cf3 2010.1/x86_64/php-fileinfo-5.3.13-0.1mdv2010.2.x86_64.rpm a5bca21277b5c72133340ea059cf0df0 2010.1/x86_64/php-filter-5.3.13-0.1mdv2010.2.x86_64.rpm 3c7007006b1d93d8c96e86dcf27ea38b 2010.1/x86_64/php-fpm-5.3.13-0.1mdv2010.2.x86_64.rpm f9549d4ed2973e5c1519546e971fd81a 2010.1/x86_64/php-ftp-5.3.13-0.1mdv2010.2.x86_64.rpm c7231a7117abab68e8c4d1a3f6a80ccb 2010.1/x86_64/php-gd-5.3.13-0.1mdv2010.2.x86_64.rpm 0ca2c9679c082508a4c2b007ec5a8c46 2010.1/x86_64/php-gettext-5.3.13-0.1mdv2010.2.x86_64.rpm 7d0de98a757251e874aff11ab76db12b 2010.1/x86_64/php-gmp-5.3.13-0.1mdv2010.2.x86_64.rpm 8757a89019988ab9b689c282ae06cf01 2010.1/x86_64/php-hash-5.3.13-0.1mdv2010.2.x86_64.rpm 996f5bcb88fc855db3cc4c779897a9ad 2010.1/x86_64/php-iconv-5.3.13-0.1mdv2010.2.x86_64.rpm 1580fd0ebb4ff0bd0e3c2a6e8925fc8a 2010.1/x86_64/php-imap-5.3.13-0.1mdv2010.2.x86_64.rpm 89a3915683d63a757fa29e53fadf0e1d 2010.1/x86_64/php-ini-5.3.13-0.1mdv2010.2.x86_64.rpm 38115fadfb51fdfd10ea14def4d9143d 2010.1/x86_64/php-intl-5.3.13-0.1mdv2010.2.x86_64.rpm 06aaaa6c43d85283ba31e079f9e1e0e0 2010.1/x86_64/php-json-5.3.13-0.1mdv2010.2.x86_64.rpm b9f6e00a0ac3916b91442ed6c62ad440 2010.1/x86_64/php-ldap-5.3.13-0.1mdv2010.2.x86_64.rpm 9b634f67d80ba028247dafe559276859 2010.1/x86_64/php-mbstring-5.3.13-0.1mdv2010.2.x86_64.rpm bd39ac4808035578dec2e24a98457b03 2010.1/x86_64/php-mcrypt-5.3.13-0.1mdv2010.2.x86_64.rpm 4acc008044469403769de09af155f0d5 2010.1/x86_64/php-mssql-5.3.13-0.1mdv2010.2.x86_64.rpm 8d5826fa6ba3dcaf214839a654e74659 2010.1/x86_64/php-mysql-5.3.13-0.1mdv2010.2.x86_64.rpm ea0e352e2900b493b9d355257ec99a4e 2010.1/x86_64/php-mysqli-5.3.13-0.1mdv2010.2.x86_64.rpm 40b23996dd377b3699ca230f30451e09 2010.1/x86_64/php-mysqlnd-5.3.13-0.1mdv2010.2.x86_64.rpm 4a49bad04937598951093dbf1e57eb19 2010.1/x86_64/php-odbc-5.3.13-0.1mdv2010.2.x86_64.rpm ef337452c999c609f38511b30424aa95 2010.1/x86_64/php-openssl-5.3.13-0.1mdv2010.2.x86_64.rpm 8adda9b3ac67749c4cbbca498fe97042 2010.1/x86_64/php-pcntl-5.3.13-0.1mdv2010.2.x86_64.rpm aab08edd87702937cc87e3eea9683e04 2010.1/x86_64/php-pdo-5.3.13-0.1mdv2010.2.x86_64.rpm b769d4729112be42057acbecc42784fd 2010.1/x86_64/php-pdo_dblib-5.3.13-0.1mdv2010.2.x86_64.rpm 51f45520e81ae006da36c27e9ff23d29 2010.1/x86_64/php-pdo_mysql-5.3.13-0.1mdv2010.2.x86_64.rpm 337fef4ac991f694fbc52f1b51292f0e 2010.1/x86_64/php-pdo_odbc-5.3.13-0.1mdv2010.2.x86_64.rpm ee046601f134c275c1c5394156868176 2010.1/x86_64/php-pdo_pgsql-5.3.13-0.1mdv2010.2.x86_64.rpm f1b25be0d7a2e6948dd6d95776da6f27 2010.1/x86_64/php-pdo_sqlite-5.3.13-0.1mdv2010.2.x86_64.rpm c61a1bc81075ebfc94e820984597774b 2010.1/x86_64/php-pgsql-5.3.13-0.1mdv2010.2.x86_64.rpm 11bed7992443f01305ad4ce8304e9f07 2010.1/x86_64/php-phar-5.3.13-0.1mdv2010.2.x86_64.rpm dd6008750a431325112944e3a5783d0c 2010.1/x86_64/php-posix-5.3.13-0.1mdv2010.2.x86_64.rpm f5531db71580b0c17c5796cfd79f4020 2010.1/x86_64/php-pspell-5.3.13-0.1mdv2010.2.x86_64.rpm 80c9841836ea5246babb676ce79adb9d 2010.1/x86_64/php-readline-5.3.13-0.1mdv2010.2.x86_64.rpm 6271ebd8132c7d94513646d0bbfedf15 2010.1/x86_64/php-recode-5.3.13-0.1mdv2010.2.x86_64.rpm 77e395b19c6068c941cc1ee1c89e15c6 2010.1/x86_64/php-session-5.3.13-0.1mdv2010.2.x86_64.rpm b310511e16b059f753cef3fbe39a35b0 2010.1/x86_64/php-shmop-5.3.13-0.1mdv2010.2.x86_64.rpm 70b99d0120ea8c6018a327996314ab49 2010.1/x86_64/php-snmp-5.3.13-0.1mdv2010.2.x86_64.rpm 33f829a30afaeab74203389d8a48a2d9 2010.1/x86_64/php-soap-5.3.13-0.1mdv2010.2.x86_64.rpm 64295e56e1c81c3322aa49bd1bf2d838 2010.1/x86_64/php-sockets-5.3.13-0.1mdv2010.2.x86_64.rpm 9afd6ba7da1e9ffa58a33c822eeb6a9d 2010.1/x86_64/php-sqlite3-5.3.13-0.1mdv2010.2.x86_64.rpm 8f8e7ee68199f5fdb8867b10d8cede5a 2010.1/x86_64/php-sqlite-5.3.13-0.1mdv2010.2.x86_64.rpm 84d824d25bcd058301b8a8cac4eece97 2010.1/x86_64/php-sybase_ct-5.3.13-0.1mdv2010.2.x86_64.rpm cdd27855aa2b685fba70fea949d0f8f5 2010.1/x86_64/php-sysvmsg-5.3.13-0.1mdv2010.2.x86_64.rpm 47714ed1a09513b0fa4016fed1faf374 2010.1/x86_64/php-sysvsem-5.3.13-0.1mdv2010.2.x86_64.rpm 878cc21a21bcb9120f0c60d0dc3c848d 2010.1/x86_64/php-sysvshm-5.3.13-0.1mdv2010.2.x86_64.rpm ed7017d81df4e68da01f9d790c5e9e75 2010.1/x86_64/php-tidy-5.3.13-0.1mdv2010.2.x86_64.rpm e2dbcbefd496f408e56c5072938f62d6 2010.1/x86_64/php-tokenizer-5.3.13-0.1mdv2010.2.x86_64.rpm c629479463912ae1d91c4399e5b05f67 2010.1/x86_64/php-wddx-5.3.13-0.1mdv2010.2.x86_64.rpm 5a71b4a2a66aa994585f3372f13ad969 2010.1/x86_64/php-xml-5.3.13-0.1mdv2010.2.x86_64.rpm 9e99f81386d263bf395a4462ce3333f8 2010.1/x86_64/php-xmlreader-5.3.13-0.1mdv2010.2.x86_64.rpm 76c565d3fdcba0133b6c25a914a4fed3 2010.1/x86_64/php-xmlrpc-5.3.13-0.1mdv2010.2.x86_64.rpm af3b32c6d60342fb5c7a7c455f647f34 2010.1/x86_64/php-xmlwriter-5.3.13-0.1mdv2010.2.x86_64.rpm 31a1efcba8488b85ec31054bea181262 2010.1/x86_64/php-xsl-5.3.13-0.1mdv2010.2.x86_64.rpm d3b08c3d48baefa3ee14632b876100fb 2010.1/x86_64/php-zip-5.3.13-0.1mdv2010.2.x86_64.rpm a6a3b117484b1bb2e7d449c08fa49b46 2010.1/x86_64/php-zlib-5.3.13-0.1mdv2010.2.x86_64.rpm cd0e0682df60061148366ab6b10394d2 2010.1/SRPMS/apache-mod_php-5.3.13-0.1mdv2010.2.src.rpm f454d177e9bd631df2a4eeca3d33fe38 2010.1/SRPMS/php-5.3.13-0.1mdv2010.2.src.rpm 281be8fe2bb8cd404ade445f64c616da 2010.1/SRPMS/php-ini-5.3.13-0.1mdv2010.2.src.rpm

Mandriva Linux 2011: 35cdd956ce62db7548d2626d8a8f7ae8 2011/i586/apache-mod_php-5.3.13-0.1-mdv2011.0.i586.rpm dd02a276ddca3ae7ad754e19a41e8ff8 2011/i586/libphp5_common5-5.3.13-0.1-mdv2011.0.i586.rpm 7a8feff11aa910f94074c57b54a124d6 2011/i586/php-bcmath-5.3.13-0.1-mdv2011.0.i586.rpm 3c70edc391c1c8fb7845f81f3b3f5bac 2011/i586/php-bz2-5.3.13-0.1-mdv2011.0.i586.rpm d8020203023aaf02a30b22559d5a67c7 2011/i586/php-calendar-5.3.13-0.1-mdv2011.0.i586.rpm e0f010a7d61cf27e13a486ff6e5d6ce4 2011/i586/php-cgi-5.3.13-0.1-mdv2011.0.i586.rpm 345ee6e60bc1973f0049ab25f7dc3557 2011/i586/php-cli-5.3.13-0.1-mdv2011.0.i586.rpm c4e851c0260ad96797ca56deb2b6f3c7 2011/i586/php-ctype-5.3.13-0.1-mdv2011.0.i586.rpm 073d81d6531862861015cf7f53173045 2011/i586/php-curl-5.3.13-0.1-mdv2011.0.i586.rpm 1330fd10a3bdd3787913db7795054819 2011/i586/php-dba-5.3.13-0.1-mdv2011.0.i586.rpm b6d0fefa9206b7cd3f4c73744c324906 2011/i586/php-devel-5.3.13-0.1-mdv2011.0.i586.rpm 32a9567d7a61d6f35654e8d33baec58a 2011/i586/php-doc-5.3.13-0.1-mdv2011.0.i586.rpm 149566d373265e732f1ec3140d11cac2 2011/i586/php-dom-5.3.13-0.1-mdv2011.0.i586.rpm 6f4b1fe24a35809c93e9489347c448bb 2011/i586/php-enchant-5.3.13-0.1-mdv2011.0.i586.rpm 44f27021f7ff8202f5f34a8b0720be5b 2011/i586/php-exif-5.3.13-0.1-mdv2011.0.i586.rpm 5d32e3e7dc217fd69b6dc99dffb747f7 2011/i586/php-fileinfo-5.3.13-0.1-mdv2011.0.i586.rpm 043c17fad24c3113600799c63c5dde18 2011/i586/php-filter-5.3.13-0.1-mdv2011.0.i586.rpm 08c16e8ec2f1c821df8090c38c43809b 2011/i586/php-fpm-5.3.13-0.1-mdv2011.0.i586.rpm 209b4baf966b45cb48790e7a020b1aa9 2011/i586/php-ftp-5.3.13-0.1-mdv2011.0.i586.rpm eac85767ff89fcf822b2c2cf408b2aca 2011/i586/php-gd-5.3.13-0.1-mdv2011.0.i586.rpm 7c7c5ab6370c934b727dac2ad1c9bd33 2011/i586/php-gettext-5.3.13-0.1-mdv2011.0.i586.rpm babb1410dd897504ec526243789fd749 2011/i586/php-gmp-5.3.13-0.1-mdv2011.0.i586.rpm 63feb83eda18663f3ae28fee522a79c8 2011/i586/php-hash-5.3.13-0.1-mdv2011.0.i586.rpm a8aad04e3c20f9223832632f412c4c69 2011/i586/php-iconv-5.3.13-0.1-mdv2011.0.i586.rpm 22f5f2b807af8ea7445e8682f6718ab2 2011/i586/php-imap-5.3.13-0.1-mdv2011.0.i586.rpm ff780d80135cc18647edecdde6b77e16 2011/i586/php-ini-5.3.13-0.1-mdv2011.0.i586.rpm 10475ddafeeb384ae3afb7f5d2d1afa8 2011/i586/php-intl-5.3.13-0.1-mdv2011.0.i586.rpm e3261da452695aed46718ec06a1f17ed 2011/i586/php-json-5.3.13-0.1-mdv2011.0.i586.rpm f6238f4f4566582418666333eb797994 2011/i586/php-ldap-5.3.13-0.1-mdv2011.0.i586.rpm 9ae1d9fc8320fa272fa56484f425e7d8 2011/i586/php-mbstring-5.3.13-0.1-mdv2011.0.i586.rpm 86710277f0bca955ced6610b199fcf16 2011/i586/php-mcrypt-5.3.13-0.1-mdv2011.0.i586.rpm a9dad85e7658b897bcd9a3c088a71168 2011/i586/php-mssql-5.3.13-0.1-mdv2011.0.i586.rpm 66063a764c3a2b90143c5653c0f1dd2c 2011/i586/php-mysql-5.3.13-0.1-mdv2011.0.i586.rpm c7993bdf0b9ceaf4f2fa86dbc558ddfb 2011/i586/php-mysqli-5.3.13-0.1-mdv2011.0.i586.rpm afcd3e1e62498bffaa9432c5d5c505f5 2011/i586/php-mysqlnd-5.3.13-0.1-mdv2011.0.i586.rpm 21a837c5413d3e89b7747b70b343ff39 2011/i586/php-odbc-5.3.13-0.1-mdv2011.0.i586.rpm 9653980157e82a7cc1fcb428e6a11831 2011/i586/php-openssl-5.3.13-0.1-mdv2011.0.i586.rpm 2a7283323df15b449a0911147e4e120a 2011/i586/php-pcntl-5.3.13-0.1-mdv2011.0.i586.rpm 5943398e22f4b3aab9fb741e7b6a8014 2011/i586/php-pdo-5.3.13-0.1-mdv2011.0.i586.rpm 4a8632f0605a849c61148479c3dce11c 2011/i586/php-pdo_dblib-5.3.13-0.1-mdv2011.0.i586.rpm 90bfc85fce2cf88d5cc7e9d383bac674 2011/i586/php-pdo_mysql-5.3.13-0.1-mdv2011.0.i586.rpm 13a2e35fe9389ceff1bd86915d4fbb45 2011/i586/php-pdo_odbc-5.3.13-0.1-mdv2011.0.i586.rpm bd5ac6d3de510f5648e0796262ee0284 2011/i586/php-pdo_pgsql-5.3.13-0.1-mdv2011.0.i586.rpm c8a144f194b2e263d30d42549ef72df7 2011/i586/php-pdo_sqlite-5.3.13-0.1-mdv2011.0.i586.rpm 9fc72c845adc2c8b526ccda1045e95cb 2011/i586/php-pgsql-5.3.13-0.1-mdv2011.0.i586.rpm ceed9de56ba7babbb1103c0505360ae8 2011/i586/php-phar-5.3.13-0.1-mdv2011.0.i586.rpm 99df22a88e7ec65277c5f1d67946b674 2011/i586/php-posix-5.3.13-0.1-mdv2011.0.i586.rpm 2a7c90e39eaed912fd8ef49d5edcf3b0 2011/i586/php-pspell-5.3.13-0.1-mdv2011.0.i586.rpm b4f54f67b9372e1bef78b6a40a756d31 2011/i586/php-readline-5.3.13-0.1-mdv2011.0.i586.rpm c3ab166b9fc83521a75c13dff80f3a56 2011/i586/php-recode-5.3.13-0.1-mdv2011.0.i586.rpm a6c67fe24586ad45656a0e11906e7bb3 2011/i586/php-session-5.3.13-0.1-mdv2011.0.i586.rpm 39dd1f3c8218f0537aad8f03aa96b833 2011/i586/php-shmop-5.3.13-0.1-mdv2011.0.i586.rpm 7d516b28e8f45f06883657d93d152c31 2011/i586/php-snmp-5.3.13-0.1-mdv2011.0.i586.rpm 511c2eadd6584227584704adf97150e9 2011/i586/php-soap-5.3.13-0.1-mdv2011.0.i586.rpm d2bb4858eb41257b9e3c72b385b55fed 2011/i586/php-sockets-5.3.13-0.1-mdv2011.0.i586.rpm ef20af5ac9def94fc4db18e4e9ef80f3 2011/i586/php-sqlite3-5.3.13-0.1-mdv2011.0.i586.rpm d87d2f151f37050dd9f3d1fb66cc5be6 2011/i586/php-sqlite-5.3.13-0.1-mdv2011.0.i586.rpm 1214cb4bc37c7fb285dd6c2f00411904 2011/i586/php-sybase_ct-5.3.13-0.1-mdv2011.0.i586.rpm 1bd2a3a7f3408e7e304190e4145cec7f 2011/i586/php-sysvmsg-5.3.13-0.1-mdv2011.0.i586.rpm 602e9fbc2dd26d526709da1fbb5f43a3 2011/i586/php-sysvsem-5.3.13-0.1-mdv2011.0.i586.rpm 1f4d61a55c51175890bf3fe8da58178b 2011/i586/php-sysvshm-5.3.13-0.1-mdv2011.0.i586.rpm 7f81e3126928fd1e48e61a04e978e549 2011/i586/php-tidy-5.3.13-0.1-mdv2011.0.i586.rpm a2ea94863a07932b8cc8adfaf9984801 2011/i586/php-tokenizer-5.3.13-0.1-mdv2011.0.i586.rpm 7ca9553c6d0280546bc198cf7e349fd0 2011/i586/php-wddx-5.3.13-0.1-mdv2011.0.i586.rpm 2657cd50ab3d1ed89c40dd022b18a78a 2011/i586/php-xml-5.3.13-0.1-mdv2011.0.i586.rpm 4484a28aa070a5507ca51b7b6ccd9c4f 2011/i586/php-xmlreader-5.3.13-0.1-mdv2011.0.i586.rpm fb655f70ba8fd02cb283c685fb32198d 2011/i586/php-xmlrpc-5.3.13-0.1-mdv2011.0.i586.rpm 595eb1d07062b9ea1cbfa4db0c858b24 2011/i586/php-xmlwriter-5.3.13-0.1-mdv2011.0.i586.rpm 13c04bf3f0134e29372d595589f59193 2011/i586/php-xsl-5.3.13-0.1-mdv2011.0.i586.rpm 0a98ea3d088772271f96eeb7a5f23ba2 2011/i586/php-zip-5.3.13-0.1-mdv2011.0.i586.rpm e5242f7e29696cf3f9a80eb65ac97184 2011/i586/php-zlib-5.3.13-0.1-mdv2011.0.i586.rpm 43577b68968398f3e83bbb150c2ba4dd 2011/SRPMS/apache-mod_php-5.3.13-0.1.src.rpm 75c0847b9bfff7a4ecf5f5097e39b5e0 2011/SRPMS/php-5.3.13-0.1.src.rpm daa6819e438adce22445ffb6f25c10f0 2011/SRPMS/php-ini-5.3.13-0.1.src.rpm

Mandriva Linux 2011/X86_64: 6f1b882d07cd219f673c90396542719e 2011/x86_64/apache-mod_php-5.3.13-0.1-mdv2011.0.x86_64.rpm 11c80f46a5669769a85ef8f391d07a70 2011/x86_64/lib64php5_common5-5.3.13-0.1-mdv2011.0.x86_64.rpm 7e4e71c5b17031412c13ea2d9b2477c5 2011/x86_64/php-bcmath-5.3.13-0.1-mdv2011.0.x86_64.rpm 528be2af28cf1a4843850e1b565c3898 2011/x86_64/php-bz2-5.3.13-0.1-mdv2011.0.x86_64.rpm 39b482e7037283b454056f4882d5917b 2011/x86_64/php-calendar-5.3.13-0.1-mdv2011.0.x86_64.rpm 9829b1d862405439321b3ecbfb4c7ea1 2011/x86_64/php-cgi-5.3.13-0.1-mdv2011.0.x86_64.rpm 5e705973df7b6c201fabeb2c75d3a74a 2011/x86_64/php-cli-5.3.13-0.1-mdv2011.0.x86_64.rpm eb3b69da40fb3992024aa0a9fea15a8d 2011/x86_64/php-ctype-5.3.13-0.1-mdv2011.0.x86_64.rpm a7fd1763425d19677b6adc88a835770f 2011/x86_64/php-curl-5.3.13-0.1-mdv2011.0.x86_64.rpm 0a4712efbe6fd4e1d2590842f620982c 2011/x86_64/php-dba-5.3.13-0.1-mdv2011.0.x86_64.rpm ca749d3257f0bb0595a6495816d17c29 2011/x86_64/php-devel-5.3.13-0.1-mdv2011.0.x86_64.rpm 56a0d712c402bcddcaba739f35ea07a6 2011/x86_64/php-doc-5.3.13-0.1-mdv2011.0.x86_64.rpm 2a6cf45b3a94ae3e571e3dbcbbc08804 2011/x86_64/php-dom-5.3.13-0.1-mdv2011.0.x86_64.rpm 0f109c681babe75db077f8d9af926f85 2011/x86_64/php-enchant-5.3.13-0.1-mdv2011.0.x86_64.rpm 7d419c4fd0f8180bb777b4b198dbf192 2011/x86_64/php-exif-5.3.13-0.1-mdv2011.0.x86_64.rpm befa5de9e5e4a3a2ab04a4899a0c654e 2011/x86_64/php-fileinfo-5.3.13-0.1-mdv2011.0.x86_64.rpm ef19b2adb8544747b6dbc673d5b758cd 2011/x86_64/php-filter-5.3.13-0.1-mdv2011.0.x86_64.rpm 42952a220d307fab9e88012a0db43ecd 2011/x86_64/php-fpm-5.3.13-0.1-mdv2011.0.x86_64.rpm 40c04426bafdec1b7ac6efd7e80112e3 2011/x86_64/php-ftp-5.3.13-0.1-mdv2011.0.x86_64.rpm 4fb018ed2383c082d45e4b75a346d588 2011/x86_64/php-gd-5.3.13-0.1-mdv2011.0.x86_64.rpm 7237c26a2db73c6a115fc4e035ecb0f2 2011/x86_64/php-gettext-5.3.13-0.1-mdv2011.0.x86_64.rpm 1a474b43b899509ba9516fa042fe1ddd 2011/x86_64/php-gmp-5.3.13-0.1-mdv2011.0.x86_64.rpm 28e8e4748273a5ccaeb65b54d666402f 2011/x86_64/php-hash-5.3.13-0.1-mdv2011.0.x86_64.rpm d3f5e9dfc04ce0ad319884c2501529c4 2011/x86_64/php-iconv-5.3.13-0.1-mdv2011.0.x86_64.rpm c166f30d0bab63ab66c91fdc7f23109e 2011/x86_64/php-imap-5.3.13-0.1-mdv2011.0.x86_64.rpm c2a6c0df9bdb831fa633b00afe1656ca 2011/x86_64/php-ini-5.3.13-0.1-mdv2011.0.x86_64.rpm 8ef06e0d3bc50c6af030273db341f33f 2011/x86_64/php-intl-5.3.13-0.1-mdv2011.0.x86_64.rpm 5e59fb195dd577622ba638e6f61301ce 2011/x86_64/php-json-5.3.13-0.1-mdv2011.0.x86_64.rpm 51d4d134118097c396fd9ae22658fd95 2011/x86_64/php-ldap-5.3.13-0.1-mdv2011.0.x86_64.rpm 43089444e735a7fb955f4b2073a89b8e 2011/x86_64/php-mbstring-5.3.13-0.1-mdv2011.0.x86_64.rpm 67cb0bb2abf2ac499616a9f6b67e42a4 2011/x86_64/php-mcrypt-5.3.13-0.1-mdv2011.0.x86_64.rpm 6167541236c972e1b3ca07ab4e3aa435 2011/x86_64/php-mssql-5.3.13-0.1-mdv2011.0.x86_64.rpm 8169e0c8a9121ed5b088e50f729a08f2 2011/x86_64/php-mysql-5.3.13-0.1-mdv2011.0.x86_64.rpm a9f88ce7ae03e6c9614bbbe77badd211 2011/x86_64/php-mysqli-5.3.13-0.1-mdv2011.0.x86_64.rpm 09ffa27ee341ea0f316c001302dc6b4f 2011/x86_64/php-mysqlnd-5.3.13-0.1-mdv2011.0.x86_64.rpm 52eca2dca4ad432fdb9ca2a42f8af637 2011/x86_64/php-odbc-5.3.13-0.1-mdv2011.0.x86_64.rpm f6e46b6f5ad8a961cbfde8b8e767054a 2011/x86_64/php-openssl-5.3.13-0.1-mdv2011.0.x86_64.rpm 3dd5efd7a83830669edf081f84a6ddd0 2011/x86_64/php-pcntl-5.3.13-0.1-mdv2011.0.x86_64.rpm f000fb58640165fa93eb8939c88f51b9 2011/x86_64/php-pdo-5.3.13-0.1-mdv2011.0.x86_64.rpm e91e95bb78ee4ccc6edc8a676cf83331 2011/x86_64/php-pdo_dblib-5.3.13-0.1-mdv2011.0.x86_64.rpm 82ca0b0fa4daa2d13d351f57cac4b1ad 2011/x86_64/php-pdo_mysql-5.3.13-0.1-mdv2011.0.x86_64.rpm 2a2e4cf2e7b3d6c718072e34bbf1f4d5 2011/x86_64/php-pdo_odbc-5.3.13-0.1-mdv2011.0.x86_64.rpm bae3bd360ca8da31e3444555b1ba5984 2011/x86_64/php-pdo_pgsql-5.3.13-0.1-mdv2011.0.x86_64.rpm 265ffe4fec20f1a276a4ae598f897097 2011/x86_64/php-pdo_sqlite-5.3.13-0.1-mdv2011.0.x86_64.rpm de5791ef4c4f09caf289efcc2946bd40 2011/x86_64/php-pgsql-5.3.13-0.1-mdv2011.0.x86_64.rpm 3e5a5c8d71d73d792f6a9c5d1d1ff0e0 2011/x86_64/php-phar-5.3.13-0.1-mdv2011.0.x86_64.rpm 1b106b0000d8cf09217a8c6066a08abe 2011/x86_64/php-posix-5.3.13-0.1-mdv2011.0.x86_64.rpm 4142e252a6e80033b49966678333d4fc 2011/x86_64/php-pspell-5.3.13-0.1-mdv2011.0.x86_64.rpm 2eaa627598b484e870a745dfce89561c 2011/x86_64/php-readline-5.3.13-0.1-mdv2011.0.x86_64.rpm 16aa5e0d0038dad164fd251584267b25 2011/x86_64/php-recode-5.3.13-0.1-mdv2011.0.x86_64.rpm 1f2221028312e63a8fe0153b0f37268d 2011/x86_64/php-session-5.3.13-0.1-mdv2011.0.x86_64.rpm 08339bda25dfc15853d8f4f3093906b5 2011/x86_64/php-shmop-5.3.13-0.1-mdv2011.0.x86_64.rpm af74d89511d56956fd18f47588c8134a 2011/x86_64/php-snmp-5.3.13-0.1-mdv2011.0.x86_64.rpm a60760ee2c728bcd933f7f129918e20f 2011/x86_64/php-soap-5.3.13-0.1-mdv2011.0.x86_64.rpm 23edc8e373f493137a741d3f5b8a776f 2011/x86_64/php-sockets-5.3.13-0.1-mdv2011.0.x86_64.rpm 0ee3559a3748ba690ee5c4f99a324b1e 2011/x86_64/php-sqlite3-5.3.13-0.1-mdv2011.0.x86_64.rpm a4b3e977bffee9f122cb6e9582edb3f1 2011/x86_64/php-sqlite-5.3.13-0.1-mdv2011.0.x86_64.rpm edcf9dd12733f50cc808a336b26e0fe2 2011/x86_64/php-sybase_ct-5.3.13-0.1-mdv2011.0.x86_64.rpm d6cd75e157f0b6b026444a1407cf90a7 2011/x86_64/php-sysvmsg-5.3.13-0.1-mdv2011.0.x86_64.rpm 0c283bd1ae67f256a6e776f35e36b30c 2011/x86_64/php-sysvsem-5.3.13-0.1-mdv2011.0.x86_64.rpm 85f7cb718011e2ff913ce142a12a6343 2011/x86_64/php-sysvshm-5.3.13-0.1-mdv2011.0.x86_64.rpm 63b205689a9cb3929379ce8c6415fecc 2011/x86_64/php-tidy-5.3.13-0.1-mdv2011.0.x86_64.rpm addd08fffff1581bfa703aeba53c5566 2011/x86_64/php-tokenizer-5.3.13-0.1-mdv2011.0.x86_64.rpm 138500dc24f46346ae847fc2f56ca7a7 2011/x86_64/php-wddx-5.3.13-0.1-mdv2011.0.x86_64.rpm 27801c8421becc9030eb1e2e06342efe 2011/x86_64/php-xml-5.3.13-0.1-mdv2011.0.x86_64.rpm 1fefd162d7a627212ccca1ecda6ccdf2 2011/x86_64/php-xmlreader-5.3.13-0.1-mdv2011.0.x86_64.rpm 2e6d1bbc2319425bfe20b189f4fe4b79 2011/x86_64/php-xmlrpc-5.3.13-0.1-mdv2011.0.x86_64.rpm 421888369bc51fcfcb7a0fcedb23e3e4 2011/x86_64/php-xmlwriter-5.3.13-0.1-mdv2011.0.x86_64.rpm f5d79e3adf80fadf2f185db98ec3b142 2011/x86_64/php-xsl-5.3.13-0.1-mdv2011.0.x86_64.rpm e126fa1b8d8f0a7c18bae56a00345299 2011/x86_64/php-zip-5.3.13-0.1-mdv2011.0.x86_64.rpm a8492adb1cc9cd92d2771d151161ac2e 2011/x86_64/php-zlib-5.3.13-0.1-mdv2011.0.x86_64.rpm 43577b68968398f3e83bbb150c2ba4dd 2011/SRPMS/apache-mod_php-5.3.13-0.1.src.rpm 75c0847b9bfff7a4ecf5f5097e39b5e0 2011/SRPMS/php-5.3.13-0.1.src.rpm daa6819e438adce22445ffb6f25c10f0 2011/SRPMS/php-ini-5.3.13-0.1.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPq4WAmqjQ0CJFipgRAihWAKCc3667vbSD/ihxb7LB9g9x2C+bnQCg89XH JTVUFGYH3hR84ZM7EV65I9g= =hQaF -----END PGP SIGNATURE-----


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ============================================================================ Ubuntu Security Notice USN-1481-1 June 19, 2012

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04 LTS
  • Ubuntu 8.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description: - php5: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-0781)

It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. (CVE-2012-1172)

Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. (CVE-2012-2143)

It was discovered that a Debian/Ubuntu specific patch caused PHP to incorrectly handle empty salt strings. A remote attacker could possibly use this flaw to bypass authentication. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2317)

It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. Configurations using mod_php5 and FastCGI were not vulnerable. (CVE-2012-2335, CVE-2012-2336)

Alexander Gavrun discovered that the PHP Phar extension incorrectly handled certain malformed TAR files. (CVE-2012-2386)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS: php5 5.3.10-1ubuntu3.2

Ubuntu 11.10: php5 5.3.6-13ubuntu3.8

Ubuntu 11.04: php5 5.3.5-1ubuntu7.10

Ubuntu 10.04 LTS: php5 5.3.2-1ubuntu4.17

Ubuntu 8.04 LTS: php5 5.2.4-2ubuntu5.25

In general, a standard system update will make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-1481-1 CVE-2012-0781, CVE-2012-1172, CVE-2012-2143, CVE-2012-2317, CVE-2012-2335, CVE-2012-2336, CVE-2012-2386

Package Information: https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.2 https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.8 https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.10 https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.17 https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.25

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201205-0311",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.3.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.4.2"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.5.4"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "enterprise linux server eus 6.1.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux long life server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.3"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "3.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.6"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "linux enterprise sdk sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.3"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ctpview 7.0r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "lotus foundations start 1.2.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise linux eus 5.6.z server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "lotus foundations start 1.2.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "linux enterprise server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux enterprise sdk sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux server optional eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "110"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "linux enterprise server for vmware sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "3.0x64"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2008"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "8.6"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "lotus foundations start",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "11x64"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "enterprise linux server optional eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.13"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-208"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2335"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2335"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "De Eindbazen",
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-2335",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2012-2335",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-2335",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201205-208",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-208"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2335"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. PHP is prone to an information-disclosure vulnerability. \nExploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201209-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: PHP: Multiple vulnerabilities\n     Date: September 24, 2012\n     Bugs: #384301, #396311, #396533, #399247, #399567, #399573,\n           #401997, #410957, #414553, #421489, #427354, #429630\n       ID: 201209-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in PHP, the worst of which lead to\nremote execution of arbitrary code. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/php                 \u003c 5.3.15                  \u003e= 5.3.15\n                                  \u003c 5.4.5                    \u003e= 5.4.5\n    -------------------------------------------------------------------\n     # Package 1 only applies to users of these architectures:\n       arm\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.3.15\"\n\nAll PHP users on ARM should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.4.5\"\n\nReferences\n==========\n\n[  1 ] CVE-2011-1398\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1398\n[  2 ] CVE-2011-3379\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3379\n[  3 ] CVE-2011-4566\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4566\n[  4 ] CVE-2011-4885\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4885\n[  5 ] CVE-2012-0057\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0057\n[  6 ] CVE-2012-0788\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0788\n[  7 ] CVE-2012-0789\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0789\n[  8 ] CVE-2012-0830\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0830\n[  9 ] CVE-2012-0831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0831\n[ 10 ] CVE-2012-1172\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1172\n[ 11 ] CVE-2012-1823\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1823\n[ 12 ] CVE-2012-2143\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2143\n[ 13 ] CVE-2012-2311\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2311\n[ 14 ] CVE-2012-2335\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2335\n[ 15 ] CVE-2012-2336\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2336\n[ 16 ] CVE-2012-2386\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2386\n[ 17 ] CVE-2012-2688\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2688\n[ 18 ] CVE-2012-3365\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3365\n[ 19 ] CVE-2012-3450\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201209-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Please refer to the following Mandriva\n advisories for further information:\n MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180,\n MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03839862\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03839862\nVersion: 1\n\nHPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and\nWindows, Multiple Remote and Local Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2013-07-18\nLast Updated: 2013-07-18\n\nPotential Security Impact: Local Denial of Service (DoS), remote Denial of\nService (DoS), execution of arbitrary code, gain extended privileges,\ndisclosure of information, unauthorized access, XSS\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Local Denial of Service (DoS),\nremote Denial of Service (DoS), execution of arbitrary code, gain privileges,\ndisclosure of information, unauthorized access, or XSS. \n\nReferences:\nCVE-2011-3389 (SSRT100740) Remote disclosure of information\nCVE-2012-0883 (SSRT101209) Remote gain extended privileges\nCVE-2012-2110 (SSRT101210) Remote Denial of Service (DoS)\nCVE-2012-2311 (SSRT100992) Remote execution of arbitrary code\nCVE-2012-2329 (SSRT100992) Remote Denial of Service (DoS)\nCVE-2012-2335 (SSRT100992) Remote execution of arbitrary code\nCVE-2012-2336 (SSRT100992) Remote Denial of Service (DoS)\nCVE-2013-2355 (SSRT100696) Remote unauthorized Access\nCVE-2013-2356 (SSRT100835) Remote disclosure of information\nCVE-2013-2357 (SSRT100907) Remote Denial of Service (DoS)\nCVE-2013-2358 (SSRT100907) Remote Denial of Service (DoS)\nCVE-2013-2359 (SSRT100907) Remote Denial of Service (DoS)\nCVE-2013-2360 (SSRT100907) Remote Denial of Service (DoS)\nCVE-2013-2361 (SSRT101007) XSS\nCVE-2013-2362 (SSRT101076, ZDI-CAN-1676) Local Denial of Service (DoS)\nCVE-2013-2363 (SSRT101150) Remote disclosure of information\nCVE-2013-2364 (SSRT101151) XSS\nCVE-2013-5217 (SSRT101137) Remote unauthorized access\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and\nWindows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-3389    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2012-0883    (AV:L/AC:M/Au:N/C:C/I:C/A:C)       6.9\nCVE-2012-2110    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-2311    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-2329    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-2335    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-2336    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2013-2355    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2013-2356    (AV:N/AC:L/Au:N/C:C/I:N/A:N)       7.8\nCVE-2013-2357    (AV:N/AC:M/Au:S/C:N/I:N/A:C)       6.3\nCVE-2013-2358    (AV:N/AC:M/Au:S/C:N/I:N/A:C)       6.3\nCVE-2013-2359    (AV:N/AC:M/Au:S/C:N/I:N/A:P)       3.5\nCVE-2013-2360    (AV:N/AC:M/Au:S/C:N/I:N/A:P)       3.5\nCVE-2013-2361    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2013-2362    (AV:L/AC:H/Au:S/C:N/I:N/A:P)       1.0\nCVE-2013-2363    (AV:N/AC:H/Au:N/C:C/I:N/A:P)       6.1\nCVE-2013-2364    (AV:N/AC:L/Au:S/C:N/I:N/A:P)       4.0\nCVE-2013-5217    (AV:N/AC:H/Au:N/C:P/I:N/A:N)       2.6\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nThe Hewlett-Packard Company thanks agix for working with the TippingPoint\nZero Day Initiative to report vulnerability CVE-2013-2362 to\nsecurity-alert@hp.com\n\nRESOLUTION\n\nHP has made System Management Homepage (SMH) v7.2.1 or subsequent available\nfor Windows and Linux to resolve the vulnerabilities. \n\nInformation and updates for SMH can be found at the following location:\n\nhttp://h18013.www1.hp.com/products/servers/management/agents/index.html\n\nHISTORY\nVersion:1 (rev.1) - 18 July 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.19 (GNU/Linux)\n\niEYEARECAAYFAlHoGuMACgkQ4B86/C0qfVmlbwCg5muoKwOcRb0N/+BZa47f7lC9\nCCoAoJo1hIDxLxljNZM2GDOcYGgJi1hH\n=kSG1\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                       MDVSA-2012:068-1\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : php\n Date    : May 10, 2012\n Affected: 2010.1, 2011. \n _______________________________________________________________________\n\n Problem Description:\n\n A vulnerability has been found and corrected in php(-cgi):\n \n PHP-CGI-based setups contain a vulnerability when parsing query string\n parameters from php files. \n \n The updated packages have been patched to correct this issue. \n\n Update:\n\n It was discovered that the previous fix for the CVE-2012-1823\n vulnerability was incomplete (CVE-2012-2335, CVE-2012-2336). The\n updated packages provides the latest version (5.3.13) which provides\n a solution to this flaw. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2335\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2336\n https://bugs.php.net/bug.php?id=61910\n http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/\n http://www.openwall.com/lists/oss-security/2012/05/09/9\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2010.1:\n 140d36ed5578274826846a0ff7ca05a9  2010.1/i586/apache-mod_php-5.3.13-0.1mdv2010.2.i586.rpm\n 24775050f82b736c2133fc30f93e809e  2010.1/i586/libphp5_common5-5.3.13-0.1mdv2010.2.i586.rpm\n f3fb19456fe4b8fd41f4306c007e85fb  2010.1/i586/php-bcmath-5.3.13-0.1mdv2010.2.i586.rpm\n 99a812ad5970bc37414909de5ef578fa  2010.1/i586/php-bz2-5.3.13-0.1mdv2010.2.i586.rpm\n 634f717747ee4db7cdd19a93ffd2d5ef  2010.1/i586/php-calendar-5.3.13-0.1mdv2010.2.i586.rpm\n 3429fa2b956f67b8602489e4b7d3757a  2010.1/i586/php-cgi-5.3.13-0.1mdv2010.2.i586.rpm\n 51a1d975e31b445ef71901cd04d8fd3a  2010.1/i586/php-cli-5.3.13-0.1mdv2010.2.i586.rpm\n ba763fffd3798434cb0cde5c8f7a8891  2010.1/i586/php-ctype-5.3.13-0.1mdv2010.2.i586.rpm\n ebf996e845619b26515e6f3e828c8fbf  2010.1/i586/php-curl-5.3.13-0.1mdv2010.2.i586.rpm\n ec57b30c43f5678b8cd822fd85df5e34  2010.1/i586/php-dba-5.3.13-0.1mdv2010.2.i586.rpm\n 85799e72a9511c0f54ff2435fba0aaab  2010.1/i586/php-devel-5.3.13-0.1mdv2010.2.i586.rpm\n 823c9544385c894e4c5edd1b52bf4e92  2010.1/i586/php-doc-5.3.13-0.1mdv2010.2.i586.rpm\n 5d753655d5615e92db188468903b8d16  2010.1/i586/php-dom-5.3.13-0.1mdv2010.2.i586.rpm\n 705fbff48501d08bae719a2d7841d8c2  2010.1/i586/php-enchant-5.3.13-0.1mdv2010.2.i586.rpm\n 4f78075bddc8fa173a7384e545e3cd5c  2010.1/i586/php-exif-5.3.13-0.1mdv2010.2.i586.rpm\n e8fefd604fd5006361419135c9059076  2010.1/i586/php-fileinfo-5.3.13-0.1mdv2010.2.i586.rpm\n bc65e927149d5277ad634b0bad8a868a  2010.1/i586/php-filter-5.3.13-0.1mdv2010.2.i586.rpm\n ea6a6fd721db888225dfea83a0ad99d9  2010.1/i586/php-fpm-5.3.13-0.1mdv2010.2.i586.rpm\n 7fb6a2914e72a63ec9401c9662f9bc2b  2010.1/i586/php-ftp-5.3.13-0.1mdv2010.2.i586.rpm\n 0df19020817d838aba51f052c29f6532  2010.1/i586/php-gd-5.3.13-0.1mdv2010.2.i586.rpm\n 5ce28c873da3fc5e0feda8e3cad2247a  2010.1/i586/php-gettext-5.3.13-0.1mdv2010.2.i586.rpm\n acbe524bfc8e156906c70124496a3161  2010.1/i586/php-gmp-5.3.13-0.1mdv2010.2.i586.rpm\n d03bc0f91411297408ac3dbbd5c426b3  2010.1/i586/php-hash-5.3.13-0.1mdv2010.2.i586.rpm\n 19bc92bd8b1a4ea4b86b497f5f48933c  2010.1/i586/php-iconv-5.3.13-0.1mdv2010.2.i586.rpm\n a891fe8d9bcbbfc4458fb31a23720338  2010.1/i586/php-imap-5.3.13-0.1mdv2010.2.i586.rpm\n edec73af34ecb6b42ed0a14dadb8949d  2010.1/i586/php-ini-5.3.13-0.1mdv2010.2.i586.rpm\n 529135563f982966be228d0e7055a97d  2010.1/i586/php-intl-5.3.13-0.1mdv2010.2.i586.rpm\n 2de32f3e7d7da5e06a83f9bf8eac6318  2010.1/i586/php-json-5.3.13-0.1mdv2010.2.i586.rpm\n 2b4f232c6bd026de886d8199dba4c2f2  2010.1/i586/php-ldap-5.3.13-0.1mdv2010.2.i586.rpm\n c14fe2ed7cfeb5320fed29676af9e682  2010.1/i586/php-mbstring-5.3.13-0.1mdv2010.2.i586.rpm\n 606e65e002f946dcf9fa8f7f3950f81d  2010.1/i586/php-mcrypt-5.3.13-0.1mdv2010.2.i586.rpm\n 84e35a42b7861251869a439b0031f225  2010.1/i586/php-mssql-5.3.13-0.1mdv2010.2.i586.rpm\n 95caf9f4d272fdeae006851e482a2461  2010.1/i586/php-mysql-5.3.13-0.1mdv2010.2.i586.rpm\n 5bb6f61f906e8572f66cbbcb0a3a667b  2010.1/i586/php-mysqli-5.3.13-0.1mdv2010.2.i586.rpm\n 28e5bdd198862a80dfea2ab9e86b9678  2010.1/i586/php-mysqlnd-5.3.13-0.1mdv2010.2.i586.rpm\n 802e12a27b7256dbba5b9029e7bbb00b  2010.1/i586/php-odbc-5.3.13-0.1mdv2010.2.i586.rpm\n f3f2b22190a0180e4adddd36ac43b808  2010.1/i586/php-openssl-5.3.13-0.1mdv2010.2.i586.rpm\n 850ed2a02899e7ef950368f1e6936e7b  2010.1/i586/php-pcntl-5.3.13-0.1mdv2010.2.i586.rpm\n 128bc6c67ee8960e29c893a0a210f967  2010.1/i586/php-pdo-5.3.13-0.1mdv2010.2.i586.rpm\n 31d3d8d11a8ec860ff748b4491ed637d  2010.1/i586/php-pdo_dblib-5.3.13-0.1mdv2010.2.i586.rpm\n 840fd711e567a690f46a5aa686a47019  2010.1/i586/php-pdo_mysql-5.3.13-0.1mdv2010.2.i586.rpm\n 6b979eef99f357fc4e283c98c5ef96ea  2010.1/i586/php-pdo_odbc-5.3.13-0.1mdv2010.2.i586.rpm\n 9b5d0ca325bbfcf6b87f74748caceb76  2010.1/i586/php-pdo_pgsql-5.3.13-0.1mdv2010.2.i586.rpm\n 70c688be75e34b79a9a35462570a2ada  2010.1/i586/php-pdo_sqlite-5.3.13-0.1mdv2010.2.i586.rpm\n e67f4f8ded56378452b8a548b126266b  2010.1/i586/php-pgsql-5.3.13-0.1mdv2010.2.i586.rpm\n 4d26258bb774b1d9aff74d3fdc1e3c2c  2010.1/i586/php-phar-5.3.13-0.1mdv2010.2.i586.rpm\n 74bc08429969529762425997772f8a5d  2010.1/i586/php-posix-5.3.13-0.1mdv2010.2.i586.rpm\n e697d56093f50bbde693541d67b7566c  2010.1/i586/php-pspell-5.3.13-0.1mdv2010.2.i586.rpm\n 0fc94be46e664a52fbc9111958cd4146  2010.1/i586/php-readline-5.3.13-0.1mdv2010.2.i586.rpm\n af7e1bb5a2722063cc52af223dc90787  2010.1/i586/php-recode-5.3.13-0.1mdv2010.2.i586.rpm\n fee14325fb3a764988c4e2a69c7938b4  2010.1/i586/php-session-5.3.13-0.1mdv2010.2.i586.rpm\n e89aba4b7dec345be125261046d31b92  2010.1/i586/php-shmop-5.3.13-0.1mdv2010.2.i586.rpm\n 69f2a66fef9892c0405d3a03c72096b2  2010.1/i586/php-snmp-5.3.13-0.1mdv2010.2.i586.rpm\n 4db2b4b3d7670603b5922a122dc975aa  2010.1/i586/php-soap-5.3.13-0.1mdv2010.2.i586.rpm\n e02779584cc1c588d75346f6995ad5a6  2010.1/i586/php-sockets-5.3.13-0.1mdv2010.2.i586.rpm\n aae3b1c32441f481c49f7f38c1c96294  2010.1/i586/php-sqlite3-5.3.13-0.1mdv2010.2.i586.rpm\n b4255e1825f289410b71b6a210229b8e  2010.1/i586/php-sqlite-5.3.13-0.1mdv2010.2.i586.rpm\n dd54ede221fd579f1ebd81be6930010b  2010.1/i586/php-sybase_ct-5.3.13-0.1mdv2010.2.i586.rpm\n 4bdebc41d1b654e904d39c8f89be51a2  2010.1/i586/php-sysvmsg-5.3.13-0.1mdv2010.2.i586.rpm\n 3d485895eca51f5f801323baf1f0f8bf  2010.1/i586/php-sysvsem-5.3.13-0.1mdv2010.2.i586.rpm\n a5c65e02a46da5f9a1be3235565926a3  2010.1/i586/php-sysvshm-5.3.13-0.1mdv2010.2.i586.rpm\n 1a1e6a0a91388e7113f2774bb0f16c01  2010.1/i586/php-tidy-5.3.13-0.1mdv2010.2.i586.rpm\n cf565e35c341273ed2b4378c9f0980c8  2010.1/i586/php-tokenizer-5.3.13-0.1mdv2010.2.i586.rpm\n b1fd12591b6500464a97eb2ae47b2f60  2010.1/i586/php-wddx-5.3.13-0.1mdv2010.2.i586.rpm\n f0f801ce893ad8eb55bb21d010af641a  2010.1/i586/php-xml-5.3.13-0.1mdv2010.2.i586.rpm\n 055873d10551544750bd05555cc63155  2010.1/i586/php-xmlreader-5.3.13-0.1mdv2010.2.i586.rpm\n 69a6e3930ed1b2d1ddac5df5719bc6d6  2010.1/i586/php-xmlrpc-5.3.13-0.1mdv2010.2.i586.rpm\n de7f360c56f74b036ea924d9f7c76b59  2010.1/i586/php-xmlwriter-5.3.13-0.1mdv2010.2.i586.rpm\n 4cbd130cf269dd2769dd084322eaf77a  2010.1/i586/php-xsl-5.3.13-0.1mdv2010.2.i586.rpm\n 1d32b52e968a2bd7c4ff6b640f38ae36  2010.1/i586/php-zip-5.3.13-0.1mdv2010.2.i586.rpm\n 9508241b048c6acc033c16494f797289  2010.1/i586/php-zlib-5.3.13-0.1mdv2010.2.i586.rpm \n cd0e0682df60061148366ab6b10394d2  2010.1/SRPMS/apache-mod_php-5.3.13-0.1mdv2010.2.src.rpm\n f454d177e9bd631df2a4eeca3d33fe38  2010.1/SRPMS/php-5.3.13-0.1mdv2010.2.src.rpm\n 281be8fe2bb8cd404ade445f64c616da  2010.1/SRPMS/php-ini-5.3.13-0.1mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 5c32f90215090901240e661f8e2224a9  2010.1/x86_64/apache-mod_php-5.3.13-0.1mdv2010.2.x86_64.rpm\n c21032781b826fe3a8202eff5b7ef8b5  2010.1/x86_64/lib64php5_common5-5.3.13-0.1mdv2010.2.x86_64.rpm\n a2d0b2b43aa856d5872679d455e56a1e  2010.1/x86_64/php-bcmath-5.3.13-0.1mdv2010.2.x86_64.rpm\n 5421084c1b946cb2c5eeebfed07ac829  2010.1/x86_64/php-bz2-5.3.13-0.1mdv2010.2.x86_64.rpm\n 48aa03dcba36a09689dc6c7f2497741c  2010.1/x86_64/php-calendar-5.3.13-0.1mdv2010.2.x86_64.rpm\n c503b930c9d60cbd4d4ea58d8a6deda7  2010.1/x86_64/php-cgi-5.3.13-0.1mdv2010.2.x86_64.rpm\n 228b72cbf197c817d866d1fe3c7ed6b2  2010.1/x86_64/php-cli-5.3.13-0.1mdv2010.2.x86_64.rpm\n c9435be90a6e5fae1a980109c9bc9aca  2010.1/x86_64/php-ctype-5.3.13-0.1mdv2010.2.x86_64.rpm\n 0eb2e95722b4af3006f560c8441d687f  2010.1/x86_64/php-curl-5.3.13-0.1mdv2010.2.x86_64.rpm\n ccebc661c63d1028540c1212de90bbae  2010.1/x86_64/php-dba-5.3.13-0.1mdv2010.2.x86_64.rpm\n 2edc5f5c47a0ee2bbf001fae9024849f  2010.1/x86_64/php-devel-5.3.13-0.1mdv2010.2.x86_64.rpm\n 3b3eeb211bf45ede0abaae347d8bc745  2010.1/x86_64/php-doc-5.3.13-0.1mdv2010.2.x86_64.rpm\n 29f9a4fcee784caeaa54d88ae6f1fda9  2010.1/x86_64/php-dom-5.3.13-0.1mdv2010.2.x86_64.rpm\n eda0d150731e178912024b0ff6665835  2010.1/x86_64/php-enchant-5.3.13-0.1mdv2010.2.x86_64.rpm\n cf52bd1d68b75ba6841fe6258b9a1f69  2010.1/x86_64/php-exif-5.3.13-0.1mdv2010.2.x86_64.rpm\n 0243226aa4bf036a4054b48966f80cf3  2010.1/x86_64/php-fileinfo-5.3.13-0.1mdv2010.2.x86_64.rpm\n a5bca21277b5c72133340ea059cf0df0  2010.1/x86_64/php-filter-5.3.13-0.1mdv2010.2.x86_64.rpm\n 3c7007006b1d93d8c96e86dcf27ea38b  2010.1/x86_64/php-fpm-5.3.13-0.1mdv2010.2.x86_64.rpm\n f9549d4ed2973e5c1519546e971fd81a  2010.1/x86_64/php-ftp-5.3.13-0.1mdv2010.2.x86_64.rpm\n c7231a7117abab68e8c4d1a3f6a80ccb  2010.1/x86_64/php-gd-5.3.13-0.1mdv2010.2.x86_64.rpm\n 0ca2c9679c082508a4c2b007ec5a8c46  2010.1/x86_64/php-gettext-5.3.13-0.1mdv2010.2.x86_64.rpm\n 7d0de98a757251e874aff11ab76db12b  2010.1/x86_64/php-gmp-5.3.13-0.1mdv2010.2.x86_64.rpm\n 8757a89019988ab9b689c282ae06cf01  2010.1/x86_64/php-hash-5.3.13-0.1mdv2010.2.x86_64.rpm\n 996f5bcb88fc855db3cc4c779897a9ad  2010.1/x86_64/php-iconv-5.3.13-0.1mdv2010.2.x86_64.rpm\n 1580fd0ebb4ff0bd0e3c2a6e8925fc8a  2010.1/x86_64/php-imap-5.3.13-0.1mdv2010.2.x86_64.rpm\n 89a3915683d63a757fa29e53fadf0e1d  2010.1/x86_64/php-ini-5.3.13-0.1mdv2010.2.x86_64.rpm\n 38115fadfb51fdfd10ea14def4d9143d  2010.1/x86_64/php-intl-5.3.13-0.1mdv2010.2.x86_64.rpm\n 06aaaa6c43d85283ba31e079f9e1e0e0  2010.1/x86_64/php-json-5.3.13-0.1mdv2010.2.x86_64.rpm\n b9f6e00a0ac3916b91442ed6c62ad440  2010.1/x86_64/php-ldap-5.3.13-0.1mdv2010.2.x86_64.rpm\n 9b634f67d80ba028247dafe559276859  2010.1/x86_64/php-mbstring-5.3.13-0.1mdv2010.2.x86_64.rpm\n bd39ac4808035578dec2e24a98457b03  2010.1/x86_64/php-mcrypt-5.3.13-0.1mdv2010.2.x86_64.rpm\n 4acc008044469403769de09af155f0d5  2010.1/x86_64/php-mssql-5.3.13-0.1mdv2010.2.x86_64.rpm\n 8d5826fa6ba3dcaf214839a654e74659  2010.1/x86_64/php-mysql-5.3.13-0.1mdv2010.2.x86_64.rpm\n ea0e352e2900b493b9d355257ec99a4e  2010.1/x86_64/php-mysqli-5.3.13-0.1mdv2010.2.x86_64.rpm\n 40b23996dd377b3699ca230f30451e09  2010.1/x86_64/php-mysqlnd-5.3.13-0.1mdv2010.2.x86_64.rpm\n 4a49bad04937598951093dbf1e57eb19  2010.1/x86_64/php-odbc-5.3.13-0.1mdv2010.2.x86_64.rpm\n ef337452c999c609f38511b30424aa95  2010.1/x86_64/php-openssl-5.3.13-0.1mdv2010.2.x86_64.rpm\n 8adda9b3ac67749c4cbbca498fe97042  2010.1/x86_64/php-pcntl-5.3.13-0.1mdv2010.2.x86_64.rpm\n aab08edd87702937cc87e3eea9683e04  2010.1/x86_64/php-pdo-5.3.13-0.1mdv2010.2.x86_64.rpm\n b769d4729112be42057acbecc42784fd  2010.1/x86_64/php-pdo_dblib-5.3.13-0.1mdv2010.2.x86_64.rpm\n 51f45520e81ae006da36c27e9ff23d29  2010.1/x86_64/php-pdo_mysql-5.3.13-0.1mdv2010.2.x86_64.rpm\n 337fef4ac991f694fbc52f1b51292f0e  2010.1/x86_64/php-pdo_odbc-5.3.13-0.1mdv2010.2.x86_64.rpm\n ee046601f134c275c1c5394156868176  2010.1/x86_64/php-pdo_pgsql-5.3.13-0.1mdv2010.2.x86_64.rpm\n f1b25be0d7a2e6948dd6d95776da6f27  2010.1/x86_64/php-pdo_sqlite-5.3.13-0.1mdv2010.2.x86_64.rpm\n c61a1bc81075ebfc94e820984597774b  2010.1/x86_64/php-pgsql-5.3.13-0.1mdv2010.2.x86_64.rpm\n 11bed7992443f01305ad4ce8304e9f07  2010.1/x86_64/php-phar-5.3.13-0.1mdv2010.2.x86_64.rpm\n dd6008750a431325112944e3a5783d0c  2010.1/x86_64/php-posix-5.3.13-0.1mdv2010.2.x86_64.rpm\n f5531db71580b0c17c5796cfd79f4020  2010.1/x86_64/php-pspell-5.3.13-0.1mdv2010.2.x86_64.rpm\n 80c9841836ea5246babb676ce79adb9d  2010.1/x86_64/php-readline-5.3.13-0.1mdv2010.2.x86_64.rpm\n 6271ebd8132c7d94513646d0bbfedf15  2010.1/x86_64/php-recode-5.3.13-0.1mdv2010.2.x86_64.rpm\n 77e395b19c6068c941cc1ee1c89e15c6  2010.1/x86_64/php-session-5.3.13-0.1mdv2010.2.x86_64.rpm\n b310511e16b059f753cef3fbe39a35b0  2010.1/x86_64/php-shmop-5.3.13-0.1mdv2010.2.x86_64.rpm\n 70b99d0120ea8c6018a327996314ab49  2010.1/x86_64/php-snmp-5.3.13-0.1mdv2010.2.x86_64.rpm\n 33f829a30afaeab74203389d8a48a2d9  2010.1/x86_64/php-soap-5.3.13-0.1mdv2010.2.x86_64.rpm\n 64295e56e1c81c3322aa49bd1bf2d838  2010.1/x86_64/php-sockets-5.3.13-0.1mdv2010.2.x86_64.rpm\n 9afd6ba7da1e9ffa58a33c822eeb6a9d  2010.1/x86_64/php-sqlite3-5.3.13-0.1mdv2010.2.x86_64.rpm\n 8f8e7ee68199f5fdb8867b10d8cede5a  2010.1/x86_64/php-sqlite-5.3.13-0.1mdv2010.2.x86_64.rpm\n 84d824d25bcd058301b8a8cac4eece97  2010.1/x86_64/php-sybase_ct-5.3.13-0.1mdv2010.2.x86_64.rpm\n cdd27855aa2b685fba70fea949d0f8f5  2010.1/x86_64/php-sysvmsg-5.3.13-0.1mdv2010.2.x86_64.rpm\n 47714ed1a09513b0fa4016fed1faf374  2010.1/x86_64/php-sysvsem-5.3.13-0.1mdv2010.2.x86_64.rpm\n 878cc21a21bcb9120f0c60d0dc3c848d  2010.1/x86_64/php-sysvshm-5.3.13-0.1mdv2010.2.x86_64.rpm\n ed7017d81df4e68da01f9d790c5e9e75  2010.1/x86_64/php-tidy-5.3.13-0.1mdv2010.2.x86_64.rpm\n e2dbcbefd496f408e56c5072938f62d6  2010.1/x86_64/php-tokenizer-5.3.13-0.1mdv2010.2.x86_64.rpm\n c629479463912ae1d91c4399e5b05f67  2010.1/x86_64/php-wddx-5.3.13-0.1mdv2010.2.x86_64.rpm\n 5a71b4a2a66aa994585f3372f13ad969  2010.1/x86_64/php-xml-5.3.13-0.1mdv2010.2.x86_64.rpm\n 9e99f81386d263bf395a4462ce3333f8  2010.1/x86_64/php-xmlreader-5.3.13-0.1mdv2010.2.x86_64.rpm\n 76c565d3fdcba0133b6c25a914a4fed3  2010.1/x86_64/php-xmlrpc-5.3.13-0.1mdv2010.2.x86_64.rpm\n af3b32c6d60342fb5c7a7c455f647f34  2010.1/x86_64/php-xmlwriter-5.3.13-0.1mdv2010.2.x86_64.rpm\n 31a1efcba8488b85ec31054bea181262  2010.1/x86_64/php-xsl-5.3.13-0.1mdv2010.2.x86_64.rpm\n d3b08c3d48baefa3ee14632b876100fb  2010.1/x86_64/php-zip-5.3.13-0.1mdv2010.2.x86_64.rpm\n a6a3b117484b1bb2e7d449c08fa49b46  2010.1/x86_64/php-zlib-5.3.13-0.1mdv2010.2.x86_64.rpm \n cd0e0682df60061148366ab6b10394d2  2010.1/SRPMS/apache-mod_php-5.3.13-0.1mdv2010.2.src.rpm\n f454d177e9bd631df2a4eeca3d33fe38  2010.1/SRPMS/php-5.3.13-0.1mdv2010.2.src.rpm\n 281be8fe2bb8cd404ade445f64c616da  2010.1/SRPMS/php-ini-5.3.13-0.1mdv2010.2.src.rpm\n\n Mandriva Linux 2011:\n 35cdd956ce62db7548d2626d8a8f7ae8  2011/i586/apache-mod_php-5.3.13-0.1-mdv2011.0.i586.rpm\n dd02a276ddca3ae7ad754e19a41e8ff8  2011/i586/libphp5_common5-5.3.13-0.1-mdv2011.0.i586.rpm\n 7a8feff11aa910f94074c57b54a124d6  2011/i586/php-bcmath-5.3.13-0.1-mdv2011.0.i586.rpm\n 3c70edc391c1c8fb7845f81f3b3f5bac  2011/i586/php-bz2-5.3.13-0.1-mdv2011.0.i586.rpm\n d8020203023aaf02a30b22559d5a67c7  2011/i586/php-calendar-5.3.13-0.1-mdv2011.0.i586.rpm\n e0f010a7d61cf27e13a486ff6e5d6ce4  2011/i586/php-cgi-5.3.13-0.1-mdv2011.0.i586.rpm\n 345ee6e60bc1973f0049ab25f7dc3557  2011/i586/php-cli-5.3.13-0.1-mdv2011.0.i586.rpm\n c4e851c0260ad96797ca56deb2b6f3c7  2011/i586/php-ctype-5.3.13-0.1-mdv2011.0.i586.rpm\n 073d81d6531862861015cf7f53173045  2011/i586/php-curl-5.3.13-0.1-mdv2011.0.i586.rpm\n 1330fd10a3bdd3787913db7795054819  2011/i586/php-dba-5.3.13-0.1-mdv2011.0.i586.rpm\n b6d0fefa9206b7cd3f4c73744c324906  2011/i586/php-devel-5.3.13-0.1-mdv2011.0.i586.rpm\n 32a9567d7a61d6f35654e8d33baec58a  2011/i586/php-doc-5.3.13-0.1-mdv2011.0.i586.rpm\n 149566d373265e732f1ec3140d11cac2  2011/i586/php-dom-5.3.13-0.1-mdv2011.0.i586.rpm\n 6f4b1fe24a35809c93e9489347c448bb  2011/i586/php-enchant-5.3.13-0.1-mdv2011.0.i586.rpm\n 44f27021f7ff8202f5f34a8b0720be5b  2011/i586/php-exif-5.3.13-0.1-mdv2011.0.i586.rpm\n 5d32e3e7dc217fd69b6dc99dffb747f7  2011/i586/php-fileinfo-5.3.13-0.1-mdv2011.0.i586.rpm\n 043c17fad24c3113600799c63c5dde18  2011/i586/php-filter-5.3.13-0.1-mdv2011.0.i586.rpm\n 08c16e8ec2f1c821df8090c38c43809b  2011/i586/php-fpm-5.3.13-0.1-mdv2011.0.i586.rpm\n 209b4baf966b45cb48790e7a020b1aa9  2011/i586/php-ftp-5.3.13-0.1-mdv2011.0.i586.rpm\n eac85767ff89fcf822b2c2cf408b2aca  2011/i586/php-gd-5.3.13-0.1-mdv2011.0.i586.rpm\n 7c7c5ab6370c934b727dac2ad1c9bd33  2011/i586/php-gettext-5.3.13-0.1-mdv2011.0.i586.rpm\n babb1410dd897504ec526243789fd749  2011/i586/php-gmp-5.3.13-0.1-mdv2011.0.i586.rpm\n 63feb83eda18663f3ae28fee522a79c8  2011/i586/php-hash-5.3.13-0.1-mdv2011.0.i586.rpm\n a8aad04e3c20f9223832632f412c4c69  2011/i586/php-iconv-5.3.13-0.1-mdv2011.0.i586.rpm\n 22f5f2b807af8ea7445e8682f6718ab2  2011/i586/php-imap-5.3.13-0.1-mdv2011.0.i586.rpm\n ff780d80135cc18647edecdde6b77e16  2011/i586/php-ini-5.3.13-0.1-mdv2011.0.i586.rpm\n 10475ddafeeb384ae3afb7f5d2d1afa8  2011/i586/php-intl-5.3.13-0.1-mdv2011.0.i586.rpm\n e3261da452695aed46718ec06a1f17ed  2011/i586/php-json-5.3.13-0.1-mdv2011.0.i586.rpm\n f6238f4f4566582418666333eb797994  2011/i586/php-ldap-5.3.13-0.1-mdv2011.0.i586.rpm\n 9ae1d9fc8320fa272fa56484f425e7d8  2011/i586/php-mbstring-5.3.13-0.1-mdv2011.0.i586.rpm\n 86710277f0bca955ced6610b199fcf16  2011/i586/php-mcrypt-5.3.13-0.1-mdv2011.0.i586.rpm\n a9dad85e7658b897bcd9a3c088a71168  2011/i586/php-mssql-5.3.13-0.1-mdv2011.0.i586.rpm\n 66063a764c3a2b90143c5653c0f1dd2c  2011/i586/php-mysql-5.3.13-0.1-mdv2011.0.i586.rpm\n c7993bdf0b9ceaf4f2fa86dbc558ddfb  2011/i586/php-mysqli-5.3.13-0.1-mdv2011.0.i586.rpm\n afcd3e1e62498bffaa9432c5d5c505f5  2011/i586/php-mysqlnd-5.3.13-0.1-mdv2011.0.i586.rpm\n 21a837c5413d3e89b7747b70b343ff39  2011/i586/php-odbc-5.3.13-0.1-mdv2011.0.i586.rpm\n 9653980157e82a7cc1fcb428e6a11831  2011/i586/php-openssl-5.3.13-0.1-mdv2011.0.i586.rpm\n 2a7283323df15b449a0911147e4e120a  2011/i586/php-pcntl-5.3.13-0.1-mdv2011.0.i586.rpm\n 5943398e22f4b3aab9fb741e7b6a8014  2011/i586/php-pdo-5.3.13-0.1-mdv2011.0.i586.rpm\n 4a8632f0605a849c61148479c3dce11c  2011/i586/php-pdo_dblib-5.3.13-0.1-mdv2011.0.i586.rpm\n 90bfc85fce2cf88d5cc7e9d383bac674  2011/i586/php-pdo_mysql-5.3.13-0.1-mdv2011.0.i586.rpm\n 13a2e35fe9389ceff1bd86915d4fbb45  2011/i586/php-pdo_odbc-5.3.13-0.1-mdv2011.0.i586.rpm\n bd5ac6d3de510f5648e0796262ee0284  2011/i586/php-pdo_pgsql-5.3.13-0.1-mdv2011.0.i586.rpm\n c8a144f194b2e263d30d42549ef72df7  2011/i586/php-pdo_sqlite-5.3.13-0.1-mdv2011.0.i586.rpm\n 9fc72c845adc2c8b526ccda1045e95cb  2011/i586/php-pgsql-5.3.13-0.1-mdv2011.0.i586.rpm\n ceed9de56ba7babbb1103c0505360ae8  2011/i586/php-phar-5.3.13-0.1-mdv2011.0.i586.rpm\n 99df22a88e7ec65277c5f1d67946b674  2011/i586/php-posix-5.3.13-0.1-mdv2011.0.i586.rpm\n 2a7c90e39eaed912fd8ef49d5edcf3b0  2011/i586/php-pspell-5.3.13-0.1-mdv2011.0.i586.rpm\n b4f54f67b9372e1bef78b6a40a756d31  2011/i586/php-readline-5.3.13-0.1-mdv2011.0.i586.rpm\n c3ab166b9fc83521a75c13dff80f3a56  2011/i586/php-recode-5.3.13-0.1-mdv2011.0.i586.rpm\n a6c67fe24586ad45656a0e11906e7bb3  2011/i586/php-session-5.3.13-0.1-mdv2011.0.i586.rpm\n 39dd1f3c8218f0537aad8f03aa96b833  2011/i586/php-shmop-5.3.13-0.1-mdv2011.0.i586.rpm\n 7d516b28e8f45f06883657d93d152c31  2011/i586/php-snmp-5.3.13-0.1-mdv2011.0.i586.rpm\n 511c2eadd6584227584704adf97150e9  2011/i586/php-soap-5.3.13-0.1-mdv2011.0.i586.rpm\n d2bb4858eb41257b9e3c72b385b55fed  2011/i586/php-sockets-5.3.13-0.1-mdv2011.0.i586.rpm\n ef20af5ac9def94fc4db18e4e9ef80f3  2011/i586/php-sqlite3-5.3.13-0.1-mdv2011.0.i586.rpm\n d87d2f151f37050dd9f3d1fb66cc5be6  2011/i586/php-sqlite-5.3.13-0.1-mdv2011.0.i586.rpm\n 1214cb4bc37c7fb285dd6c2f00411904  2011/i586/php-sybase_ct-5.3.13-0.1-mdv2011.0.i586.rpm\n 1bd2a3a7f3408e7e304190e4145cec7f  2011/i586/php-sysvmsg-5.3.13-0.1-mdv2011.0.i586.rpm\n 602e9fbc2dd26d526709da1fbb5f43a3  2011/i586/php-sysvsem-5.3.13-0.1-mdv2011.0.i586.rpm\n 1f4d61a55c51175890bf3fe8da58178b  2011/i586/php-sysvshm-5.3.13-0.1-mdv2011.0.i586.rpm\n 7f81e3126928fd1e48e61a04e978e549  2011/i586/php-tidy-5.3.13-0.1-mdv2011.0.i586.rpm\n a2ea94863a07932b8cc8adfaf9984801  2011/i586/php-tokenizer-5.3.13-0.1-mdv2011.0.i586.rpm\n 7ca9553c6d0280546bc198cf7e349fd0  2011/i586/php-wddx-5.3.13-0.1-mdv2011.0.i586.rpm\n 2657cd50ab3d1ed89c40dd022b18a78a  2011/i586/php-xml-5.3.13-0.1-mdv2011.0.i586.rpm\n 4484a28aa070a5507ca51b7b6ccd9c4f  2011/i586/php-xmlreader-5.3.13-0.1-mdv2011.0.i586.rpm\n fb655f70ba8fd02cb283c685fb32198d  2011/i586/php-xmlrpc-5.3.13-0.1-mdv2011.0.i586.rpm\n 595eb1d07062b9ea1cbfa4db0c858b24  2011/i586/php-xmlwriter-5.3.13-0.1-mdv2011.0.i586.rpm\n 13c04bf3f0134e29372d595589f59193  2011/i586/php-xsl-5.3.13-0.1-mdv2011.0.i586.rpm\n 0a98ea3d088772271f96eeb7a5f23ba2  2011/i586/php-zip-5.3.13-0.1-mdv2011.0.i586.rpm\n e5242f7e29696cf3f9a80eb65ac97184  2011/i586/php-zlib-5.3.13-0.1-mdv2011.0.i586.rpm \n 43577b68968398f3e83bbb150c2ba4dd  2011/SRPMS/apache-mod_php-5.3.13-0.1.src.rpm\n 75c0847b9bfff7a4ecf5f5097e39b5e0  2011/SRPMS/php-5.3.13-0.1.src.rpm\n daa6819e438adce22445ffb6f25c10f0  2011/SRPMS/php-ini-5.3.13-0.1.src.rpm\n\n Mandriva Linux 2011/X86_64:\n 6f1b882d07cd219f673c90396542719e  2011/x86_64/apache-mod_php-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 11c80f46a5669769a85ef8f391d07a70  2011/x86_64/lib64php5_common5-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 7e4e71c5b17031412c13ea2d9b2477c5  2011/x86_64/php-bcmath-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 528be2af28cf1a4843850e1b565c3898  2011/x86_64/php-bz2-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 39b482e7037283b454056f4882d5917b  2011/x86_64/php-calendar-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 9829b1d862405439321b3ecbfb4c7ea1  2011/x86_64/php-cgi-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 5e705973df7b6c201fabeb2c75d3a74a  2011/x86_64/php-cli-5.3.13-0.1-mdv2011.0.x86_64.rpm\n eb3b69da40fb3992024aa0a9fea15a8d  2011/x86_64/php-ctype-5.3.13-0.1-mdv2011.0.x86_64.rpm\n a7fd1763425d19677b6adc88a835770f  2011/x86_64/php-curl-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 0a4712efbe6fd4e1d2590842f620982c  2011/x86_64/php-dba-5.3.13-0.1-mdv2011.0.x86_64.rpm\n ca749d3257f0bb0595a6495816d17c29  2011/x86_64/php-devel-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 56a0d712c402bcddcaba739f35ea07a6  2011/x86_64/php-doc-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 2a6cf45b3a94ae3e571e3dbcbbc08804  2011/x86_64/php-dom-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 0f109c681babe75db077f8d9af926f85  2011/x86_64/php-enchant-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 7d419c4fd0f8180bb777b4b198dbf192  2011/x86_64/php-exif-5.3.13-0.1-mdv2011.0.x86_64.rpm\n befa5de9e5e4a3a2ab04a4899a0c654e  2011/x86_64/php-fileinfo-5.3.13-0.1-mdv2011.0.x86_64.rpm\n ef19b2adb8544747b6dbc673d5b758cd  2011/x86_64/php-filter-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 42952a220d307fab9e88012a0db43ecd  2011/x86_64/php-fpm-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 40c04426bafdec1b7ac6efd7e80112e3  2011/x86_64/php-ftp-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 4fb018ed2383c082d45e4b75a346d588  2011/x86_64/php-gd-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 7237c26a2db73c6a115fc4e035ecb0f2  2011/x86_64/php-gettext-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 1a474b43b899509ba9516fa042fe1ddd  2011/x86_64/php-gmp-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 28e8e4748273a5ccaeb65b54d666402f  2011/x86_64/php-hash-5.3.13-0.1-mdv2011.0.x86_64.rpm\n d3f5e9dfc04ce0ad319884c2501529c4  2011/x86_64/php-iconv-5.3.13-0.1-mdv2011.0.x86_64.rpm\n c166f30d0bab63ab66c91fdc7f23109e  2011/x86_64/php-imap-5.3.13-0.1-mdv2011.0.x86_64.rpm\n c2a6c0df9bdb831fa633b00afe1656ca  2011/x86_64/php-ini-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 8ef06e0d3bc50c6af030273db341f33f  2011/x86_64/php-intl-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 5e59fb195dd577622ba638e6f61301ce  2011/x86_64/php-json-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 51d4d134118097c396fd9ae22658fd95  2011/x86_64/php-ldap-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 43089444e735a7fb955f4b2073a89b8e  2011/x86_64/php-mbstring-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 67cb0bb2abf2ac499616a9f6b67e42a4  2011/x86_64/php-mcrypt-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 6167541236c972e1b3ca07ab4e3aa435  2011/x86_64/php-mssql-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 8169e0c8a9121ed5b088e50f729a08f2  2011/x86_64/php-mysql-5.3.13-0.1-mdv2011.0.x86_64.rpm\n a9f88ce7ae03e6c9614bbbe77badd211  2011/x86_64/php-mysqli-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 09ffa27ee341ea0f316c001302dc6b4f  2011/x86_64/php-mysqlnd-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 52eca2dca4ad432fdb9ca2a42f8af637  2011/x86_64/php-odbc-5.3.13-0.1-mdv2011.0.x86_64.rpm\n f6e46b6f5ad8a961cbfde8b8e767054a  2011/x86_64/php-openssl-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 3dd5efd7a83830669edf081f84a6ddd0  2011/x86_64/php-pcntl-5.3.13-0.1-mdv2011.0.x86_64.rpm\n f000fb58640165fa93eb8939c88f51b9  2011/x86_64/php-pdo-5.3.13-0.1-mdv2011.0.x86_64.rpm\n e91e95bb78ee4ccc6edc8a676cf83331  2011/x86_64/php-pdo_dblib-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 82ca0b0fa4daa2d13d351f57cac4b1ad  2011/x86_64/php-pdo_mysql-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 2a2e4cf2e7b3d6c718072e34bbf1f4d5  2011/x86_64/php-pdo_odbc-5.3.13-0.1-mdv2011.0.x86_64.rpm\n bae3bd360ca8da31e3444555b1ba5984  2011/x86_64/php-pdo_pgsql-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 265ffe4fec20f1a276a4ae598f897097  2011/x86_64/php-pdo_sqlite-5.3.13-0.1-mdv2011.0.x86_64.rpm\n de5791ef4c4f09caf289efcc2946bd40  2011/x86_64/php-pgsql-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 3e5a5c8d71d73d792f6a9c5d1d1ff0e0  2011/x86_64/php-phar-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 1b106b0000d8cf09217a8c6066a08abe  2011/x86_64/php-posix-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 4142e252a6e80033b49966678333d4fc  2011/x86_64/php-pspell-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 2eaa627598b484e870a745dfce89561c  2011/x86_64/php-readline-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 16aa5e0d0038dad164fd251584267b25  2011/x86_64/php-recode-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 1f2221028312e63a8fe0153b0f37268d  2011/x86_64/php-session-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 08339bda25dfc15853d8f4f3093906b5  2011/x86_64/php-shmop-5.3.13-0.1-mdv2011.0.x86_64.rpm\n af74d89511d56956fd18f47588c8134a  2011/x86_64/php-snmp-5.3.13-0.1-mdv2011.0.x86_64.rpm\n a60760ee2c728bcd933f7f129918e20f  2011/x86_64/php-soap-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 23edc8e373f493137a741d3f5b8a776f  2011/x86_64/php-sockets-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 0ee3559a3748ba690ee5c4f99a324b1e  2011/x86_64/php-sqlite3-5.3.13-0.1-mdv2011.0.x86_64.rpm\n a4b3e977bffee9f122cb6e9582edb3f1  2011/x86_64/php-sqlite-5.3.13-0.1-mdv2011.0.x86_64.rpm\n edcf9dd12733f50cc808a336b26e0fe2  2011/x86_64/php-sybase_ct-5.3.13-0.1-mdv2011.0.x86_64.rpm\n d6cd75e157f0b6b026444a1407cf90a7  2011/x86_64/php-sysvmsg-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 0c283bd1ae67f256a6e776f35e36b30c  2011/x86_64/php-sysvsem-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 85f7cb718011e2ff913ce142a12a6343  2011/x86_64/php-sysvshm-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 63b205689a9cb3929379ce8c6415fecc  2011/x86_64/php-tidy-5.3.13-0.1-mdv2011.0.x86_64.rpm\n addd08fffff1581bfa703aeba53c5566  2011/x86_64/php-tokenizer-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 138500dc24f46346ae847fc2f56ca7a7  2011/x86_64/php-wddx-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 27801c8421becc9030eb1e2e06342efe  2011/x86_64/php-xml-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 1fefd162d7a627212ccca1ecda6ccdf2  2011/x86_64/php-xmlreader-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 2e6d1bbc2319425bfe20b189f4fe4b79  2011/x86_64/php-xmlrpc-5.3.13-0.1-mdv2011.0.x86_64.rpm\n 421888369bc51fcfcb7a0fcedb23e3e4  2011/x86_64/php-xmlwriter-5.3.13-0.1-mdv2011.0.x86_64.rpm\n f5d79e3adf80fadf2f185db98ec3b142  2011/x86_64/php-xsl-5.3.13-0.1-mdv2011.0.x86_64.rpm\n e126fa1b8d8f0a7c18bae56a00345299  2011/x86_64/php-zip-5.3.13-0.1-mdv2011.0.x86_64.rpm\n a8492adb1cc9cd92d2771d151161ac2e  2011/x86_64/php-zlib-5.3.13-0.1-mdv2011.0.x86_64.rpm \n 43577b68968398f3e83bbb150c2ba4dd  2011/SRPMS/apache-mod_php-5.3.13-0.1.src.rpm\n 75c0847b9bfff7a4ecf5f5097e39b5e0  2011/SRPMS/php-5.3.13-0.1.src.rpm\n daa6819e438adce22445ffb6f25c10f0  2011/SRPMS/php-ini-5.3.13-0.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPq4WAmqjQ0CJFipgRAihWAKCc3667vbSD/ihxb7LB9g9x2C+bnQCg89XH\nJTVUFGYH3hR84ZM7EV65I9g=\n=hQaF\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ============================================================================\nUbuntu Security Notice USN-1481-1\nJune 19, 2012\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n\nSoftware Description:\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nIt was discovered that PHP incorrectly handled certain Tidy::diagnose\noperations on invalid objects. A remote attacker could use this flaw to\ncause PHP to crash, leading to a denial of service. (CVE-2012-0781)\n\nIt was discovered that PHP incorrectly handled certain multi-file upload\nfilenames. A remote attacker could use this flaw to cause a denial of\nservice, or to perform a directory traversal attack. (CVE-2012-1172)\n\nRubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain\nUnicode characters in passwords passed to the crypt() function. A remote\nattacker could possibly use this flaw to bypass authentication. \n(CVE-2012-2143)\n\nIt was discovered that a Debian/Ubuntu specific patch caused PHP to\nincorrectly handle empty salt strings. A remote attacker could possibly use\nthis flaw to bypass authentication. This issue only affected Ubuntu 10.04\nLTS and Ubuntu 11.04. (CVE-2012-2317)\n\nIt was discovered that PHP, when used as a stand alone CGI processor\nfor the Apache Web Server, did not properly parse and filter query\nstrings. Configurations using mod_php5 and FastCGI were not vulnerable. \n(CVE-2012-2335, CVE-2012-2336)\n\nAlexander Gavrun discovered that the PHP Phar extension incorrectly handled\ncertain malformed TAR files. \n(CVE-2012-2386)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n  php5                            5.3.10-1ubuntu3.2\n\nUbuntu 11.10:\n  php5                            5.3.6-13ubuntu3.8\n\nUbuntu 11.04:\n  php5                            5.3.5-1ubuntu7.10\n\nUbuntu 10.04 LTS:\n  php5                            5.3.2-1ubuntu4.17\n\nUbuntu 8.04 LTS:\n  php5                            5.2.4-2ubuntu5.25\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-1481-1\n  CVE-2012-0781, CVE-2012-1172, CVE-2012-2143, CVE-2012-2317,\n  CVE-2012-2335, CVE-2012-2336, CVE-2012-2386\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.2\n  https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.8\n  https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.10\n  https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.17\n  https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.25\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2335"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "PACKETSTORM",
        "id": "112598"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "PACKETSTORM",
        "id": "113885"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-2335",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#520827",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "49014",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002394",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-208",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10658",
        "trust": 0.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#673343",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "53388",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "123310",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116800",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112598",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "122468",
        "trust": 0.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2012/05/09/9",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112597",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "113885",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "122482",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "PACKETSTORM",
        "id": "112598"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "PACKETSTORM",
        "id": "113885"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-208"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2335"
      }
    ]
  },
  "id": "VAR-201205-0311",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.47077376
  },
  "last_update_date": "2024-04-01T20:26:25.186000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SUSE-SU-2012:0840",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.php.net"
      },
      {
        "title": "PHP 5.4.3",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=43186"
      },
      {
        "title": "PHP 5.4.3",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=43185"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-208"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2335"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.kb.cert.org/vuls/id/520827"
      },
      {
        "trust": 2.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862"
      },
      {
        "trust": 2.0,
        "url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
      },
      {
        "trust": 1.7,
        "url": "https://bugs.php.net/bug.php?id=61910"
      },
      {
        "trust": 1.6,
        "url": "http://git.php.net/?p=php-src.git%3ba=blob%3bf=sapi/cgi/cgi_main.c%3bh=a7ac26f0#l1569"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75652"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.php.net/archive/2012.php#id2012-05-06-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/49014"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2335"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu520827/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2335"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2335"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2336"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2311"
      },
      {
        "trust": 0.3,
        "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hmj%2asm..t.a4jy.6o9k.bw89mq%5f%5fdmtsfto0"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/software/lotus/products/foundations/start/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.parallels.com/en/113818"
      },
      {
        "trust": 0.3,
        "url": "kb.parallels.com/en/116241"
      },
      {
        "trust": 0.3,
        "url": "https://community.rapid7.com/thread/5174"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/fulldisclosure/2013/jun/21"
      },
      {
        "trust": 0.3,
        "url": "http://ompldr.org/vzgxxaq"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10658\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100162699"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100165255"
      },
      {
        "trust": 0.3,
        "url": "http://www.h-online.com/security/news/item/critical-open-hole-in-php-creates-risks-update-1567532.html"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/archive/2012.php#id2012-05-03-1"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620314"
      },
      {
        "trust": 0.3,
        "url": "http://www.turbolinux.co.jp/security-e/2012/tlsa-2012-14.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/673343"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2358"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2357"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2362"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2361"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2364"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2363"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2359"
      },
      {
        "trust": 0.3,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2329"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2356"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
      },
      {
        "trust": 0.3,
        "url": "http://h18013.www1.hp.com/products/servers/management/agents/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2355"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2360"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1172"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5217"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0788"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0831"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2143"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4566"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2386"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2336"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4821"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2688"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201209-03.xml"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4566"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2688"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1398"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0789"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1398"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2336"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2335"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0057"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3450"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0830"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1172"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1823"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0788"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2311"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0789"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3365"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2143"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3365"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2386"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1148"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3182"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1938"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0830"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2483"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdva-2012:004"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2202"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:166"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0788"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0807"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1938"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3267"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3268"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:165"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:065"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3182"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3268"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2202"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1657"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0807"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1172"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3267"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1657"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:068-1"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:197"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:180"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5217"
      },
      {
        "trust": 0.1,
        "url": "http://www.openwall.com/lists/oss-security/2012/05/09/9"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-1481-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.10"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0781"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.17"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.25"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2317"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "PACKETSTORM",
        "id": "112598"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "PACKETSTORM",
        "id": "113885"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-208"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2335"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      },
      {
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "PACKETSTORM",
        "id": "112598"
      },
      {
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "PACKETSTORM",
        "id": "113885"
      },
      {
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-208"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2335"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-05-04T00:00:00",
        "db": "BID",
        "id": "53388"
      },
      {
        "date": "2012-05-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      },
      {
        "date": "2013-09-19T22:22:00",
        "db": "PACKETSTORM",
        "id": "123310"
      },
      {
        "date": "2012-09-24T15:02:14",
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "date": "2012-05-10T15:28:01",
        "db": "PACKETSTORM",
        "id": "112598"
      },
      {
        "date": "2013-07-18T18:51:07",
        "db": "PACKETSTORM",
        "id": "122468"
      },
      {
        "date": "2012-05-10T15:26:54",
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "date": "2012-06-20T02:58:04",
        "db": "PACKETSTORM",
        "id": "113885"
      },
      {
        "date": "2013-07-19T19:33:00",
        "db": "PACKETSTORM",
        "id": "122482"
      },
      {
        "date": "2012-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-208"
      },
      {
        "date": "2012-05-11T10:15:48.480000",
        "db": "NVD",
        "id": "CVE-2012-2335"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-13T22:15:00",
        "db": "BID",
        "id": "53388"
      },
      {
        "date": "2012-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      },
      {
        "date": "2023-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-208"
      },
      {
        "date": "2023-02-13T04:33:26.177000",
        "db": "NVD",
        "id": "CVE-2012-2335"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "116800"
      },
      {
        "db": "PACKETSTORM",
        "id": "112597"
      },
      {
        "db": "PACKETSTORM",
        "id": "113885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-208"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  php-wrapper.fcgi Vulnerabilities that bypass protection mechanisms",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002394"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-208"
      }
    ],
    "trust": 0.6
  }
}

var-201309-0194
Vulnerability from variot

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. PHP is prone to multiple arbitrary file-disclosure vulnerabilities because it fails to sanitize user-supplied input. An authenticated attacker can exploit these vulnerabilities to view arbitrary files within the context of the affected application. Other attacks are also possible. Note: These issues are the result of an incomplete fix for the issues described in BID 58766 (PHP 'ext/soap/php_xml.c' Multiple Arbitrary File Disclosure Vulnerabilities). Versions prior to PHP 5.3.22 and 5.4.13 are vulnerable. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-11


                                        http://security.gentoo.org/

Severity: High Title: PHP: Multiple vulnerabilities Date: August 29, 2014 Bugs: #459904, #472204, #472558, #474656, #476570, #481004, #483212, #485252, #492784, #493982, #501312, #503630, #503670, #505172, #505712, #509132, #512288, #512492, #513032, #516994, #519932, #520134, #520438 ID: 201408-11


Synopsis

Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 5.5.16 >= 5.5.16 >= 5.4.32 >= 5.3.29

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.16"

All PHP 5.4 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.32"

All PHP 5.3 users should upgrade to the latest version. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned.

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29"

References

[ 1 ] CVE-2011-4718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718 [ 2 ] CVE-2013-1635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635 [ 3 ] CVE-2013-1643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643 [ 4 ] CVE-2013-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824 [ 5 ] CVE-2013-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110 [ 6 ] CVE-2013-3735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735 [ 7 ] CVE-2013-4113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113 [ 8 ] CVE-2013-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248 [ 9 ] CVE-2013-4635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635 [ 10 ] CVE-2013-4636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636 [ 11 ] CVE-2013-6420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420 [ 12 ] CVE-2013-6712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712 [ 13 ] CVE-2013-7226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226 [ 14 ] CVE-2013-7327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327 [ 15 ] CVE-2013-7345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345 [ 16 ] CVE-2014-0185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185 [ 17 ] CVE-2014-0237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237 [ 18 ] CVE-2014-0238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238 [ 19 ] CVE-2014-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943 [ 20 ] CVE-2014-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270 [ 21 ] CVE-2014-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497 [ 22 ] CVE-2014-3597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597 [ 23 ] CVE-2014-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981 [ 24 ] CVE-2014-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049 [ 25 ] CVE-2014-4670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670 [ 26 ] CVE-2014-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201408-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004

OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses the following:

Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.24. CVE-ID CVE-2012-0883 CVE-2012-2687 CVE-2012-3499 CVE-2012-4558

Bind Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in BIND Description: Multiple vulnerabilities existed in BIND, the most serious of which may lead to a denial of service. These issues were addressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not affect Mac OS X v10.7 systems. CVE-ID CVE-2012-3817 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2013-2266

Certificate Trust Policy Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Root certificates have been updated Description: Several certificates were added to or removed from the list of system roots. The complete list of recognized system roots may be viewed via the Keychain Access application.

ClamAV Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5 Impact: Multiple vulnerabilities in ClamAV Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.97.8. CVE-ID CVE-2013-2020 CVE-2013-2021

CoreGraphics Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team

ImageIO Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team

Installer Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Packages could be opened after certificate revocation Description: When Installer encountered a revoked certificate, it would present a dialog with an option to continue. The issue was addressed by removing the dialog and refusing any revoked package. CVE-ID CVE-2013-1027

IPSec Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: An attacker may intercept data protected with IPSec Hybrid Auth Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by properly checking the certificate. CVE-ID CVE-2013-1028 : Alexander Traud of www.traud.de

Kernel Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: A local network user may cause a denial of service Description: An incorrect check in the IGMP packet parsing code in the kernel allowed a user who could send IGMP packets to the system to cause a kernel panic. The issue was addressed by removing the check. CVE-ID CVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC.

Mobile Device Management Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Passwords may be disclosed to other local users Description: A password was passed on the command-line to mdmclient, which made it visible to other users on the same system. The issue was addressed by communicating the password through a pipe. CVE-ID CVE-2013-1030 : Per Olofsson at the University of Gothenburg

OpenSSL Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to disclosure of user data. These issues were addressed by updating OpenSSL to version 0.9.8y. CVE-ID CVE-2012-2686 CVE-2013-0166 CVE-2013-0169

PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP, the most serious of which may lead to arbitrary code execution. These issues were addressed by updating PHP to version 5.3.26. CVE-ID CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-2110

PostgreSQL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in PostgreSQL Description: Multiple vulnerabilities exist in PostgreSQL, the most serious of which may lead to data corruption or privilege escalation. This update addresses the issues by updating PostgreSQL to version 9.0.13. CVE-ID CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2013-1902 CVE-2013-1903

Power Management Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: The screen saver may not start after the specified time period Description: A power assertion lock issue existed. This issue was addressed through improved lock handling. CVE-ID CVE-2013-1031

QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'idsc' atoms in QuickTime movie files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1032 : Jason Kratzer working with iDefense VCP

Screen Lock Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: A user with screen sharing access may be able to bypass the screen lock when another user is logged in Description: A session management issue existed in the screen lock's handling of screen sharing sessions. This issue was addressed through improved session tracking. CVE-ID CVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq

Note: OS X Mountain Lion v10.8.5 also addresses an issue where certain Unicode strings could cause applications to unexpectedly terminate.

OS X Mountain Lion v10.8.5 and Security Update 2013-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.5, or Security Update 2013-004.

For OS X Mountain Lion v10.8.4 The download file is named: OSXUpd10.8.5.dmg Its SHA-1 digest is: a74ab6d9501778437e7afba0bbed47b776a52b11

For OS X Mountain Lion v10.8 and v10.8.3 The download file is named: OSXUpdCombo10.8.5.dmg Its SHA-1 digest is: cb798ac9b97ceb2d8875af040ce4ff06187d61f2

For OS X Lion v10.7.5 The download file is named: SecUpd2013-004.dmg Its SHA-1 digest is: dbc50fce7070f83b93b866a21b8f5c6e65007fa0

For OS X Lion Server v10.7.5 The download file is named: SecUpdSrvr2013-004.dmg Its SHA-1 digest is: 44a77edbd37732b865bc21a9aac443a3cdc47355

For Mac OS X v10.6.8 The download file is named: SecUpd2013-004.dmg Its SHA-1 digest is: d07d5142a2549270f0d2eaddb262b41bb5c16b61

For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2013-004.dmg Its SHA-1 digest is: 8f9abe93f7f9427cf86b89bd67df948a85537dbc

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJSMiPGAAoJEPefwLHPlZEw9qMP/17D4Q8velZ3H4AumPzHqqB4 QxPcuv8PXzhi55epUm2bzNfXR9A5L9KvzEsmggqxO2/ESO0zfeKgAmXXjCI3z5Qc +WkHgqowjwXU9cbjyDkhwb/ylXml+vCSIv2m9eXXNRTRi0rm9ZLSI/JMSRfLMojQ bZbzQSoSpuGaOeOOWESKCf9zBXFG6DBGo0wg3z8Bkywjtp/7bfddPAFHxIdhjDDN 1IgmhPRnP6NEdNSfR6RwF94M+hyiJ2I2DIDZTIo+6B4Ne90bEYdBiQmSxwKFAyc3 H9VFfB8XmrtA2k4DhE6Ow2jD/Y//QKz6TbyZNSQawXxuPsj43v6/T6BsWdfddGbQ hDGU85e7z7a4gmIPuS3DjMhSEyAixL/B3vKYBaZltH6JBCcPuLvGrU7nAiJa7KGQ 8MToOyv42TSj95drFzysk5fcO0MIUH5xiGlaU+ScEdBSpIpHDfpjeJYPqxHeGFaa V2xCGw1vMYbMoxNzRL0FPPdUxJkyBHvuzZXh6c6fATuQIPCtwejpPrYEo7x7RRpl ytsVLe3V27j7IfWb62nI+mNVfH5m+YgK4SGK5DSq8Nm1Lk0w4HXmTtrhOCogsJ2I yoqeg/XakiSdxZxhSa9/ZZsMB+D1B8siNzCj0+U0k4zYjxEA0GdSu/dYRVT62oIn vBrJ5gm+nnyRe2TUMAwz =h9hc -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201309-0194",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.22"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.4.12"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.8 to  v10.8.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.7.5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.4.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.7.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "62373"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-217"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.8.5",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.22",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.12",
                "versionStartIncluding": "5.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1824"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vendor reported these issues.",
    "sources": [
      {
        "db": "BID",
        "id": "62373"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-1824",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2013-1824",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-61826",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-1824",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201309-217",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-61826",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61826"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-217"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. PHP is prone to multiple arbitrary file-disclosure vulnerabilities because it fails to sanitize user-supplied input. \nAn authenticated attacker can exploit these vulnerabilities to view arbitrary files within the context of the affected application. Other attacks are also possible. \nNote: These issues are the result of an incomplete fix for the issues described in BID 58766 (PHP \u0027ext/soap/php_xml.c\u0027 Multiple Arbitrary File Disclosure Vulnerabilities). \nVersions prior to PHP 5.3.22 and 5.4.13 are vulnerable. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201408-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: PHP: Multiple vulnerabilities\n     Date: August 29, 2014\n     Bugs: #459904, #472204, #472558, #474656, #476570, #481004,\n           #483212, #485252, #492784, #493982, #501312, #503630,\n           #503670, #505172, #505712, #509132, #512288, #512492,\n           #513032, #516994, #519932, #520134, #520438\n       ID: 201408-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in PHP, the worst of\nwhich could lead to remote execution of arbitrary code. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/php                 \u003c 5.5.16                  \u003e= 5.5.16\n                                                           *\u003e= 5.4.32\n                                                           *\u003e= 5.3.29\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker can cause arbitrary code execution, create\na Denial of Service condition, read or write arbitrary files,\nimpersonate other servers, hijack a web session, or have other\nunspecified impact. Additionally, a local attacker could gain escalated\nprivileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.5.16\"\n\nAll PHP 5.4 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.4.32\"\n\nAll PHP 5.3 users should upgrade to the latest version. This release\nmarks the end of life of the PHP 5.3 series. Future releases of this\nseries are not planned. \n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-5.3.29\"\n\nReferences\n==========\n\n[  1 ] CVE-2011-4718\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718\n[  2 ] CVE-2013-1635\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635\n[  3 ] CVE-2013-1643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643\n[  4 ] CVE-2013-1824\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824\n[  5 ] CVE-2013-2110\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110\n[  6 ] CVE-2013-3735\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735\n[  7 ] CVE-2013-4113\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113\n[  8 ] CVE-2013-4248\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248\n[  9 ] CVE-2013-4635\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635\n[ 10 ] CVE-2013-4636\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636\n[ 11 ] CVE-2013-6420\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420\n[ 12 ] CVE-2013-6712\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712\n[ 13 ] CVE-2013-7226\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226\n[ 14 ] CVE-2013-7327\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327\n[ 15 ] CVE-2013-7345\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345\n[ 16 ] CVE-2014-0185\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185\n[ 17 ] CVE-2014-0237\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237\n[ 18 ] CVE-2014-0238\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238\n[ 19 ] CVE-2014-1943\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943\n[ 20 ] CVE-2014-2270\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270\n[ 21 ] CVE-2014-2497\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497\n[ 22 ] CVE-2014-3597\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597\n[ 23 ] CVE-2014-3981\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981\n[ 24 ] CVE-2014-4049\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049\n[ 25 ] CVE-2014-4670\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670\n[ 26 ] CVE-2014-5120\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201408-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update\n2013-004\n\nOS X Mountain Lion v10.8.5 and Security Update 2013-004 is now\navailable and addresses the following:\n\nApache\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact:  Multiple vulnerabilities in Apache\nDescription:  Multiple vulnerabilities existed in Apache, the most\nserious of which may lead to cross-site scripting. These issues were\naddressed by updating Apache to version 2.2.24. \nCVE-ID\nCVE-2012-0883\nCVE-2012-2687\nCVE-2012-3499\nCVE-2012-4558\n\nBind\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact:  Multiple vulnerabilities in BIND\nDescription:  Multiple vulnerabilities existed in BIND, the most\nserious of which may lead to a denial of service. These issues were\naddressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not\naffect Mac OS X v10.7 systems. \nCVE-ID\nCVE-2012-3817\nCVE-2012-4244\nCVE-2012-5166\nCVE-2012-5688\nCVE-2013-2266\n\nCertificate Trust Policy\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact:  Root certificates have been updated\nDescription:  Several certificates were added to or removed from the\nlist of system roots. The complete list of recognized system roots\nmay be viewed via the Keychain Access application. \n\nClamAV\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5\nImpact:  Multiple vulnerabilities in ClamAV\nDescription:  Multiple vulnerabilities exist in ClamAV, the most\nserious of which may lead to arbitrary code execution. This update\naddresses the issues by updating ClamAV to version 0.97.8. \nCVE-ID\nCVE-2013-2020\nCVE-2013-2021\n\nCoreGraphics\nAvailable for:  OS X Mountain Lion v10.8 to v10.8.4\nImpact:  Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of JBIG2\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1025 : Felix Groebert of the Google Security Team\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8 to v10.8.4\nImpact:  Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of JPEG2000\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1026 : Felix Groebert of the Google Security Team\n\nInstaller\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact:  Packages could be opened after certificate revocation\nDescription:  When Installer encountered a revoked certificate, it\nwould present a dialog with an option to continue. The issue was\naddressed by removing the dialog and refusing any revoked package. \nCVE-ID\nCVE-2013-1027\n\nIPSec\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact:  An attacker may intercept data protected with IPSec Hybrid\nAuth\nDescription:  The DNS name of an IPSec Hybrid Auth server was not\nbeing matched against the certificate, allowing an attacker with a\ncertificate for any server to impersonate any other. This issue was\naddressed by properly checking the certificate. \nCVE-ID\nCVE-2013-1028 : Alexander Traud of www.traud.de\n\nKernel\nAvailable for:  OS X Mountain Lion v10.8 to v10.8.4\nImpact:  A local network user may cause a denial of service\nDescription:  An incorrect check in the IGMP packet parsing code in\nthe kernel allowed a user who could send IGMP packets to the system\nto cause a kernel panic. The issue was addressed by removing the\ncheck. \nCVE-ID\nCVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC. \n\nMobile Device Management\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact:  Passwords may be disclosed to other local users\nDescription:  A password was passed on the command-line to mdmclient,\nwhich made it visible to other users on the same system. The issue\nwas addressed by communicating the password through a pipe. \nCVE-ID\nCVE-2013-1030 : Per Olofsson at the University of Gothenburg\n\nOpenSSL\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL, the most\nserious of which may lead to disclosure of user data. These issues\nwere addressed by updating OpenSSL to version 0.9.8y. \nCVE-ID\nCVE-2012-2686\nCVE-2013-0166\nCVE-2013-0169\n\nPHP\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP, the most\nserious of which may lead to arbitrary code execution. These issues\nwere addressed by updating PHP to version 5.3.26. \nCVE-ID\nCVE-2013-1635\nCVE-2013-1643\nCVE-2013-1824\nCVE-2013-2110\n\nPostgreSQL\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact:  Multiple vulnerabilities in PostgreSQL\nDescription:  Multiple vulnerabilities exist in PostgreSQL, the most\nserious of which may lead to data corruption or privilege escalation. \nThis update addresses the issues by updating PostgreSQL to version\n9.0.13. \nCVE-ID\nCVE-2013-1899\nCVE-2013-1900\nCVE-2013-1901\nCVE-2013-1902\nCVE-2013-1903\n\nPower Management\nAvailable for:  OS X Mountain Lion v10.8 to v10.8.4\nImpact:  The screen saver may not start after the specified time\nperiod\nDescription:  A power assertion lock issue existed. This issue was\naddressed through improved lock handling. \nCVE-ID\nCVE-2013-1031\n\nQuickTime\nAvailable for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\n\u0027idsc\u0027 atoms in QuickTime movie files. This issue was addressed\nthrough additional bounds checking. \nCVE-ID\nCVE-2013-1032 : Jason Kratzer working with iDefense VCP\n\nScreen Lock\nAvailable for:  OS X Mountain Lion v10.8 to v10.8.4\nImpact:  A user with screen sharing access may be able to bypass the\nscreen lock when another user is logged in\nDescription:  A session management issue existed in the screen lock\u0027s\nhandling of screen sharing sessions. This issue was addressed through\nimproved session tracking. \nCVE-ID\nCVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq\n\nNote: OS X Mountain Lion v10.8.5 also addresses an issue where\ncertain Unicode strings could cause applications to unexpectedly\nterminate. \n\n\nOS X Mountain Lion v10.8.5 and Security Update 2013-004 may be\nobtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.5, or Security Update\n2013-004. \n\nFor OS X Mountain Lion v10.8.4\nThe download file is named: OSXUpd10.8.5.dmg\nIts SHA-1 digest is: a74ab6d9501778437e7afba0bbed47b776a52b11\n\nFor OS X Mountain Lion v10.8 and v10.8.3\nThe download file is named: OSXUpdCombo10.8.5.dmg\nIts SHA-1 digest is: cb798ac9b97ceb2d8875af040ce4ff06187d61f2\n\nFor OS X Lion v10.7.5\nThe download file is named: SecUpd2013-004.dmg\nIts SHA-1 digest is: dbc50fce7070f83b93b866a21b8f5c6e65007fa0\n\nFor OS X Lion Server v10.7.5\nThe download file is named: SecUpdSrvr2013-004.dmg\nIts SHA-1 digest is: 44a77edbd37732b865bc21a9aac443a3cdc47355\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2013-004.dmg\nIts SHA-1 digest is: d07d5142a2549270f0d2eaddb262b41bb5c16b61\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2013-004.dmg\nIts SHA-1 digest is: 8f9abe93f7f9427cf86b89bd67df948a85537dbc\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJSMiPGAAoJEPefwLHPlZEw9qMP/17D4Q8velZ3H4AumPzHqqB4\nQxPcuv8PXzhi55epUm2bzNfXR9A5L9KvzEsmggqxO2/ESO0zfeKgAmXXjCI3z5Qc\n+WkHgqowjwXU9cbjyDkhwb/ylXml+vCSIv2m9eXXNRTRi0rm9ZLSI/JMSRfLMojQ\nbZbzQSoSpuGaOeOOWESKCf9zBXFG6DBGo0wg3z8Bkywjtp/7bfddPAFHxIdhjDDN\n1IgmhPRnP6NEdNSfR6RwF94M+hyiJ2I2DIDZTIo+6B4Ne90bEYdBiQmSxwKFAyc3\nH9VFfB8XmrtA2k4DhE6Ow2jD/Y//QKz6TbyZNSQawXxuPsj43v6/T6BsWdfddGbQ\nhDGU85e7z7a4gmIPuS3DjMhSEyAixL/B3vKYBaZltH6JBCcPuLvGrU7nAiJa7KGQ\n8MToOyv42TSj95drFzysk5fcO0MIUH5xiGlaU+ScEdBSpIpHDfpjeJYPqxHeGFaa\nV2xCGw1vMYbMoxNzRL0FPPdUxJkyBHvuzZXh6c6fATuQIPCtwejpPrYEo7x7RRpl\nytsVLe3V27j7IfWb62nI+mNVfH5m+YgK4SGK5DSq8Nm1Lk0w4HXmTtrhOCogsJ2I\nyoqeg/XakiSdxZxhSa9/ZZsMB+D1B8siNzCj0+U0k4zYjxEA0GdSu/dYRVT62oIn\nvBrJ5gm+nnyRe2TUMAwz\n=h9hc\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1824"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      },
      {
        "db": "BID",
        "id": "62373"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61826"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "123228"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-1824",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVNVU97033473",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004108",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-217",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "62373",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-61826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128049",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "123228",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61826"
      },
      {
        "db": "BID",
        "id": "62373"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "123228"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-217"
      }
    ]
  },
  "id": "VAR-201309-0194",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61826"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:11:44.374000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2013-09-12-1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00002.html"
      },
      {
        "title": "HT5880",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht5880"
      },
      {
        "title": "HT5880",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht5880?viewlocale=ja_jp"
      },
      {
        "title": "Disabled external entities loading",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=afe98b7829d50806559acac9b530acb8283c3bf4"
      },
      {
        "title": "Proper bit reset code",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=188c196d4da60bdde9190d2fc532650d17f7af2d"
      },
      {
        "title": "Bug 918187",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
      },
      {
        "title": "CVE-2013-1824 in Ubuntu",
        "trust": 0.8,
        "url": "http://people.canonical.com/~ubuntu-security/cve/2013/cve-2013-1824.html"
      },
      {
        "title": "PHP SOAP Fixes for parser information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=91854"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-217"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-611",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61826"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1824"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=188c196d4da60bdde9190d2fc532650d17f7af2d"
      },
      {
        "trust": 1.7,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=afe98b7829d50806559acac9b530acb8283c3bf4"
      },
      {
        "trust": 1.7,
        "url": "http://people.canonical.com/~ubuntu-security/cve/2013/cve-2013-1824.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht5880"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1824"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu97033473/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1824"
      },
      {
        "trust": 0.6,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=188c196d4da60bdde9190d2fc532650d17f7af2d"
      },
      {
        "trust": 0.6,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=afe98b7829d50806559acac9b530acb8283c3bf4"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1635"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1643"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1824"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4635"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4636"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1635"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2110"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2497"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4113"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5120"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2497"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201408-11.xml"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4718"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1824"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7327"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7327"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6420"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6420"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3597"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4636"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7226"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4670"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1643"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6712"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7226"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4718"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5120"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2110"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4113"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4635"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1899"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4558"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3817"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1025"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1029"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://www.traud.de"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2687"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1901"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4244"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1031"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1902"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1033"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1032"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1030"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2686"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1028"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5688"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0166"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61826"
      },
      {
        "db": "BID",
        "id": "62373"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "123228"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-217"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-61826"
      },
      {
        "db": "BID",
        "id": "62373"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      },
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "PACKETSTORM",
        "id": "123228"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-217"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61826"
      },
      {
        "date": "2013-03-20T00:00:00",
        "db": "BID",
        "id": "62373"
      },
      {
        "date": "2013-09-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      },
      {
        "date": "2014-08-29T22:24:02",
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "date": "2013-09-13T19:32:22",
        "db": "PACKETSTORM",
        "id": "123228"
      },
      {
        "date": "2013-09-16T13:02:34.627000",
        "db": "NVD",
        "id": "CVE-2013-1824"
      },
      {
        "date": "2013-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-217"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61826"
      },
      {
        "date": "2014-09-01T00:33:00",
        "db": "BID",
        "id": "62373"
      },
      {
        "date": "2013-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      },
      {
        "date": "2023-02-13T04:41:37.693000",
        "db": "NVD",
        "id": "CVE-2013-1824"
      },
      {
        "date": "2023-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-217"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "128049"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-217"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  SOAP Vulnerability in parser to read arbitrary files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004108"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-217"
      }
    ],
    "trust": 0.6
  }
}

var-201205-0305
Vulnerability from variot

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. ----------------------------------------------------------------------

Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch


TITLE: Ubuntu update for php

SECUNIA ADVISORY ID: SA49097

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49097/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49097

RELEASE DATE: 2012-05-07

DISCUSS ADVISORY: http://secunia.com/advisories/49097/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/49097/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=49097

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Ubuntu has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.

For more information: SA49014

SOLUTION: Apply updated packages.

Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

ORIGINAL ADVISORY: USN-1437-1: http://www.ubuntu.com/usn/usn-1437-1/

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows. HP System Management Homepage v7.1.1 is available here:

HP System Management Homepage for Windows x64

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Windows x86

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (AMD64/EM64T)

[Download here] or enter the following URL into the browser address window.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken

HP System Management Homepage for Linux (x86)

[Download here] or enter the following URL into the browser address window.

Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices.

For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze9.

The testing distribution (wheezy) will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 5.4.3-1.

We recommend that you upgrade your php5 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03368475

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03368475 Version: 1

HPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-06-14 Last Updated: 2012-06-14

Potential Security Impact: Remote execution of arbitrary code, privilege elevation, or Denial of Service (DoS).

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS).

References: CVE-2011-4153, CVE-2012-0830, CVE-2012-0883, CVE-2012-1172, CVE-2012-1823, CVE-2012-2311

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.24 or earlier

BACKGROUND For a PGP signed

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-1172 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com

HP-UX Web Server Suite v.3.24 containing Apache v2.2.15.13 and PHP v5.2.17 HP-UX 11i Release Apache Depot name

B.11.23 (32-bit) HPUXWS22ATW-B324-32

B.11.23 (64-bit) HPUXWS22ATW-B324-64

B.11.31 (32-bit) HPUXWS22ATW-B324-32

B.11.31 (64-bit) HPUXWS22ATW-B324-64

MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.24 or subsequent.

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant. HP-UX Web Server Suite v3.24 AFFECTED VERSIONS

HP-UX B.11.23

hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.13 or subsequent

HP-UX B.11.31

hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2

action: install revision B.2.2.15.13 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 14 June 2012 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Relevant releases/architectures:

RHEL Desktop Workstation (v. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Critical: php security update Advisory ID: RHSA-2012:0568-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0568.html Issue date: 2012-05-10 CVE Names: CVE-2012-1823 =====================================================================

  1. Summary:

Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.

The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.1) - i386, ppc64, s390x, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. (CVE-2012-1823)

Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.

All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

  1. Bugs fixed (http://bugzilla.redhat.com/):

818607 - CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827)

  1. Package List:

Red Hat Enterprise Linux Long Life (v. 5.3 server):

Source: php-5.1.6-23.3.el5_3.src.rpm

i386: php-5.1.6-23.3.el5_3.i386.rpm php-bcmath-5.1.6-23.3.el5_3.i386.rpm php-cli-5.1.6-23.3.el5_3.i386.rpm php-common-5.1.6-23.3.el5_3.i386.rpm php-dba-5.1.6-23.3.el5_3.i386.rpm php-debuginfo-5.1.6-23.3.el5_3.i386.rpm php-devel-5.1.6-23.3.el5_3.i386.rpm php-gd-5.1.6-23.3.el5_3.i386.rpm php-imap-5.1.6-23.3.el5_3.i386.rpm php-ldap-5.1.6-23.3.el5_3.i386.rpm php-mbstring-5.1.6-23.3.el5_3.i386.rpm php-mysql-5.1.6-23.3.el5_3.i386.rpm php-ncurses-5.1.6-23.3.el5_3.i386.rpm php-odbc-5.1.6-23.3.el5_3.i386.rpm php-pdo-5.1.6-23.3.el5_3.i386.rpm php-pgsql-5.1.6-23.3.el5_3.i386.rpm php-snmp-5.1.6-23.3.el5_3.i386.rpm php-soap-5.1.6-23.3.el5_3.i386.rpm php-xml-5.1.6-23.3.el5_3.i386.rpm php-xmlrpc-5.1.6-23.3.el5_3.i386.rpm

ia64: php-5.1.6-23.3.el5_3.ia64.rpm php-bcmath-5.1.6-23.3.el5_3.ia64.rpm php-cli-5.1.6-23.3.el5_3.ia64.rpm php-common-5.1.6-23.3.el5_3.ia64.rpm php-dba-5.1.6-23.3.el5_3.ia64.rpm php-debuginfo-5.1.6-23.3.el5_3.ia64.rpm php-devel-5.1.6-23.3.el5_3.ia64.rpm php-gd-5.1.6-23.3.el5_3.ia64.rpm php-imap-5.1.6-23.3.el5_3.ia64.rpm php-ldap-5.1.6-23.3.el5_3.ia64.rpm php-mbstring-5.1.6-23.3.el5_3.ia64.rpm php-mysql-5.1.6-23.3.el5_3.ia64.rpm php-ncurses-5.1.6-23.3.el5_3.ia64.rpm php-odbc-5.1.6-23.3.el5_3.ia64.rpm php-pdo-5.1.6-23.3.el5_3.ia64.rpm php-pgsql-5.1.6-23.3.el5_3.ia64.rpm php-snmp-5.1.6-23.3.el5_3.ia64.rpm php-soap-5.1.6-23.3.el5_3.ia64.rpm php-xml-5.1.6-23.3.el5_3.ia64.rpm php-xmlrpc-5.1.6-23.3.el5_3.ia64.rpm

x86_64: php-5.1.6-23.3.el5_3.x86_64.rpm php-bcmath-5.1.6-23.3.el5_3.x86_64.rpm php-cli-5.1.6-23.3.el5_3.x86_64.rpm php-common-5.1.6-23.3.el5_3.x86_64.rpm php-dba-5.1.6-23.3.el5_3.x86_64.rpm php-debuginfo-5.1.6-23.3.el5_3.x86_64.rpm php-devel-5.1.6-23.3.el5_3.x86_64.rpm php-gd-5.1.6-23.3.el5_3.x86_64.rpm php-imap-5.1.6-23.3.el5_3.x86_64.rpm php-ldap-5.1.6-23.3.el5_3.x86_64.rpm php-mbstring-5.1.6-23.3.el5_3.x86_64.rpm php-mysql-5.1.6-23.3.el5_3.x86_64.rpm php-ncurses-5.1.6-23.3.el5_3.x86_64.rpm php-odbc-5.1.6-23.3.el5_3.x86_64.rpm php-pdo-5.1.6-23.3.el5_3.x86_64.rpm php-pgsql-5.1.6-23.3.el5_3.x86_64.rpm php-snmp-5.1.6-23.3.el5_3.x86_64.rpm php-soap-5.1.6-23.3.el5_3.x86_64.rpm php-xml-5.1.6-23.3.el5_3.x86_64.rpm php-xmlrpc-5.1.6-23.3.el5_3.x86_64.rpm

Red Hat Enterprise Linux EUS (v. 5.6 server):

Source: php-5.1.6-27.el5_6.4.src.rpm

i386: php-5.1.6-27.el5_6.4.i386.rpm php-bcmath-5.1.6-27.el5_6.4.i386.rpm php-cli-5.1.6-27.el5_6.4.i386.rpm php-common-5.1.6-27.el5_6.4.i386.rpm php-dba-5.1.6-27.el5_6.4.i386.rpm php-debuginfo-5.1.6-27.el5_6.4.i386.rpm php-devel-5.1.6-27.el5_6.4.i386.rpm php-gd-5.1.6-27.el5_6.4.i386.rpm php-imap-5.1.6-27.el5_6.4.i386.rpm php-ldap-5.1.6-27.el5_6.4.i386.rpm php-mbstring-5.1.6-27.el5_6.4.i386.rpm php-mysql-5.1.6-27.el5_6.4.i386.rpm php-ncurses-5.1.6-27.el5_6.4.i386.rpm php-odbc-5.1.6-27.el5_6.4.i386.rpm php-pdo-5.1.6-27.el5_6.4.i386.rpm php-pgsql-5.1.6-27.el5_6.4.i386.rpm php-snmp-5.1.6-27.el5_6.4.i386.rpm php-soap-5.1.6-27.el5_6.4.i386.rpm php-xml-5.1.6-27.el5_6.4.i386.rpm php-xmlrpc-5.1.6-27.el5_6.4.i386.rpm

ia64: php-5.1.6-27.el5_6.4.ia64.rpm php-bcmath-5.1.6-27.el5_6.4.ia64.rpm php-cli-5.1.6-27.el5_6.4.ia64.rpm php-common-5.1.6-27.el5_6.4.ia64.rpm php-dba-5.1.6-27.el5_6.4.ia64.rpm php-debuginfo-5.1.6-27.el5_6.4.ia64.rpm php-devel-5.1.6-27.el5_6.4.ia64.rpm php-gd-5.1.6-27.el5_6.4.ia64.rpm php-imap-5.1.6-27.el5_6.4.ia64.rpm php-ldap-5.1.6-27.el5_6.4.ia64.rpm php-mbstring-5.1.6-27.el5_6.4.ia64.rpm php-mysql-5.1.6-27.el5_6.4.ia64.rpm php-ncurses-5.1.6-27.el5_6.4.ia64.rpm php-odbc-5.1.6-27.el5_6.4.ia64.rpm php-pdo-5.1.6-27.el5_6.4.ia64.rpm php-pgsql-5.1.6-27.el5_6.4.ia64.rpm php-snmp-5.1.6-27.el5_6.4.ia64.rpm php-soap-5.1.6-27.el5_6.4.ia64.rpm php-xml-5.1.6-27.el5_6.4.ia64.rpm php-xmlrpc-5.1.6-27.el5_6.4.ia64.rpm

ppc: php-5.1.6-27.el5_6.4.ppc.rpm php-bcmath-5.1.6-27.el5_6.4.ppc.rpm php-cli-5.1.6-27.el5_6.4.ppc.rpm php-common-5.1.6-27.el5_6.4.ppc.rpm php-dba-5.1.6-27.el5_6.4.ppc.rpm php-debuginfo-5.1.6-27.el5_6.4.ppc.rpm php-devel-5.1.6-27.el5_6.4.ppc.rpm php-gd-5.1.6-27.el5_6.4.ppc.rpm php-imap-5.1.6-27.el5_6.4.ppc.rpm php-ldap-5.1.6-27.el5_6.4.ppc.rpm php-mbstring-5.1.6-27.el5_6.4.ppc.rpm php-mysql-5.1.6-27.el5_6.4.ppc.rpm php-ncurses-5.1.6-27.el5_6.4.ppc.rpm php-odbc-5.1.6-27.el5_6.4.ppc.rpm php-pdo-5.1.6-27.el5_6.4.ppc.rpm php-pgsql-5.1.6-27.el5_6.4.ppc.rpm php-snmp-5.1.6-27.el5_6.4.ppc.rpm php-soap-5.1.6-27.el5_6.4.ppc.rpm php-xml-5.1.6-27.el5_6.4.ppc.rpm php-xmlrpc-5.1.6-27.el5_6.4.ppc.rpm

s390x: php-5.1.6-27.el5_6.4.s390x.rpm php-bcmath-5.1.6-27.el5_6.4.s390x.rpm php-cli-5.1.6-27.el5_6.4.s390x.rpm php-common-5.1.6-27.el5_6.4.s390x.rpm php-dba-5.1.6-27.el5_6.4.s390x.rpm php-debuginfo-5.1.6-27.el5_6.4.s390x.rpm php-devel-5.1.6-27.el5_6.4.s390x.rpm php-gd-5.1.6-27.el5_6.4.s390x.rpm php-imap-5.1.6-27.el5_6.4.s390x.rpm php-ldap-5.1.6-27.el5_6.4.s390x.rpm php-mbstring-5.1.6-27.el5_6.4.s390x.rpm php-mysql-5.1.6-27.el5_6.4.s390x.rpm php-ncurses-5.1.6-27.el5_6.4.s390x.rpm php-odbc-5.1.6-27.el5_6.4.s390x.rpm php-pdo-5.1.6-27.el5_6.4.s390x.rpm php-pgsql-5.1.6-27.el5_6.4.s390x.rpm php-snmp-5.1.6-27.el5_6.4.s390x.rpm php-soap-5.1.6-27.el5_6.4.s390x.rpm php-xml-5.1.6-27.el5_6.4.s390x.rpm php-xmlrpc-5.1.6-27.el5_6.4.s390x.rpm

x86_64: php-5.1.6-27.el5_6.4.x86_64.rpm php-bcmath-5.1.6-27.el5_6.4.x86_64.rpm php-cli-5.1.6-27.el5_6.4.x86_64.rpm php-common-5.1.6-27.el5_6.4.x86_64.rpm php-dba-5.1.6-27.el5_6.4.x86_64.rpm php-debuginfo-5.1.6-27.el5_6.4.x86_64.rpm php-devel-5.1.6-27.el5_6.4.x86_64.rpm php-gd-5.1.6-27.el5_6.4.x86_64.rpm php-imap-5.1.6-27.el5_6.4.x86_64.rpm php-ldap-5.1.6-27.el5_6.4.x86_64.rpm php-mbstring-5.1.6-27.el5_6.4.x86_64.rpm php-mysql-5.1.6-27.el5_6.4.x86_64.rpm php-ncurses-5.1.6-27.el5_6.4.x86_64.rpm php-odbc-5.1.6-27.el5_6.4.x86_64.rpm php-pdo-5.1.6-27.el5_6.4.x86_64.rpm php-pgsql-5.1.6-27.el5_6.4.x86_64.rpm php-snmp-5.1.6-27.el5_6.4.x86_64.rpm php-soap-5.1.6-27.el5_6.4.x86_64.rpm php-xml-5.1.6-27.el5_6.4.x86_64.rpm php-xmlrpc-5.1.6-27.el5_6.4.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.0):

Source: php-5.3.2-6.el6_0.2.src.rpm

i386: php-5.3.2-6.el6_0.2.i686.rpm php-cli-5.3.2-6.el6_0.2.i686.rpm php-common-5.3.2-6.el6_0.2.i686.rpm php-debuginfo-5.3.2-6.el6_0.2.i686.rpm php-gd-5.3.2-6.el6_0.2.i686.rpm php-ldap-5.3.2-6.el6_0.2.i686.rpm php-mysql-5.3.2-6.el6_0.2.i686.rpm php-odbc-5.3.2-6.el6_0.2.i686.rpm php-pdo-5.3.2-6.el6_0.2.i686.rpm php-pgsql-5.3.2-6.el6_0.2.i686.rpm php-soap-5.3.2-6.el6_0.2.i686.rpm php-xml-5.3.2-6.el6_0.2.i686.rpm php-xmlrpc-5.3.2-6.el6_0.2.i686.rpm

ppc64: php-5.3.2-6.el6_0.2.ppc64.rpm php-cli-5.3.2-6.el6_0.2.ppc64.rpm php-common-5.3.2-6.el6_0.2.ppc64.rpm php-debuginfo-5.3.2-6.el6_0.2.ppc64.rpm php-gd-5.3.2-6.el6_0.2.ppc64.rpm php-ldap-5.3.2-6.el6_0.2.ppc64.rpm php-mysql-5.3.2-6.el6_0.2.ppc64.rpm php-odbc-5.3.2-6.el6_0.2.ppc64.rpm php-pdo-5.3.2-6.el6_0.2.ppc64.rpm php-pgsql-5.3.2-6.el6_0.2.ppc64.rpm php-soap-5.3.2-6.el6_0.2.ppc64.rpm php-xml-5.3.2-6.el6_0.2.ppc64.rpm php-xmlrpc-5.3.2-6.el6_0.2.ppc64.rpm

s390x: php-5.3.2-6.el6_0.2.s390x.rpm php-cli-5.3.2-6.el6_0.2.s390x.rpm php-common-5.3.2-6.el6_0.2.s390x.rpm php-debuginfo-5.3.2-6.el6_0.2.s390x.rpm php-gd-5.3.2-6.el6_0.2.s390x.rpm php-ldap-5.3.2-6.el6_0.2.s390x.rpm php-mysql-5.3.2-6.el6_0.2.s390x.rpm php-odbc-5.3.2-6.el6_0.2.s390x.rpm php-pdo-5.3.2-6.el6_0.2.s390x.rpm php-pgsql-5.3.2-6.el6_0.2.s390x.rpm php-soap-5.3.2-6.el6_0.2.s390x.rpm php-xml-5.3.2-6.el6_0.2.s390x.rpm php-xmlrpc-5.3.2-6.el6_0.2.s390x.rpm

x86_64: php-5.3.2-6.el6_0.2.x86_64.rpm php-cli-5.3.2-6.el6_0.2.x86_64.rpm php-common-5.3.2-6.el6_0.2.x86_64.rpm php-debuginfo-5.3.2-6.el6_0.2.x86_64.rpm php-gd-5.3.2-6.el6_0.2.x86_64.rpm php-ldap-5.3.2-6.el6_0.2.x86_64.rpm php-mysql-5.3.2-6.el6_0.2.x86_64.rpm php-odbc-5.3.2-6.el6_0.2.x86_64.rpm php-pdo-5.3.2-6.el6_0.2.x86_64.rpm php-pgsql-5.3.2-6.el6_0.2.x86_64.rpm php-soap-5.3.2-6.el6_0.2.x86_64.rpm php-xml-5.3.2-6.el6_0.2.x86_64.rpm php-xmlrpc-5.3.2-6.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.1):

Source: php-5.3.3-3.el6_1.4.src.rpm

i386: php-5.3.3-3.el6_1.4.i686.rpm php-cli-5.3.3-3.el6_1.4.i686.rpm php-common-5.3.3-3.el6_1.4.i686.rpm php-debuginfo-5.3.3-3.el6_1.4.i686.rpm php-gd-5.3.3-3.el6_1.4.i686.rpm php-ldap-5.3.3-3.el6_1.4.i686.rpm php-mysql-5.3.3-3.el6_1.4.i686.rpm php-odbc-5.3.3-3.el6_1.4.i686.rpm php-pdo-5.3.3-3.el6_1.4.i686.rpm php-pgsql-5.3.3-3.el6_1.4.i686.rpm php-soap-5.3.3-3.el6_1.4.i686.rpm php-xml-5.3.3-3.el6_1.4.i686.rpm php-xmlrpc-5.3.3-3.el6_1.4.i686.rpm

ppc64: php-5.3.3-3.el6_1.4.ppc64.rpm php-cli-5.3.3-3.el6_1.4.ppc64.rpm php-common-5.3.3-3.el6_1.4.ppc64.rpm php-debuginfo-5.3.3-3.el6_1.4.ppc64.rpm php-gd-5.3.3-3.el6_1.4.ppc64.rpm php-ldap-5.3.3-3.el6_1.4.ppc64.rpm php-mysql-5.3.3-3.el6_1.4.ppc64.rpm php-odbc-5.3.3-3.el6_1.4.ppc64.rpm php-pdo-5.3.3-3.el6_1.4.ppc64.rpm php-pgsql-5.3.3-3.el6_1.4.ppc64.rpm php-soap-5.3.3-3.el6_1.4.ppc64.rpm php-xml-5.3.3-3.el6_1.4.ppc64.rpm php-xmlrpc-5.3.3-3.el6_1.4.ppc64.rpm

s390x: php-5.3.3-3.el6_1.4.s390x.rpm php-cli-5.3.3-3.el6_1.4.s390x.rpm php-common-5.3.3-3.el6_1.4.s390x.rpm php-debuginfo-5.3.3-3.el6_1.4.s390x.rpm php-gd-5.3.3-3.el6_1.4.s390x.rpm php-ldap-5.3.3-3.el6_1.4.s390x.rpm php-mysql-5.3.3-3.el6_1.4.s390x.rpm php-odbc-5.3.3-3.el6_1.4.s390x.rpm php-pdo-5.3.3-3.el6_1.4.s390x.rpm php-pgsql-5.3.3-3.el6_1.4.s390x.rpm php-soap-5.3.3-3.el6_1.4.s390x.rpm php-xml-5.3.3-3.el6_1.4.s390x.rpm php-xmlrpc-5.3.3-3.el6_1.4.s390x.rpm

x86_64: php-5.3.3-3.el6_1.4.x86_64.rpm php-cli-5.3.3-3.el6_1.4.x86_64.rpm php-common-5.3.3-3.el6_1.4.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.4.x86_64.rpm php-gd-5.3.3-3.el6_1.4.x86_64.rpm php-ldap-5.3.3-3.el6_1.4.x86_64.rpm php-mysql-5.3.3-3.el6_1.4.x86_64.rpm php-odbc-5.3.3-3.el6_1.4.x86_64.rpm php-pdo-5.3.3-3.el6_1.4.x86_64.rpm php-pgsql-5.3.3-3.el6_1.4.x86_64.rpm php-soap-5.3.3-3.el6_1.4.x86_64.rpm php-xml-5.3.3-3.el6_1.4.x86_64.rpm php-xmlrpc-5.3.3-3.el6_1.4.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.0):

Source: php-5.3.2-6.el6_0.2.src.rpm

i386: php-bcmath-5.3.2-6.el6_0.2.i686.rpm php-dba-5.3.2-6.el6_0.2.i686.rpm php-debuginfo-5.3.2-6.el6_0.2.i686.rpm php-devel-5.3.2-6.el6_0.2.i686.rpm php-embedded-5.3.2-6.el6_0.2.i686.rpm php-enchant-5.3.2-6.el6_0.2.i686.rpm php-imap-5.3.2-6.el6_0.2.i686.rpm php-intl-5.3.2-6.el6_0.2.i686.rpm php-mbstring-5.3.2-6.el6_0.2.i686.rpm php-process-5.3.2-6.el6_0.2.i686.rpm php-pspell-5.3.2-6.el6_0.2.i686.rpm php-recode-5.3.2-6.el6_0.2.i686.rpm php-snmp-5.3.2-6.el6_0.2.i686.rpm php-tidy-5.3.2-6.el6_0.2.i686.rpm php-zts-5.3.2-6.el6_0.2.i686.rpm

ppc64: php-bcmath-5.3.2-6.el6_0.2.ppc64.rpm php-dba-5.3.2-6.el6_0.2.ppc64.rpm php-debuginfo-5.3.2-6.el6_0.2.ppc64.rpm php-devel-5.3.2-6.el6_0.2.ppc64.rpm php-embedded-5.3.2-6.el6_0.2.ppc64.rpm php-enchant-5.3.2-6.el6_0.2.ppc64.rpm php-imap-5.3.2-6.el6_0.2.ppc64.rpm php-intl-5.3.2-6.el6_0.2.ppc64.rpm php-mbstring-5.3.2-6.el6_0.2.ppc64.rpm php-process-5.3.2-6.el6_0.2.ppc64.rpm php-pspell-5.3.2-6.el6_0.2.ppc64.rpm php-recode-5.3.2-6.el6_0.2.ppc64.rpm php-snmp-5.3.2-6.el6_0.2.ppc64.rpm php-tidy-5.3.2-6.el6_0.2.ppc64.rpm php-zts-5.3.2-6.el6_0.2.ppc64.rpm

s390x: php-bcmath-5.3.2-6.el6_0.2.s390x.rpm php-dba-5.3.2-6.el6_0.2.s390x.rpm php-debuginfo-5.3.2-6.el6_0.2.s390x.rpm php-devel-5.3.2-6.el6_0.2.s390x.rpm php-embedded-5.3.2-6.el6_0.2.s390x.rpm php-enchant-5.3.2-6.el6_0.2.s390x.rpm php-imap-5.3.2-6.el6_0.2.s390x.rpm php-intl-5.3.2-6.el6_0.2.s390x.rpm php-mbstring-5.3.2-6.el6_0.2.s390x.rpm php-process-5.3.2-6.el6_0.2.s390x.rpm php-pspell-5.3.2-6.el6_0.2.s390x.rpm php-recode-5.3.2-6.el6_0.2.s390x.rpm php-snmp-5.3.2-6.el6_0.2.s390x.rpm php-tidy-5.3.2-6.el6_0.2.s390x.rpm php-zts-5.3.2-6.el6_0.2.s390x.rpm

x86_64: php-bcmath-5.3.2-6.el6_0.2.x86_64.rpm php-dba-5.3.2-6.el6_0.2.x86_64.rpm php-debuginfo-5.3.2-6.el6_0.2.x86_64.rpm php-devel-5.3.2-6.el6_0.2.x86_64.rpm php-embedded-5.3.2-6.el6_0.2.x86_64.rpm php-enchant-5.3.2-6.el6_0.2.x86_64.rpm php-imap-5.3.2-6.el6_0.2.x86_64.rpm php-intl-5.3.2-6.el6_0.2.x86_64.rpm php-mbstring-5.3.2-6.el6_0.2.x86_64.rpm php-process-5.3.2-6.el6_0.2.x86_64.rpm php-pspell-5.3.2-6.el6_0.2.x86_64.rpm php-recode-5.3.2-6.el6_0.2.x86_64.rpm php-snmp-5.3.2-6.el6_0.2.x86_64.rpm php-tidy-5.3.2-6.el6_0.2.x86_64.rpm php-zts-5.3.2-6.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.1):

Source: php-5.3.3-3.el6_1.4.src.rpm

i386: php-bcmath-5.3.3-3.el6_1.4.i686.rpm php-dba-5.3.3-3.el6_1.4.i686.rpm php-debuginfo-5.3.3-3.el6_1.4.i686.rpm php-devel-5.3.3-3.el6_1.4.i686.rpm php-embedded-5.3.3-3.el6_1.4.i686.rpm php-enchant-5.3.3-3.el6_1.4.i686.rpm php-imap-5.3.3-3.el6_1.4.i686.rpm php-intl-5.3.3-3.el6_1.4.i686.rpm php-mbstring-5.3.3-3.el6_1.4.i686.rpm php-process-5.3.3-3.el6_1.4.i686.rpm php-pspell-5.3.3-3.el6_1.4.i686.rpm php-recode-5.3.3-3.el6_1.4.i686.rpm php-snmp-5.3.3-3.el6_1.4.i686.rpm php-tidy-5.3.3-3.el6_1.4.i686.rpm php-zts-5.3.3-3.el6_1.4.i686.rpm

ppc64: php-bcmath-5.3.3-3.el6_1.4.ppc64.rpm php-dba-5.3.3-3.el6_1.4.ppc64.rpm php-debuginfo-5.3.3-3.el6_1.4.ppc64.rpm php-devel-5.3.3-3.el6_1.4.ppc64.rpm php-embedded-5.3.3-3.el6_1.4.ppc64.rpm php-enchant-5.3.3-3.el6_1.4.ppc64.rpm php-imap-5.3.3-3.el6_1.4.ppc64.rpm php-intl-5.3.3-3.el6_1.4.ppc64.rpm php-mbstring-5.3.3-3.el6_1.4.ppc64.rpm php-process-5.3.3-3.el6_1.4.ppc64.rpm php-pspell-5.3.3-3.el6_1.4.ppc64.rpm php-recode-5.3.3-3.el6_1.4.ppc64.rpm php-snmp-5.3.3-3.el6_1.4.ppc64.rpm php-tidy-5.3.3-3.el6_1.4.ppc64.rpm php-zts-5.3.3-3.el6_1.4.ppc64.rpm

s390x: php-bcmath-5.3.3-3.el6_1.4.s390x.rpm php-dba-5.3.3-3.el6_1.4.s390x.rpm php-debuginfo-5.3.3-3.el6_1.4.s390x.rpm php-devel-5.3.3-3.el6_1.4.s390x.rpm php-embedded-5.3.3-3.el6_1.4.s390x.rpm php-enchant-5.3.3-3.el6_1.4.s390x.rpm php-imap-5.3.3-3.el6_1.4.s390x.rpm php-intl-5.3.3-3.el6_1.4.s390x.rpm php-mbstring-5.3.3-3.el6_1.4.s390x.rpm php-process-5.3.3-3.el6_1.4.s390x.rpm php-pspell-5.3.3-3.el6_1.4.s390x.rpm php-recode-5.3.3-3.el6_1.4.s390x.rpm php-snmp-5.3.3-3.el6_1.4.s390x.rpm php-tidy-5.3.3-3.el6_1.4.s390x.rpm php-zts-5.3.3-3.el6_1.4.s390x.rpm

x86_64: php-bcmath-5.3.3-3.el6_1.4.x86_64.rpm php-dba-5.3.3-3.el6_1.4.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.4.x86_64.rpm php-devel-5.3.3-3.el6_1.4.x86_64.rpm php-embedded-5.3.3-3.el6_1.4.x86_64.rpm php-enchant-5.3.3-3.el6_1.4.x86_64.rpm php-imap-5.3.3-3.el6_1.4.x86_64.rpm php-intl-5.3.3-3.el6_1.4.x86_64.rpm php-mbstring-5.3.3-3.el6_1.4.x86_64.rpm php-process-5.3.3-3.el6_1.4.x86_64.rpm php-pspell-5.3.3-3.el6_1.4.x86_64.rpm php-recode-5.3.3-3.el6_1.4.x86_64.rpm php-snmp-5.3.3-3.el6_1.4.x86_64.rpm php-tidy-5.3.3-3.el6_1.4.x86_64.rpm php-zts-5.3.3-3.el6_1.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2012-1823.html https://access.redhat.com/security/updates/classification/#critical

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPq+BrXlSAg2UNWIIRAlkPAJ99QQuun9ljsbFTsnMoLAbItDTJUQCggigr NQJBwTDuCJX2FNa8cSIcWCY= =s0aa -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Content-Disposition: inline

==========================================================================Ubuntu Security Notice USN-1437-1 May 04, 2012

php5 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04 LTS
  • Ubuntu 8.04 LTS

Summary:

Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable. Please see http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2311.html for more details and potential mitigation approaches.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS: php5-cgi 5.3.10-1ubuntu3.1

Ubuntu 11.10: php5-cgi 5.3.6-13ubuntu3.7

Ubuntu 11.04: php5-cgi 5.3.5-1ubuntu7.8

Ubuntu 10.04 LTS: php5-cgi 5.3.2-1ubuntu4.15

Ubuntu 8.04 LTS: php5-cgi 5.2.4-2ubuntu5.24

In general, a standard system update will make all the necessary changes

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201205-0305",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "b.11.23"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.7.5"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.8"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.6"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "b.11.31"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.1"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.0"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "gluster storage server for on-premise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.6"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.1"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "application stack",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.2"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.3"
      },
      {
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "storage for public cloud",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "39"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "40"
      },
      {
        "model": "storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "version 5.3.12 earlier"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "version 5.4.2 earlier"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.7 to  v10.7.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.8 and  v10.8.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.7 to  v10.7.4"
      },
      {
        "model": "garoon",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybozu",
        "version": "3.1.0 to  3.1.3"
      },
      {
        "model": "garoon",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybozu",
        "version": "3.5.0 to  3.5.1"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.5.4"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "linux enterprise sdk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "enterprise linux server eus 6.1.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux long life server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.3"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "3.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "voice portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.6"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "linux enterprise sdk sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.3"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ctpview 7.0r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "lotus foundations start 1.2.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "enterprise linux eus 5.6.z server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "linux enterprise server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "lotus foundations start 1.2.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "voice portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "linux enterprise server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux enterprise sdk sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux server optional eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "110"
      },
      {
        "model": "voice portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2011"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "11.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "linux enterprise server for vmware sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "linux enterprise server for vmware sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "3.0x64"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2008"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "8.6"
      },
      {
        "model": "plesk panel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "9.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "lotus foundations start",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "11x64"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "enterprise linux server optional eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.13"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1823"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-1823"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "De Eindbazen",
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-1823",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2012-1823",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-1823",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-1823",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "VULMON",
            "id": "CVE-2012-1823",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-1823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1823"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the \u0027d\u0027 case. PHP is prone to an information-disclosure vulnerability. \nExploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nUbuntu update for php\n\nSECUNIA ADVISORY ID:\nSA49097\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49097/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49097\n\nRELEASE DATE:\n2012-05-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49097/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49097/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49097\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nUbuntu has issued an update for php. This fixes a vulnerability,\nwhich can be exploited by malicious people to disclose certain\nsensitive information or compromise a vulnerable system. \n\nFor more information:\nSA49014\n\nSOLUTION:\nApply updated packages. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nORIGINAL ADVISORY:\nUSN-1437-1:\nhttp://www.ubuntu.com/usn/usn-1437-1/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. \n\nAdditionally, this update fixes insufficient validation of upload\nname which lead to corrupted $_FILES indices. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze9. \n\nThe testing distribution (wheezy) will be fixed soon. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.4.3-1. \n\nWe recommend that you upgrade your php5 packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03368475\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03368475\nVersion: 1\n\nHPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote\nExecution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-06-14\nLast Updated: 2012-06-14\n\nPotential Security Impact: Remote execution of arbitrary code, privilege\nelevation, or Denial of Service (DoS). \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache Web\nServer running PHP. These vulnerabilities could be exploited remotely to\nexecute arbitrary code, elevate privileges, or create a Denial of Service\n(DoS). \n\nReferences: CVE-2011-4153, CVE-2012-0830, CVE-2012-0883, CVE-2012-1172,\nCVE-2012-1823, CVE-2012-2311\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.24 or earlier\n\nBACKGROUND\nFor a PGP signed\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-4153    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-0830    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-0883    (AV:L/AC:M/Au:N/C:C/I:C/A:C)       6.9\nCVE-2012-1172    (AV:N/AC:M/Au:N/C:N/I:P/A:P)       5.8\nCVE-2012-1823    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2012-2311    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the\nvulnerabilities. \nThe updates are available for download from http://software.hp.com\n\nHP-UX Web Server Suite v.3.24 containing Apache v2.2.15.13 and PHP v5.2.17\nHP-UX 11i Release\n Apache Depot name\n\nB.11.23 (32-bit)\n HPUXWS22ATW-B324-32\n\nB.11.23 (64-bit)\n HPUXWS22ATW-B324-64\n\nB.11.31 (32-bit)\n HPUXWS22ATW-B324-32\n\nB.11.31 (64-bit)\n HPUXWS22ATW-B324-64\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.24 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \nHP-UX Web Server Suite v3.24\nAFFECTED VERSIONS\n\nHP-UX B.11.23\n==============\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.15.13 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\n\naction: install revision B.2.2.15.13 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 14 June 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: php security update\nAdvisory ID:       RHSA-2012:0568-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0568.html\nIssue date:        2012-05-10\nCVE Names:         CVE-2012-1823 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6,\n6.0 and 6.1 Extended Update Support. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.0) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.1) - i386, ppc64, s390x, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the php-cgi executable processed command line\narguments when running in CGI mode. This\ncould lead to the disclosure of the script\u0027s source code or arbitrary code\nexecution with the privileges of the PHP interpreter. (CVE-2012-1823)\n\nRed Hat is aware that a public exploit for this issue is available that\nallows remote code execution in affected PHP CGI configurations. This flaw\ndoes not affect the default configuration in Red Hat Enterprise Linux 5 and\n6 using the PHP module for Apache httpd to handle PHP scripts. \n\nAll php users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n818607 - CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827)\n\n6. Package List:\n\nRed Hat Enterprise Linux Long Life (v. 5.3 server):\n\nSource:\nphp-5.1.6-23.3.el5_3.src.rpm\n\ni386:\nphp-5.1.6-23.3.el5_3.i386.rpm\nphp-bcmath-5.1.6-23.3.el5_3.i386.rpm\nphp-cli-5.1.6-23.3.el5_3.i386.rpm\nphp-common-5.1.6-23.3.el5_3.i386.rpm\nphp-dba-5.1.6-23.3.el5_3.i386.rpm\nphp-debuginfo-5.1.6-23.3.el5_3.i386.rpm\nphp-devel-5.1.6-23.3.el5_3.i386.rpm\nphp-gd-5.1.6-23.3.el5_3.i386.rpm\nphp-imap-5.1.6-23.3.el5_3.i386.rpm\nphp-ldap-5.1.6-23.3.el5_3.i386.rpm\nphp-mbstring-5.1.6-23.3.el5_3.i386.rpm\nphp-mysql-5.1.6-23.3.el5_3.i386.rpm\nphp-ncurses-5.1.6-23.3.el5_3.i386.rpm\nphp-odbc-5.1.6-23.3.el5_3.i386.rpm\nphp-pdo-5.1.6-23.3.el5_3.i386.rpm\nphp-pgsql-5.1.6-23.3.el5_3.i386.rpm\nphp-snmp-5.1.6-23.3.el5_3.i386.rpm\nphp-soap-5.1.6-23.3.el5_3.i386.rpm\nphp-xml-5.1.6-23.3.el5_3.i386.rpm\nphp-xmlrpc-5.1.6-23.3.el5_3.i386.rpm\n\nia64:\nphp-5.1.6-23.3.el5_3.ia64.rpm\nphp-bcmath-5.1.6-23.3.el5_3.ia64.rpm\nphp-cli-5.1.6-23.3.el5_3.ia64.rpm\nphp-common-5.1.6-23.3.el5_3.ia64.rpm\nphp-dba-5.1.6-23.3.el5_3.ia64.rpm\nphp-debuginfo-5.1.6-23.3.el5_3.ia64.rpm\nphp-devel-5.1.6-23.3.el5_3.ia64.rpm\nphp-gd-5.1.6-23.3.el5_3.ia64.rpm\nphp-imap-5.1.6-23.3.el5_3.ia64.rpm\nphp-ldap-5.1.6-23.3.el5_3.ia64.rpm\nphp-mbstring-5.1.6-23.3.el5_3.ia64.rpm\nphp-mysql-5.1.6-23.3.el5_3.ia64.rpm\nphp-ncurses-5.1.6-23.3.el5_3.ia64.rpm\nphp-odbc-5.1.6-23.3.el5_3.ia64.rpm\nphp-pdo-5.1.6-23.3.el5_3.ia64.rpm\nphp-pgsql-5.1.6-23.3.el5_3.ia64.rpm\nphp-snmp-5.1.6-23.3.el5_3.ia64.rpm\nphp-soap-5.1.6-23.3.el5_3.ia64.rpm\nphp-xml-5.1.6-23.3.el5_3.ia64.rpm\nphp-xmlrpc-5.1.6-23.3.el5_3.ia64.rpm\n\nx86_64:\nphp-5.1.6-23.3.el5_3.x86_64.rpm\nphp-bcmath-5.1.6-23.3.el5_3.x86_64.rpm\nphp-cli-5.1.6-23.3.el5_3.x86_64.rpm\nphp-common-5.1.6-23.3.el5_3.x86_64.rpm\nphp-dba-5.1.6-23.3.el5_3.x86_64.rpm\nphp-debuginfo-5.1.6-23.3.el5_3.x86_64.rpm\nphp-devel-5.1.6-23.3.el5_3.x86_64.rpm\nphp-gd-5.1.6-23.3.el5_3.x86_64.rpm\nphp-imap-5.1.6-23.3.el5_3.x86_64.rpm\nphp-ldap-5.1.6-23.3.el5_3.x86_64.rpm\nphp-mbstring-5.1.6-23.3.el5_3.x86_64.rpm\nphp-mysql-5.1.6-23.3.el5_3.x86_64.rpm\nphp-ncurses-5.1.6-23.3.el5_3.x86_64.rpm\nphp-odbc-5.1.6-23.3.el5_3.x86_64.rpm\nphp-pdo-5.1.6-23.3.el5_3.x86_64.rpm\nphp-pgsql-5.1.6-23.3.el5_3.x86_64.rpm\nphp-snmp-5.1.6-23.3.el5_3.x86_64.rpm\nphp-soap-5.1.6-23.3.el5_3.x86_64.rpm\nphp-xml-5.1.6-23.3.el5_3.x86_64.rpm\nphp-xmlrpc-5.1.6-23.3.el5_3.x86_64.rpm\n\nRed Hat Enterprise Linux EUS (v. 5.6 server):\n\nSource:\nphp-5.1.6-27.el5_6.4.src.rpm\n\ni386:\nphp-5.1.6-27.el5_6.4.i386.rpm\nphp-bcmath-5.1.6-27.el5_6.4.i386.rpm\nphp-cli-5.1.6-27.el5_6.4.i386.rpm\nphp-common-5.1.6-27.el5_6.4.i386.rpm\nphp-dba-5.1.6-27.el5_6.4.i386.rpm\nphp-debuginfo-5.1.6-27.el5_6.4.i386.rpm\nphp-devel-5.1.6-27.el5_6.4.i386.rpm\nphp-gd-5.1.6-27.el5_6.4.i386.rpm\nphp-imap-5.1.6-27.el5_6.4.i386.rpm\nphp-ldap-5.1.6-27.el5_6.4.i386.rpm\nphp-mbstring-5.1.6-27.el5_6.4.i386.rpm\nphp-mysql-5.1.6-27.el5_6.4.i386.rpm\nphp-ncurses-5.1.6-27.el5_6.4.i386.rpm\nphp-odbc-5.1.6-27.el5_6.4.i386.rpm\nphp-pdo-5.1.6-27.el5_6.4.i386.rpm\nphp-pgsql-5.1.6-27.el5_6.4.i386.rpm\nphp-snmp-5.1.6-27.el5_6.4.i386.rpm\nphp-soap-5.1.6-27.el5_6.4.i386.rpm\nphp-xml-5.1.6-27.el5_6.4.i386.rpm\nphp-xmlrpc-5.1.6-27.el5_6.4.i386.rpm\n\nia64:\nphp-5.1.6-27.el5_6.4.ia64.rpm\nphp-bcmath-5.1.6-27.el5_6.4.ia64.rpm\nphp-cli-5.1.6-27.el5_6.4.ia64.rpm\nphp-common-5.1.6-27.el5_6.4.ia64.rpm\nphp-dba-5.1.6-27.el5_6.4.ia64.rpm\nphp-debuginfo-5.1.6-27.el5_6.4.ia64.rpm\nphp-devel-5.1.6-27.el5_6.4.ia64.rpm\nphp-gd-5.1.6-27.el5_6.4.ia64.rpm\nphp-imap-5.1.6-27.el5_6.4.ia64.rpm\nphp-ldap-5.1.6-27.el5_6.4.ia64.rpm\nphp-mbstring-5.1.6-27.el5_6.4.ia64.rpm\nphp-mysql-5.1.6-27.el5_6.4.ia64.rpm\nphp-ncurses-5.1.6-27.el5_6.4.ia64.rpm\nphp-odbc-5.1.6-27.el5_6.4.ia64.rpm\nphp-pdo-5.1.6-27.el5_6.4.ia64.rpm\nphp-pgsql-5.1.6-27.el5_6.4.ia64.rpm\nphp-snmp-5.1.6-27.el5_6.4.ia64.rpm\nphp-soap-5.1.6-27.el5_6.4.ia64.rpm\nphp-xml-5.1.6-27.el5_6.4.ia64.rpm\nphp-xmlrpc-5.1.6-27.el5_6.4.ia64.rpm\n\nppc:\nphp-5.1.6-27.el5_6.4.ppc.rpm\nphp-bcmath-5.1.6-27.el5_6.4.ppc.rpm\nphp-cli-5.1.6-27.el5_6.4.ppc.rpm\nphp-common-5.1.6-27.el5_6.4.ppc.rpm\nphp-dba-5.1.6-27.el5_6.4.ppc.rpm\nphp-debuginfo-5.1.6-27.el5_6.4.ppc.rpm\nphp-devel-5.1.6-27.el5_6.4.ppc.rpm\nphp-gd-5.1.6-27.el5_6.4.ppc.rpm\nphp-imap-5.1.6-27.el5_6.4.ppc.rpm\nphp-ldap-5.1.6-27.el5_6.4.ppc.rpm\nphp-mbstring-5.1.6-27.el5_6.4.ppc.rpm\nphp-mysql-5.1.6-27.el5_6.4.ppc.rpm\nphp-ncurses-5.1.6-27.el5_6.4.ppc.rpm\nphp-odbc-5.1.6-27.el5_6.4.ppc.rpm\nphp-pdo-5.1.6-27.el5_6.4.ppc.rpm\nphp-pgsql-5.1.6-27.el5_6.4.ppc.rpm\nphp-snmp-5.1.6-27.el5_6.4.ppc.rpm\nphp-soap-5.1.6-27.el5_6.4.ppc.rpm\nphp-xml-5.1.6-27.el5_6.4.ppc.rpm\nphp-xmlrpc-5.1.6-27.el5_6.4.ppc.rpm\n\ns390x:\nphp-5.1.6-27.el5_6.4.s390x.rpm\nphp-bcmath-5.1.6-27.el5_6.4.s390x.rpm\nphp-cli-5.1.6-27.el5_6.4.s390x.rpm\nphp-common-5.1.6-27.el5_6.4.s390x.rpm\nphp-dba-5.1.6-27.el5_6.4.s390x.rpm\nphp-debuginfo-5.1.6-27.el5_6.4.s390x.rpm\nphp-devel-5.1.6-27.el5_6.4.s390x.rpm\nphp-gd-5.1.6-27.el5_6.4.s390x.rpm\nphp-imap-5.1.6-27.el5_6.4.s390x.rpm\nphp-ldap-5.1.6-27.el5_6.4.s390x.rpm\nphp-mbstring-5.1.6-27.el5_6.4.s390x.rpm\nphp-mysql-5.1.6-27.el5_6.4.s390x.rpm\nphp-ncurses-5.1.6-27.el5_6.4.s390x.rpm\nphp-odbc-5.1.6-27.el5_6.4.s390x.rpm\nphp-pdo-5.1.6-27.el5_6.4.s390x.rpm\nphp-pgsql-5.1.6-27.el5_6.4.s390x.rpm\nphp-snmp-5.1.6-27.el5_6.4.s390x.rpm\nphp-soap-5.1.6-27.el5_6.4.s390x.rpm\nphp-xml-5.1.6-27.el5_6.4.s390x.rpm\nphp-xmlrpc-5.1.6-27.el5_6.4.s390x.rpm\n\nx86_64:\nphp-5.1.6-27.el5_6.4.x86_64.rpm\nphp-bcmath-5.1.6-27.el5_6.4.x86_64.rpm\nphp-cli-5.1.6-27.el5_6.4.x86_64.rpm\nphp-common-5.1.6-27.el5_6.4.x86_64.rpm\nphp-dba-5.1.6-27.el5_6.4.x86_64.rpm\nphp-debuginfo-5.1.6-27.el5_6.4.x86_64.rpm\nphp-devel-5.1.6-27.el5_6.4.x86_64.rpm\nphp-gd-5.1.6-27.el5_6.4.x86_64.rpm\nphp-imap-5.1.6-27.el5_6.4.x86_64.rpm\nphp-ldap-5.1.6-27.el5_6.4.x86_64.rpm\nphp-mbstring-5.1.6-27.el5_6.4.x86_64.rpm\nphp-mysql-5.1.6-27.el5_6.4.x86_64.rpm\nphp-ncurses-5.1.6-27.el5_6.4.x86_64.rpm\nphp-odbc-5.1.6-27.el5_6.4.x86_64.rpm\nphp-pdo-5.1.6-27.el5_6.4.x86_64.rpm\nphp-pgsql-5.1.6-27.el5_6.4.x86_64.rpm\nphp-snmp-5.1.6-27.el5_6.4.x86_64.rpm\nphp-soap-5.1.6-27.el5_6.4.x86_64.rpm\nphp-xml-5.1.6-27.el5_6.4.x86_64.rpm\nphp-xmlrpc-5.1.6-27.el5_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.0):\n\nSource:\nphp-5.3.2-6.el6_0.2.src.rpm\n\ni386:\nphp-5.3.2-6.el6_0.2.i686.rpm\nphp-cli-5.3.2-6.el6_0.2.i686.rpm\nphp-common-5.3.2-6.el6_0.2.i686.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.i686.rpm\nphp-gd-5.3.2-6.el6_0.2.i686.rpm\nphp-ldap-5.3.2-6.el6_0.2.i686.rpm\nphp-mysql-5.3.2-6.el6_0.2.i686.rpm\nphp-odbc-5.3.2-6.el6_0.2.i686.rpm\nphp-pdo-5.3.2-6.el6_0.2.i686.rpm\nphp-pgsql-5.3.2-6.el6_0.2.i686.rpm\nphp-soap-5.3.2-6.el6_0.2.i686.rpm\nphp-xml-5.3.2-6.el6_0.2.i686.rpm\nphp-xmlrpc-5.3.2-6.el6_0.2.i686.rpm\n\nppc64:\nphp-5.3.2-6.el6_0.2.ppc64.rpm\nphp-cli-5.3.2-6.el6_0.2.ppc64.rpm\nphp-common-5.3.2-6.el6_0.2.ppc64.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.ppc64.rpm\nphp-gd-5.3.2-6.el6_0.2.ppc64.rpm\nphp-ldap-5.3.2-6.el6_0.2.ppc64.rpm\nphp-mysql-5.3.2-6.el6_0.2.ppc64.rpm\nphp-odbc-5.3.2-6.el6_0.2.ppc64.rpm\nphp-pdo-5.3.2-6.el6_0.2.ppc64.rpm\nphp-pgsql-5.3.2-6.el6_0.2.ppc64.rpm\nphp-soap-5.3.2-6.el6_0.2.ppc64.rpm\nphp-xml-5.3.2-6.el6_0.2.ppc64.rpm\nphp-xmlrpc-5.3.2-6.el6_0.2.ppc64.rpm\n\ns390x:\nphp-5.3.2-6.el6_0.2.s390x.rpm\nphp-cli-5.3.2-6.el6_0.2.s390x.rpm\nphp-common-5.3.2-6.el6_0.2.s390x.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.s390x.rpm\nphp-gd-5.3.2-6.el6_0.2.s390x.rpm\nphp-ldap-5.3.2-6.el6_0.2.s390x.rpm\nphp-mysql-5.3.2-6.el6_0.2.s390x.rpm\nphp-odbc-5.3.2-6.el6_0.2.s390x.rpm\nphp-pdo-5.3.2-6.el6_0.2.s390x.rpm\nphp-pgsql-5.3.2-6.el6_0.2.s390x.rpm\nphp-soap-5.3.2-6.el6_0.2.s390x.rpm\nphp-xml-5.3.2-6.el6_0.2.s390x.rpm\nphp-xmlrpc-5.3.2-6.el6_0.2.s390x.rpm\n\nx86_64:\nphp-5.3.2-6.el6_0.2.x86_64.rpm\nphp-cli-5.3.2-6.el6_0.2.x86_64.rpm\nphp-common-5.3.2-6.el6_0.2.x86_64.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.x86_64.rpm\nphp-gd-5.3.2-6.el6_0.2.x86_64.rpm\nphp-ldap-5.3.2-6.el6_0.2.x86_64.rpm\nphp-mysql-5.3.2-6.el6_0.2.x86_64.rpm\nphp-odbc-5.3.2-6.el6_0.2.x86_64.rpm\nphp-pdo-5.3.2-6.el6_0.2.x86_64.rpm\nphp-pgsql-5.3.2-6.el6_0.2.x86_64.rpm\nphp-soap-5.3.2-6.el6_0.2.x86_64.rpm\nphp-xml-5.3.2-6.el6_0.2.x86_64.rpm\nphp-xmlrpc-5.3.2-6.el6_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.1):\n\nSource:\nphp-5.3.3-3.el6_1.4.src.rpm\n\ni386:\nphp-5.3.3-3.el6_1.4.i686.rpm\nphp-cli-5.3.3-3.el6_1.4.i686.rpm\nphp-common-5.3.3-3.el6_1.4.i686.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.i686.rpm\nphp-gd-5.3.3-3.el6_1.4.i686.rpm\nphp-ldap-5.3.3-3.el6_1.4.i686.rpm\nphp-mysql-5.3.3-3.el6_1.4.i686.rpm\nphp-odbc-5.3.3-3.el6_1.4.i686.rpm\nphp-pdo-5.3.3-3.el6_1.4.i686.rpm\nphp-pgsql-5.3.3-3.el6_1.4.i686.rpm\nphp-soap-5.3.3-3.el6_1.4.i686.rpm\nphp-xml-5.3.3-3.el6_1.4.i686.rpm\nphp-xmlrpc-5.3.3-3.el6_1.4.i686.rpm\n\nppc64:\nphp-5.3.3-3.el6_1.4.ppc64.rpm\nphp-cli-5.3.3-3.el6_1.4.ppc64.rpm\nphp-common-5.3.3-3.el6_1.4.ppc64.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.ppc64.rpm\nphp-gd-5.3.3-3.el6_1.4.ppc64.rpm\nphp-ldap-5.3.3-3.el6_1.4.ppc64.rpm\nphp-mysql-5.3.3-3.el6_1.4.ppc64.rpm\nphp-odbc-5.3.3-3.el6_1.4.ppc64.rpm\nphp-pdo-5.3.3-3.el6_1.4.ppc64.rpm\nphp-pgsql-5.3.3-3.el6_1.4.ppc64.rpm\nphp-soap-5.3.3-3.el6_1.4.ppc64.rpm\nphp-xml-5.3.3-3.el6_1.4.ppc64.rpm\nphp-xmlrpc-5.3.3-3.el6_1.4.ppc64.rpm\n\ns390x:\nphp-5.3.3-3.el6_1.4.s390x.rpm\nphp-cli-5.3.3-3.el6_1.4.s390x.rpm\nphp-common-5.3.3-3.el6_1.4.s390x.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.s390x.rpm\nphp-gd-5.3.3-3.el6_1.4.s390x.rpm\nphp-ldap-5.3.3-3.el6_1.4.s390x.rpm\nphp-mysql-5.3.3-3.el6_1.4.s390x.rpm\nphp-odbc-5.3.3-3.el6_1.4.s390x.rpm\nphp-pdo-5.3.3-3.el6_1.4.s390x.rpm\nphp-pgsql-5.3.3-3.el6_1.4.s390x.rpm\nphp-soap-5.3.3-3.el6_1.4.s390x.rpm\nphp-xml-5.3.3-3.el6_1.4.s390x.rpm\nphp-xmlrpc-5.3.3-3.el6_1.4.s390x.rpm\n\nx86_64:\nphp-5.3.3-3.el6_1.4.x86_64.rpm\nphp-cli-5.3.3-3.el6_1.4.x86_64.rpm\nphp-common-5.3.3-3.el6_1.4.x86_64.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.x86_64.rpm\nphp-gd-5.3.3-3.el6_1.4.x86_64.rpm\nphp-ldap-5.3.3-3.el6_1.4.x86_64.rpm\nphp-mysql-5.3.3-3.el6_1.4.x86_64.rpm\nphp-odbc-5.3.3-3.el6_1.4.x86_64.rpm\nphp-pdo-5.3.3-3.el6_1.4.x86_64.rpm\nphp-pgsql-5.3.3-3.el6_1.4.x86_64.rpm\nphp-soap-5.3.3-3.el6_1.4.x86_64.rpm\nphp-xml-5.3.3-3.el6_1.4.x86_64.rpm\nphp-xmlrpc-5.3.3-3.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.0):\n\nSource:\nphp-5.3.2-6.el6_0.2.src.rpm\n\ni386:\nphp-bcmath-5.3.2-6.el6_0.2.i686.rpm\nphp-dba-5.3.2-6.el6_0.2.i686.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.i686.rpm\nphp-devel-5.3.2-6.el6_0.2.i686.rpm\nphp-embedded-5.3.2-6.el6_0.2.i686.rpm\nphp-enchant-5.3.2-6.el6_0.2.i686.rpm\nphp-imap-5.3.2-6.el6_0.2.i686.rpm\nphp-intl-5.3.2-6.el6_0.2.i686.rpm\nphp-mbstring-5.3.2-6.el6_0.2.i686.rpm\nphp-process-5.3.2-6.el6_0.2.i686.rpm\nphp-pspell-5.3.2-6.el6_0.2.i686.rpm\nphp-recode-5.3.2-6.el6_0.2.i686.rpm\nphp-snmp-5.3.2-6.el6_0.2.i686.rpm\nphp-tidy-5.3.2-6.el6_0.2.i686.rpm\nphp-zts-5.3.2-6.el6_0.2.i686.rpm\n\nppc64:\nphp-bcmath-5.3.2-6.el6_0.2.ppc64.rpm\nphp-dba-5.3.2-6.el6_0.2.ppc64.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.ppc64.rpm\nphp-devel-5.3.2-6.el6_0.2.ppc64.rpm\nphp-embedded-5.3.2-6.el6_0.2.ppc64.rpm\nphp-enchant-5.3.2-6.el6_0.2.ppc64.rpm\nphp-imap-5.3.2-6.el6_0.2.ppc64.rpm\nphp-intl-5.3.2-6.el6_0.2.ppc64.rpm\nphp-mbstring-5.3.2-6.el6_0.2.ppc64.rpm\nphp-process-5.3.2-6.el6_0.2.ppc64.rpm\nphp-pspell-5.3.2-6.el6_0.2.ppc64.rpm\nphp-recode-5.3.2-6.el6_0.2.ppc64.rpm\nphp-snmp-5.3.2-6.el6_0.2.ppc64.rpm\nphp-tidy-5.3.2-6.el6_0.2.ppc64.rpm\nphp-zts-5.3.2-6.el6_0.2.ppc64.rpm\n\ns390x:\nphp-bcmath-5.3.2-6.el6_0.2.s390x.rpm\nphp-dba-5.3.2-6.el6_0.2.s390x.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.s390x.rpm\nphp-devel-5.3.2-6.el6_0.2.s390x.rpm\nphp-embedded-5.3.2-6.el6_0.2.s390x.rpm\nphp-enchant-5.3.2-6.el6_0.2.s390x.rpm\nphp-imap-5.3.2-6.el6_0.2.s390x.rpm\nphp-intl-5.3.2-6.el6_0.2.s390x.rpm\nphp-mbstring-5.3.2-6.el6_0.2.s390x.rpm\nphp-process-5.3.2-6.el6_0.2.s390x.rpm\nphp-pspell-5.3.2-6.el6_0.2.s390x.rpm\nphp-recode-5.3.2-6.el6_0.2.s390x.rpm\nphp-snmp-5.3.2-6.el6_0.2.s390x.rpm\nphp-tidy-5.3.2-6.el6_0.2.s390x.rpm\nphp-zts-5.3.2-6.el6_0.2.s390x.rpm\n\nx86_64:\nphp-bcmath-5.3.2-6.el6_0.2.x86_64.rpm\nphp-dba-5.3.2-6.el6_0.2.x86_64.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.x86_64.rpm\nphp-devel-5.3.2-6.el6_0.2.x86_64.rpm\nphp-embedded-5.3.2-6.el6_0.2.x86_64.rpm\nphp-enchant-5.3.2-6.el6_0.2.x86_64.rpm\nphp-imap-5.3.2-6.el6_0.2.x86_64.rpm\nphp-intl-5.3.2-6.el6_0.2.x86_64.rpm\nphp-mbstring-5.3.2-6.el6_0.2.x86_64.rpm\nphp-process-5.3.2-6.el6_0.2.x86_64.rpm\nphp-pspell-5.3.2-6.el6_0.2.x86_64.rpm\nphp-recode-5.3.2-6.el6_0.2.x86_64.rpm\nphp-snmp-5.3.2-6.el6_0.2.x86_64.rpm\nphp-tidy-5.3.2-6.el6_0.2.x86_64.rpm\nphp-zts-5.3.2-6.el6_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.1):\n\nSource:\nphp-5.3.3-3.el6_1.4.src.rpm\n\ni386:\nphp-bcmath-5.3.3-3.el6_1.4.i686.rpm\nphp-dba-5.3.3-3.el6_1.4.i686.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.i686.rpm\nphp-devel-5.3.3-3.el6_1.4.i686.rpm\nphp-embedded-5.3.3-3.el6_1.4.i686.rpm\nphp-enchant-5.3.3-3.el6_1.4.i686.rpm\nphp-imap-5.3.3-3.el6_1.4.i686.rpm\nphp-intl-5.3.3-3.el6_1.4.i686.rpm\nphp-mbstring-5.3.3-3.el6_1.4.i686.rpm\nphp-process-5.3.3-3.el6_1.4.i686.rpm\nphp-pspell-5.3.3-3.el6_1.4.i686.rpm\nphp-recode-5.3.3-3.el6_1.4.i686.rpm\nphp-snmp-5.3.3-3.el6_1.4.i686.rpm\nphp-tidy-5.3.3-3.el6_1.4.i686.rpm\nphp-zts-5.3.3-3.el6_1.4.i686.rpm\n\nppc64:\nphp-bcmath-5.3.3-3.el6_1.4.ppc64.rpm\nphp-dba-5.3.3-3.el6_1.4.ppc64.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.ppc64.rpm\nphp-devel-5.3.3-3.el6_1.4.ppc64.rpm\nphp-embedded-5.3.3-3.el6_1.4.ppc64.rpm\nphp-enchant-5.3.3-3.el6_1.4.ppc64.rpm\nphp-imap-5.3.3-3.el6_1.4.ppc64.rpm\nphp-intl-5.3.3-3.el6_1.4.ppc64.rpm\nphp-mbstring-5.3.3-3.el6_1.4.ppc64.rpm\nphp-process-5.3.3-3.el6_1.4.ppc64.rpm\nphp-pspell-5.3.3-3.el6_1.4.ppc64.rpm\nphp-recode-5.3.3-3.el6_1.4.ppc64.rpm\nphp-snmp-5.3.3-3.el6_1.4.ppc64.rpm\nphp-tidy-5.3.3-3.el6_1.4.ppc64.rpm\nphp-zts-5.3.3-3.el6_1.4.ppc64.rpm\n\ns390x:\nphp-bcmath-5.3.3-3.el6_1.4.s390x.rpm\nphp-dba-5.3.3-3.el6_1.4.s390x.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.s390x.rpm\nphp-devel-5.3.3-3.el6_1.4.s390x.rpm\nphp-embedded-5.3.3-3.el6_1.4.s390x.rpm\nphp-enchant-5.3.3-3.el6_1.4.s390x.rpm\nphp-imap-5.3.3-3.el6_1.4.s390x.rpm\nphp-intl-5.3.3-3.el6_1.4.s390x.rpm\nphp-mbstring-5.3.3-3.el6_1.4.s390x.rpm\nphp-process-5.3.3-3.el6_1.4.s390x.rpm\nphp-pspell-5.3.3-3.el6_1.4.s390x.rpm\nphp-recode-5.3.3-3.el6_1.4.s390x.rpm\nphp-snmp-5.3.3-3.el6_1.4.s390x.rpm\nphp-tidy-5.3.3-3.el6_1.4.s390x.rpm\nphp-zts-5.3.3-3.el6_1.4.s390x.rpm\n\nx86_64:\nphp-bcmath-5.3.3-3.el6_1.4.x86_64.rpm\nphp-dba-5.3.3-3.el6_1.4.x86_64.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.x86_64.rpm\nphp-devel-5.3.3-3.el6_1.4.x86_64.rpm\nphp-embedded-5.3.3-3.el6_1.4.x86_64.rpm\nphp-enchant-5.3.3-3.el6_1.4.x86_64.rpm\nphp-imap-5.3.3-3.el6_1.4.x86_64.rpm\nphp-intl-5.3.3-3.el6_1.4.x86_64.rpm\nphp-mbstring-5.3.3-3.el6_1.4.x86_64.rpm\nphp-process-5.3.3-3.el6_1.4.x86_64.rpm\nphp-pspell-5.3.3-3.el6_1.4.x86_64.rpm\nphp-recode-5.3.3-3.el6_1.4.x86_64.rpm\nphp-snmp-5.3.3-3.el6_1.4.x86_64.rpm\nphp-tidy-5.3.3-3.el6_1.4.x86_64.rpm\nphp-zts-5.3.3-3.el6_1.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-1823.html\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPq+BrXlSAg2UNWIIRAlkPAJ99QQuun9ljsbFTsnMoLAbItDTJUQCggigr\nNQJBwTDuCJX2FNa8cSIcWCY=\n=s0aa\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1437-1\nMay 04, 2012\n\nphp5 vulnerability\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nStandalone PHP CGI scripts could be made to execute arbitrary code with\nthe privilege of the web server. Configurations using\nmod_php5 and FastCGI were not vulnerable. Please see\nhttp://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2311.html\nfor more details and potential mitigation approaches. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n  php5-cgi                        5.3.10-1ubuntu3.1\n\nUbuntu 11.10:\n  php5-cgi                        5.3.6-13ubuntu3.7\n\nUbuntu 11.04:\n  php5-cgi                        5.3.5-1ubuntu7.8\n\nUbuntu 10.04 LTS:\n  php5-cgi                        5.3.2-1ubuntu4.15\n\nUbuntu 8.04 LTS:\n  php5-cgi                        5.2.4-2ubuntu5.24\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-1823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1823"
      },
      {
        "db": "PACKETSTORM",
        "id": "112515"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "112580"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "112508"
      },
      {
        "db": "PACKETSTORM",
        "id": "112605"
      },
      {
        "db": "PACKETSTORM",
        "id": "112474"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=18836",
        "trust": 0.4,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-1823"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-1823",
        "trust": 2.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#520827",
        "trust": 2.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#673343",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "49014",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "49065",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "49085",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "49087",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1027022",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2024/06/07/1",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002235",
        "trust": 0.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10658",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "53388",
        "trust": 0.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "18836",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1823",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "49097",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112515",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114272",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112580",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "113905",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112508",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112605",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "112474",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-1823"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      },
      {
        "db": "PACKETSTORM",
        "id": "112515"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "112580"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "112508"
      },
      {
        "db": "PACKETSTORM",
        "id": "112605"
      },
      {
        "db": "PACKETSTORM",
        "id": "112474"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1823"
      }
    ]
  },
  "id": "VAR-201205-0305",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.47077376
  },
  "last_update_date": "2024-07-23T20:13:35.528000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT5501",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht5501"
      },
      {
        "title": "HT5501",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht5501?viewlocale=ja_jp"
      },
      {
        "title": "PHP-CGI \u306e query string \u306e\u51e6\u7406\u306b\u8106\u5f31\u6027\u3010CY12-06-001\u3011",
        "trust": 0.8,
        "url": "http://cs.cybozu.co.jp/information/20120606up02.php"
      },
      {
        "title": "HPSBMU02786 SSRT100877",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "title": "HPSBUX02791 SSRT100856",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03368475"
      },
      {
        "title": "1621015",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621015"
      },
      {
        "title": "1620314",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620314"
      },
      {
        "title": "#61910",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=61910"
      },
      {
        "title": "RHSA-2012:0546",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-0546.html"
      },
      {
        "title": "RHSA-2012:0568",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-0568.html"
      },
      {
        "title": "RHSA-2012:0547",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-0547.html"
      },
      {
        "title": "PHP 5.3.12 and PHP 5.4.2 Released!",
        "trust": 0.8,
        "url": "http://www.php.net/archive/2012.php#id2012-05-03-1"
      },
      {
        "title": "PHP: CGI \u30d0\u30a4\u30ca\u30ea\u3068\u3057\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb - Manual",
        "trust": 0.8,
        "url": "http://www.php.net/manual/ja/security.cgi-bin.php"
      },
      {
        "title": "PHP 5 ChangeLog - Version 5.4.2",
        "trust": 0.8,
        "url": "http://www.php.net/changelog-5.php#5.4.2"
      },
      {
        "title": "PHP 5.4.3 and PHP 5.3.13 Released!",
        "trust": 0.8,
        "url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
      },
      {
        "title": "Patch cgi.diff for CGI/CLI related Bug #61910",
        "trust": 0.8,
        "url": "https://bugs.php.net/patch-display.php?bug_id=61910\u0026patch=cgi.diff\u0026revision=1335984315\u0026display=1"
      },
      {
        "title": "PHP 5.3.12 and 5.4.2 releases about CGI flaw (CVE-2012-1823)",
        "trust": 0.8,
        "url": "http://www.php.net/archive/2012.php#id2012-05-06-1"
      },
      {
        "title": "001-005900",
        "trust": 0.8,
        "url": "https://support.cybozu.com/ja-jp/article/5900"
      },
      {
        "title": "Red Hat: Critical: php53 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120569 - security advisory"
      },
      {
        "title": "Red Hat: Critical: php security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120568 - security advisory"
      },
      {
        "title": "Red Hat: Critical: php security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120546 - security advisory"
      },
      {
        "title": "Red Hat: Critical: php53 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120547 - security advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: php5: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=369fec60ba7ae134a5d768faf3cb2f6b"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1437-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2012-077",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-077"
      },
      {
        "title": "Debian Security Advisories: DSA-2465-1 php5 -- several vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=db88513c75df4c41339c6c90dcb69831"
      },
      {
        "title": "Red Hat: Moderate: php security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20121045 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: php53 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20121047 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: php security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20121046 - security advisory"
      },
      {
        "title": "HacktivityCon_CTF_2020",
        "trust": 0.1,
        "url": "https://github.com/w3rni0/hacktivitycon_ctf_2020 "
      },
      {
        "title": "exploits",
        "trust": 0.1,
        "url": "https://github.com/infodox/exploits "
      },
      {
        "title": "webappurls",
        "trust": 0.1,
        "url": "https://github.com/pwnwiki/webappurls "
      },
      {
        "title": "CVE-2012-1823",
        "trust": 0.1,
        "url": "https://github.com/drone789/cve-2012-1823 "
      },
      {
        "title": "Covid-v2-Botnet",
        "trust": 0.1,
        "url": "https://github.com/sniperx-d/covid-v2-botnet "
      },
      {
        "title": "covid",
        "trust": 0.1,
        "url": "https://github.com/mrscythelulz/covid "
      },
      {
        "title": "python-pySecurity",
        "trust": 0.1,
        "url": "https://github.com/cybersavvy/python-pysecurity "
      },
      {
        "title": "pySecurity",
        "trust": 0.1,
        "url": "https://github.com/smartflash/pysecurity "
      },
      {
        "title": "AutoSploit",
        "trust": 0.1,
        "url": "https://github.com/rootup/autosploit "
      },
      {
        "title": "Python",
        "trust": 0.1,
        "url": "https://github.com/bcybersavvy/python "
      },
      {
        "title": "awesome-infosec",
        "trust": 0.1,
        "url": "https://github.com/onlurking/awesome-infosec "
      },
      {
        "title": "awesome-infosec",
        "trust": 0.1,
        "url": "https://github.com/eric-erki/awesome-infosec "
      },
      {
        "title": "Intrusion_Detection_System-Python",
        "trust": 0.1,
        "url": "https://github.com/marcocastro100/intrusion_detection_system-python "
      },
      {
        "title": "deepdig",
        "trust": 0.1,
        "url": "https://github.com/cyberdeception/deepdig "
      },
      {
        "title": "Boot2root-CTFs-Writeups",
        "trust": 0.1,
        "url": "https://github.com/jean-francois-c/boot2root-ctfs "
      },
      {
        "title": "Boot2root-CTFs-Writeups",
        "trust": 0.1,
        "url": "https://github.com/jean-francois-c/boot2root-ctfs-writeups "
      },
      {
        "title": "CDL",
        "trust": 0.1,
        "url": "https://github.com/ncsu-dance-research-group/cdl "
      },
      {
        "title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications",
        "trust": 0.1,
        "url": "https://github.com/yuhang-lin/classified-distributed-learning-for-detecting-security-attacks-in-containerized-applications "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/new-exploits-arrive-for-old-php-vulnerability/104881/"
      },
      {
        "title": "Securelist",
        "trust": 0.1,
        "url": "https://securelist.com/it-threat-evolution-q2-2013/37163/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/php-group-set-release-another-patch-cve-2012-1823-flaw-050812/76537/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/php-group-releases-new-versions-patch-doesnt-fix-cve-2012-1823-bug-050412/76524/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-1823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1823"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.kb.cert.org/vuls/id/520827"
      },
      {
        "trust": 1.5,
        "url": "http://www.kb.cert.org/vuls/id/673343"
      },
      {
        "trust": 1.4,
        "url": "http://www.php.net/archive/2012.php#id2012-05-03-1"
      },
      {
        "trust": 1.4,
        "url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
      },
      {
        "trust": 1.4,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-0568.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-0547.html"
      },
      {
        "trust": 1.1,
        "url": "https://bugs.php.net/bug.php?id=61910"
      },
      {
        "trust": 1.1,
        "url": "http://www.php.net/changelog-5.php#5.4.2"
      },
      {
        "trust": 1.1,
        "url": "https://bugs.php.net/patch-display.php?bug_id=61910\u0026patch=cgi.diff\u0026revision=1335984315\u0026display=1"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-0546.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/49014"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/49087"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/49065"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht5501"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1027022"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/49085"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:068"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-0570.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2012-0569.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2012/dsa-2465"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pkgtquoa2ntz3rxn22csaujpiruyrb4b/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w45dboh56nqdrtom2dn2lna2fzimc3pk/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu520827"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu381963/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1823"
      },
      {
        "trust": 0.6,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
      },
      {
        "trust": 0.3,
        "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hmj%2asm..t.a4jy.6o9k.bw89mq%5f%5fdmtsfto0"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/software/lotus/products/foundations/start/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.parallels.com/en/113818"
      },
      {
        "trust": 0.3,
        "url": "kb.parallels.com/en/116241"
      },
      {
        "trust": 0.3,
        "url": "https://community.rapid7.com/thread/5174"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/fulldisclosure/2013/jun/21"
      },
      {
        "trust": 0.3,
        "url": "http://ompldr.org/vzgxxaq"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10658\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100162699"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100165255"
      },
      {
        "trust": 0.3,
        "url": "http://www.h-online.com/security/news/item/critical-open-hole-in-php-creates-risks-update-1567532.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620314"
      },
      {
        "trust": 0.3,
        "url": "http://www.turbolinux.co.jp/security-e/2012/tlsa-2012-14.txt"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2311"
      },
      {
        "trust": 0.2,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153"
      },
      {
        "trust": 0.2,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1172"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/security/data/cve/cve-2012-1823.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.2,
        "url": "http://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/knowledge/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2012:0569"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/infodox/exploits"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/18836/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-1437-1/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49097/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/psi_30_beta_launch"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49097"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49097/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.8"
      },
      {
        "trust": 0.1,
        "url": "http://people.canonical.com/~ubuntu-security/cve/2012/cve-2012-2311.html"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.24"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.7"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-1437-1"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2012-1823"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      },
      {
        "db": "PACKETSTORM",
        "id": "112515"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "112580"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "112508"
      },
      {
        "db": "PACKETSTORM",
        "id": "112605"
      },
      {
        "db": "PACKETSTORM",
        "id": "112474"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1823"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2012-1823"
      },
      {
        "db": "BID",
        "id": "53388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      },
      {
        "db": "PACKETSTORM",
        "id": "112515"
      },
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "112580"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "112508"
      },
      {
        "db": "PACKETSTORM",
        "id": "112605"
      },
      {
        "db": "PACKETSTORM",
        "id": "112474"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1823"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-05-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-1823"
      },
      {
        "date": "2012-05-04T00:00:00",
        "db": "BID",
        "id": "53388"
      },
      {
        "date": "2012-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      },
      {
        "date": "2012-05-08T04:16:46",
        "db": "PACKETSTORM",
        "id": "112515"
      },
      {
        "date": "2012-06-28T03:39:12",
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "date": "2012-05-10T03:59:25",
        "db": "PACKETSTORM",
        "id": "112580"
      },
      {
        "date": "2012-06-19T18:22:00",
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "date": "2012-05-07T20:04:50",
        "db": "PACKETSTORM",
        "id": "112508"
      },
      {
        "date": "2012-05-10T21:02:10",
        "db": "PACKETSTORM",
        "id": "112605"
      },
      {
        "date": "2012-05-06T01:28:45",
        "db": "PACKETSTORM",
        "id": "112474"
      },
      {
        "date": "2012-05-11T10:15:48.043000",
        "db": "NVD",
        "id": "CVE-2012-1823"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-1823"
      },
      {
        "date": "2015-04-13T22:15:00",
        "db": "BID",
        "id": "53388"
      },
      {
        "date": "2013-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      },
      {
        "date": "2024-07-16T17:48:42.937000",
        "db": "NVD",
        "id": "CVE-2012-1823"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "53388"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP-CGI of  query string Vulnerability in processing",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002235"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "arbitrary",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "114272"
      },
      {
        "db": "PACKETSTORM",
        "id": "112580"
      },
      {
        "db": "PACKETSTORM",
        "id": "113905"
      },
      {
        "db": "PACKETSTORM",
        "id": "112474"
      }
    ],
    "trust": 0.4
  }
}

var-201908-1841
Vulnerability from variot

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. PHP EXIF Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc.

Successfully exploiting this issue allow malicious users to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.

PHP versions before 7.3.8 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15

macOS Catalina 10.15 addresses the following:

AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team

apache_mod_php Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 7.3.8. CVE-2019-11041 CVE-2019-11042

Audio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab Entry added October 29, 2019

Books Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service Description: A resource exhaustion issue was addressed with improved input validation. CVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven Entry added October 29, 2019

CFNetwork Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland Entry added October 29, 2019

CoreAudio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

CoreCrypto Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a large input may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2019-8741: Nicky Mouha of NIST Entry added October 29, 2019

CoreMedia Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8825: Found by GWP-ASan in Google Chrome Entry added October 29, 2019

Crash Reporter Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics Description: A race condition existed when reading and writing user preferences. This was addressed with improved state handling. CVE-2019-8757: William Cerniuk of Core Development, LLC

CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An input validation issue was addressed with improved input validation. CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) Entry added October 29, 2019

CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2019-8767: Stephen Zeisberg Entry added October 29, 2019

CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) Entry added October 29, 2019

File Quarantine Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to elevate privileges Description: This issue was addressed by removing the vulnerable code. CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs Entry added October 29, 2019

Foundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project Zero Entry added October 29, 2019

Graphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a malicious shader may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-12152: Piotr Bania of Cisco Talos CVE-2018-12153: Piotr Bania of Cisco Talos CVE-2018-12154: Piotr Bania of Cisco Talos Entry added October 29, 2019

Intel Graphics Driver Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8758: Lilang Wu and Moony Li of Trend Micro

IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved restrictions. CVE-2019-8755: Lilang Wu and Moony Li of Trend Micro

IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8759: another of 360 Nirvan Team Entry added October 29, 2019

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local app may be able to read a persistent account identifier Description: A validation issue was addressed with improved logic. CVE-2019-8809: Apple Entry added October 29, 2019

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8709: derrek (@derrekr6) [confirmed]derrek (@derrekr6) CVE-2019-8781: Linus Henze (pinauten.de) Entry added October 29, 2019

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team Entry added October 29, 2019

libxml2 Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in libxml2 Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8749: found by OSS-Fuzz CVE-2019-8756: found by OSS-Fuzz Entry added October 29, 2019

libxslt Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in libxslt Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8750: found by OSS-Fuzz Entry added October 29, 2019

mDNSResponder Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in physical proximity may be able to passively observe device names in AWDL communications Description: This issue was resolved by replacing device names with a random identifier. CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Entry added October 29, 2019

Menus Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8826: Found by GWP-ASan in Google Chrome Entry added October 29, 2019

Notes Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to view a user's locked notes Description: The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia Polytechnic Institute and State University

PDFKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker may be able to exfiltrate the contents of an encrypted PDF Description: An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising of FH Münster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH Münster University of Applied Sciences, and Jörg Schwenk of Ruhr University Bochum

PluginKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to check for the existence of arbitrary files Description: A logic issue was addressed with improved restrictions. CVE-2019-8708: an anonymous researcher Entry added October 29, 2019

PluginKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8715: an anonymous researcher Entry added October 29, 2019

SharedFileList Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to access recent documents Description: The issue was addressed with improved permissions logic. CVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH

sips Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992) and pjf of IceSword Lab of Qihoo 360

UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2019-8761: Renee Trisberg of SpectX Entry added October 29, 2019

UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A user may be unable to delete browsing history items Description: "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. CVE-2019-8768: Hugo S. Diaz (coldpointblue)

WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Visiting a maliciously crafted website may reveal browsing history Description: An issue existed in the drawing of web page elements. The issue was addressed with improved logic. CVE-2019-8769: Piérre Reimertz (@reimertz)

Additional recognition

AppleRTC We would like to acknowledge Vitaly Cheptsov for their assistance.

Audio We would like to acknowledge riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative for their assistance.

boringssl We would like to acknowledge Nimrod Aviram of Tel Aviv University, Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr University Bochum and Thijs Alkemade (@xnyhps) of Computest for their assistance.

Finder We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.

Gatekeeper We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.

Identity Service We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

mDNSResponder We would like to acknowledge Gregor Lang of e.solutions GmbH for their assistance.

python We would like to acknowledge an anonymous researcher for their assistance.

Safari Data Importing We would like to acknowledge Kent Zoya for their assistance.

Simple certificate enrollment protocol (SCEP) We would like to acknowledge an anonymous researcher for their assistance.

Telephony We would like to acknowledge Phil Stokes from SentinelOne for their assistance.

VPN We would like to acknowledge Royce Gawron of Second Son Consulting, Inc. for their assistance.

Installation note:

macOS Catalina 10.15 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s4QACgkQBz4uGe3y 0M0s3w//QZG0JsE1BjWJ3mwKoSn/I1V0SLryV9UxJeibPfhyF6VJEYk63jZxZ5ki 48vM7iKE3nAHamNFOMtUvyzEdO6VGNZ1uiuSu9nkyziEERapHJSLcEh83p2JhWV/ SEsBB3bsT4l3V9ZYxk/9DX6ynCTzKLZTynw6Yo2PMYiMpavD5sfZ6v8U53qdZ+LX SNuw+vRTsvu3YlFkUStTdQ64sT72yGII0c8iFpSb2AWv7IgbypB5lW4/MRQjrzoc 9yMhvMgXcgAlzoH5GpGE2EflbekcQxudxDh1t0o7f8OASRPTljNjL4oiKXBMhiAM iUgDn7duE9LqupfSWK5WOUkF+XRV0qTaLCTDWaCzVa5YsApvSVPhbmoFqKXSQG8T U6SxQviqzJ06sD1jqm2sZ/LnD5xMEXhQvNx89oJrTRsCU/o0fy4tRhHp52aJoF7E Wvr1kTlo6SGm6NjkmZVoKj6962/0XUYSOt8gR+L/sF7N6URUG+1Ko2jx8zhYHMEO ju+Hw0TFHd+8mP29oOEIsIpuRpCp9jjgEJDdu7mGqJ1Py2Gs0uGeHEZd6DJhKggA IvdJu4Q9usjWaxQ9H3m2I/xEqw78sMEEFgCYfLTC0gf2ChaiGZuhKipcF04c81kM bOGmjuyJrajD/2rY9EHrqtCm5b2079YAIxUAmTOkT0uP2WmlZoM= =bhin -----END PGP SIGNATURE-----

.

For the stable distribution (buster), these problems have been fixed in version 7.3.9-1~deb10u1.

We recommend that you upgrade your php7.3 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Critical: rh-php72-php security update Advisory ID: RHSA-2019:3299-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:3299 Issue date: 2019-11-01 CVE Names: CVE-2016-10166 CVE-2018-20783 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 =====================================================================

  1. Summary:

An update for rh-php72-php is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: rh-php72-php (7.2.24). (BZ#1766603)

Security Fix(es):

  • php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)

  • gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166)

  • gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)

  • php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)

  • php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637)

  • php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)

  • php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)

  • php: Invalid read in exif_process_SOFn() (CVE-2019-9640)

  • php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)

  • php: Buffer over-read in exif_read_data() (CVE-2019-11040)

  • php: Buffer over-read in PHAR reading functions (CVE-2018-20783)

  • php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021)

  • php: memcpy with negative length via crafted DNS response (CVE-2019-9022)

  • php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023)

  • php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)

  • php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034)

  • php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035)

  • php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036)

  • gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038)

  • php: heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)

  • php: heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc() 1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c 1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions 1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode() 1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions 1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions 1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c 1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response 1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing 1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn() 1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value() 1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG() 1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure 1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm() 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data() 1739459 - CVE-2019-11041 php: heap buffer over-read in exif_scan_thumbnail() 1739465 - CVE-2019-11042 php: heap buffer over-read in exif_process_user_comment() 1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

aarch64: rh-php72-php-7.2.24-1.el7.aarch64.rpm rh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm rh-php72-php-cli-7.2.24-1.el7.aarch64.rpm rh-php72-php-common-7.2.24-1.el7.aarch64.rpm rh-php72-php-dba-7.2.24-1.el7.aarch64.rpm rh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm rh-php72-php-devel-7.2.24-1.el7.aarch64.rpm rh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm rh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm rh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm rh-php72-php-gd-7.2.24-1.el7.aarch64.rpm rh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-intl-7.2.24-1.el7.aarch64.rpm rh-php72-php-json-7.2.24-1.el7.aarch64.rpm rh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm rh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm rh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm rh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm rh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm rh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm rh-php72-php-process-7.2.24-1.el7.aarch64.rpm rh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm rh-php72-php-recode-7.2.24-1.el7.aarch64.rpm rh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-soap-7.2.24-1.el7.aarch64.rpm rh-php72-php-xml-7.2.24-1.el7.aarch64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm rh-php72-php-zip-7.2.24-1.el7.aarch64.rpm

ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm

s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

aarch64: rh-php72-php-7.2.24-1.el7.aarch64.rpm rh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm rh-php72-php-cli-7.2.24-1.el7.aarch64.rpm rh-php72-php-common-7.2.24-1.el7.aarch64.rpm rh-php72-php-dba-7.2.24-1.el7.aarch64.rpm rh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm rh-php72-php-devel-7.2.24-1.el7.aarch64.rpm rh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm rh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm rh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm rh-php72-php-gd-7.2.24-1.el7.aarch64.rpm rh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-intl-7.2.24-1.el7.aarch64.rpm rh-php72-php-json-7.2.24-1.el7.aarch64.rpm rh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm rh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm rh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm rh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm rh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm rh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm rh-php72-php-process-7.2.24-1.el7.aarch64.rpm rh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm rh-php72-php-recode-7.2.24-1.el7.aarch64.rpm rh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm rh-php72-php-soap-7.2.24-1.el7.aarch64.rpm rh-php72-php-xml-7.2.24-1.el7.aarch64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm rh-php72-php-zip-7.2.24-1.el7.aarch64.rpm

ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm

s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm

x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm

s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm

x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm

s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm

x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

ppc64le: rh-php72-php-7.2.24-1.el7.ppc64le.rpm rh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm rh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm rh-php72-php-common-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm rh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm rh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm rh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm rh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm rh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm rh-php72-php-json-7.2.24-1.el7.ppc64le.rpm rh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm rh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm rh-php72-php-process-7.2.24-1.el7.ppc64le.rpm rh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm rh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm rh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm rh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm rh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm

s390x: rh-php72-php-7.2.24-1.el7.s390x.rpm rh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm rh-php72-php-cli-7.2.24-1.el7.s390x.rpm rh-php72-php-common-7.2.24-1.el7.s390x.rpm rh-php72-php-dba-7.2.24-1.el7.s390x.rpm rh-php72-php-dbg-7.2.24-1.el7.s390x.rpm rh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm rh-php72-php-devel-7.2.24-1.el7.s390x.rpm rh-php72-php-embedded-7.2.24-1.el7.s390x.rpm rh-php72-php-enchant-7.2.24-1.el7.s390x.rpm rh-php72-php-fpm-7.2.24-1.el7.s390x.rpm rh-php72-php-gd-7.2.24-1.el7.s390x.rpm rh-php72-php-gmp-7.2.24-1.el7.s390x.rpm rh-php72-php-intl-7.2.24-1.el7.s390x.rpm rh-php72-php-json-7.2.24-1.el7.s390x.rpm rh-php72-php-ldap-7.2.24-1.el7.s390x.rpm rh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm rh-php72-php-odbc-7.2.24-1.el7.s390x.rpm rh-php72-php-opcache-7.2.24-1.el7.s390x.rpm rh-php72-php-pdo-7.2.24-1.el7.s390x.rpm rh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm rh-php72-php-process-7.2.24-1.el7.s390x.rpm rh-php72-php-pspell-7.2.24-1.el7.s390x.rpm rh-php72-php-recode-7.2.24-1.el7.s390x.rpm rh-php72-php-snmp-7.2.24-1.el7.s390x.rpm rh-php72-php-soap-7.2.24-1.el7.s390x.rpm rh-php72-php-xml-7.2.24-1.el7.s390x.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm rh-php72-php-zip-7.2.24-1.el7.s390x.rpm

x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php72-php-7.2.24-1.el7.src.rpm

x86_64: rh-php72-php-7.2.24-1.el7.x86_64.rpm rh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm rh-php72-php-cli-7.2.24-1.el7.x86_64.rpm rh-php72-php-common-7.2.24-1.el7.x86_64.rpm rh-php72-php-dba-7.2.24-1.el7.x86_64.rpm rh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm rh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm rh-php72-php-devel-7.2.24-1.el7.x86_64.rpm rh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm rh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm rh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm rh-php72-php-gd-7.2.24-1.el7.x86_64.rpm rh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-intl-7.2.24-1.el7.x86_64.rpm rh-php72-php-json-7.2.24-1.el7.x86_64.rpm rh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm rh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm rh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm rh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm rh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm rh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm rh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm rh-php72-php-process-7.2.24-1.el7.x86_64.rpm rh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm rh-php72-php-recode-7.2.24-1.el7.x86_64.rpm rh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm rh-php72-php-soap-7.2.24-1.el7.x86_64.rpm rh-php72-php-xml-7.2.24-1.el7.x86_64.rpm rh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm rh-php72-php-zip-7.2.24-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-10166 https://access.redhat.com/security/cve/CVE-2018-20783 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-9020 https://access.redhat.com/security/cve/CVE-2019-9021 https://access.redhat.com/security/cve/CVE-2019-9022 https://access.redhat.com/security/cve/CVE-2019-9023 https://access.redhat.com/security/cve/CVE-2019-9024 https://access.redhat.com/security/cve/CVE-2019-9637 https://access.redhat.com/security/cve/CVE-2019-9638 https://access.redhat.com/security/cve/CVE-2019-9639 https://access.redhat.com/security/cve/CVE-2019-9640 https://access.redhat.com/security/cve/CVE-2019-11034 https://access.redhat.com/security/cve/CVE-2019-11035 https://access.redhat.com/security/cve/CVE-2019-11036 https://access.redhat.com/security/cve/CVE-2019-11038 https://access.redhat.com/security/cve/CVE-2019-11039 https://access.redhat.com/security/cve/CVE-2019-11040 https://access.redhat.com/security/cve/CVE-2019-11041 https://access.redhat.com/security/cve/CVE-2019-11042 https://access.redhat.com/security/cve/CVE-2019-11043 https://access.redhat.com/security/updates/classification/#critical

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXbwslNzjgjWX9erEAQgZrA//YpBwARJTytrbpWQquZ4hnjbScNEZK1d4 sOOT+oiQSrzvghsNKNCKwEO1CLbNA9XOT7bCchtpD/HguTc4XeGNk7dAf/qA6UVB tJCxmqNBVBKqoe9UafmxLUFcVSkv/PHRVD2h+/TvmqdB8Uf2Z8hIIaBt7UsW34sb yBMLJVhyG98c/7VzwqFXW6Vm+Ly6+/ViYtloe5/Ex4D8FvB72Cc9uRvCTWdLLOXu PlwQKdaEt5CtUrTmLFEX+9t6tybwhNBf/dZ96nazCaSRtQVnhZI9s+wjoE6vEOOB +bOldvJ9tu7LclzMIz7SbSqjhPBSLtEMGZKcO1havVGDwcfPAEc12TW9DtVFDlqA Xq+dFW5vviRCoMlSmNBmSqQZSWMF64LdzjvWfW2G/nBnNLOdhu/Wufs1sJUOc+cp V9PgQH0iWut0N89DaOzTH+4PQvvvTw12HuKHk+P+/O8bBBdcI9gpd5klce/5jquc QXqhy49koz6BturNpVnXfSWjdLPwQ1pwhGJOkv7vLsdx6HVeuY6BsSE+C28cHFl+ z/AOZL4eCa9xKlePdGKCbqzTjMmCiJQbeShoBOKt1DtSgVVgtE0Kc5EZQcqop0aw RG304k1HSbrgsSRFxx6s1RophOQaC3ASvWkw5OY/8ylNrO9AAMxLRjZNCve6V7Rq 86WRMpuQxpE= =winR -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1841",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "canonical",
        "version": "19.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.1"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.8"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.21"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.1.0"
      },
      {
        "model": "software collections",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.1.31"
      },
      {
        "model": "tenable.sc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.19.0"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.1.31 for up to  7.1.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.2.21 for up to  7.2.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.3.8 for up to  7.3.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.1.30"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.2.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "php",
        "version": "7.3.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "apple",
        "version": "10.15"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-11042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11042"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.1.31",
                "versionStartIncluding": "7.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.21",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.8",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-11042"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "db": "PACKETSTORM",
        "id": "157463"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-142"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-11042",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-11042",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-142649",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-11042",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 4.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "security@php.net",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.2,
            "impactScore": 2.5,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-11042",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-11042",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security@php.net",
            "id": "CVE-2019-11042",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-142",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-142649",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-11042",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142649"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11042"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11042"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-142"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. PHP EXIF Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. \n              \nSuccessfully exploiting this issue allow malicious users to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. \n\nPHP  versions before 7.3.8 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-29-10 Additional information\nfor APPLE-SA-2019-10-07-1 macOS Catalina 10.15\n\nmacOS Catalina 10.15 addresses the following:\n\nAMD\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security\nResearch Team\n\napache_mod_php\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in PHP\nDescription: Multiple issues were addressed by updating to PHP\nversion 7.3.8. \nCVE-2019-11041\nCVE-2019-11042\n\nAudio\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab\nEntry added October 29, 2019\n\nBooks\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Parsing a maliciously crafted iBooks file may lead to a\npersistent denial-of-service\nDescription: A resource exhaustion issue was addressed with improved\ninput validation. \nCVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven\nEntry added October 29, 2019\n\nCFNetwork\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: This issue was addressed with improved checks. \nCVE-2019-8753: \u0141ukasz Pilorz of Standard Chartered GBS Poland\nEntry added October 29, 2019\n\nCoreAudio\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted movie may result in the\ndisclosure of process memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-8705: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nCoreCrypto\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a large input may lead to a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2019-8741: Nicky Mouha of NIST\nEntry added October 29, 2019\n\nCoreMedia\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8825: Found by GWP-ASan in Google Chrome\nEntry added October 29, 2019\n\nCrash Reporter\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: The \"Share Mac Analytics\" setting may not be disabled when a\nuser deselects the switch to share analytics\nDescription: A race condition existed when reading and writing user\npreferences. This was addressed with improved state handling. \nCVE-2019-8757: William Cerniuk of Core Development, LLC\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)\nEntry added October 29, 2019\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted string may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2019-8767: Stephen Zeisberg\nEntry added October 29, 2019\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)\nEntry added October 29, 2019\n\nFile Quarantine\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to elevate privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs\nEntry added October 29, 2019\n\nFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8746: Natalie Silvanovich and Samuel Gro\u00df of Google Project\nZero\nEntry added October 29, 2019\n\nGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a malicious shader may result in unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2018-12152: Piotr Bania of Cisco Talos\nCVE-2018-12153: Piotr Bania of Cisco Talos\nCVE-2018-12154: Piotr Bania of Cisco Talos\nEntry added October 29, 2019\n\nIntel Graphics Driver\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8758: Lilang Wu and Moony Li of Trend Micro\n\nIOGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8755: Lilang Wu and Moony Li of Trend Micro\n\nIOGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8759: another of 360 Nirvan Team\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local app may be able to read a persistent account\nidentifier\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8809: Apple\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8709: derrek (@derrekr6)\n[confirmed]derrek (@derrekr6)\nCVE-2019-8781: Linus Henze (pinauten.de)\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8717: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory corruption issue existed in the handling of\nIPv6 packets. This issue was addressed with improved memory\nmanagement. \nCVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team\nEntry added October 29, 2019\n\nlibxml2\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in libxml2\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8749: found by OSS-Fuzz\nCVE-2019-8756: found by OSS-Fuzz\nEntry added October 29, 2019\n\nlibxslt\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in libxslt\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8750: found by OSS-Fuzz\nEntry added October 29, 2019\n\nmDNSResponder\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in physical proximity may be able to passively\nobserve device names in AWDL communications\nDescription: This issue was resolved by replacing device names with a\nrandom identifier. \nCVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile\nNetworking Lab at Technische Universit\u00e4t Darmstadt\nEntry added October 29, 2019\n\nMenus\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8826: Found by GWP-ASan in Google Chrome\nEntry added October 29, 2019\n\nNotes\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: The contents of locked notes sometimes appeared in\nsearch results. This issue was addressed with improved data cleanup. \nCVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia\nPolytechnic Institute and State University\n\nPDFKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker may be able to exfiltrate the contents of an\nencrypted PDF\nDescription: An issue existed in the handling of links in encrypted\nPDFs. This issue was addressed by adding a confirmation prompt. \nCVE-2019-8772: Jens M\u00fcller of Ruhr University Bochum, Fabian Ising\nof FH M\u00fcnster University of Applied Sciences, Vladislav Mladenov\nof Ruhr University Bochum, Christian Mainka of Ruhr University\nBochum, Sebastian Schinzel of FH M\u00fcnster University of Applied\nSciences, and J\u00f6rg Schwenk of Ruhr University Bochum\n\nPluginKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8708: an anonymous researcher\nEntry added October 29, 2019\n\nPluginKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8715: an anonymous researcher\nEntry added October 29, 2019\n\nSharedFileList\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to access recent\ndocuments\nDescription: The issue was addressed with improved permissions logic. \nCVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH\n\nsips\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992)\nand pjf of IceSword Lab of Qihoo 360\n\nUIFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Parsing a maliciously crafted text file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2019-8761: Renee Trisberg of SpectX\nEntry added October 29, 2019\n\nUIFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8745: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nWebKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A user may be unable to delete browsing history items\nDescription: \"Clear History and Website Data\" did not clear the\nhistory. The issue was addressed with improved data deletion. \nCVE-2019-8768: Hugo S. Diaz (coldpointblue)\n\nWebKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Visiting a maliciously crafted website may reveal browsing\nhistory\nDescription: An issue existed in the drawing of web page elements. \nThe issue was addressed with improved logic. \nCVE-2019-8769: Pi\u00e9rre Reimertz (@reimertz)\n\nAdditional recognition\n\nAppleRTC\nWe would like to acknowledge Vitaly Cheptsov for their assistance. \n\nAudio\nWe would like to acknowledge riusksk of VulWar Corp working with\nTrend Micro\u0027s Zero Day Initiative for their assistance. \n\nboringssl\nWe would like to acknowledge Nimrod Aviram of Tel Aviv University,\nRobert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr\nUniversity Bochum and Thijs Alkemade (@xnyhps) of Computest for their\nassistance. \n\nFinder\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nGatekeeper\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nIdentity Service\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nmDNSResponder\nWe would like to acknowledge Gregor Lang of e.solutions GmbH for\ntheir assistance. \n\npython\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nSafari Data Importing\nWe would like to acknowledge Kent Zoya for their assistance. \n\nSimple certificate enrollment protocol (SCEP)\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nTelephony\nWe would like to acknowledge Phil Stokes from SentinelOne for their\nassistance. \n\nVPN\nWe would like to acknowledge Royce Gawron of Second Son Consulting,\nInc. for their assistance. \n\nInstallation note:\n\nmacOS Catalina 10.15 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s4QACgkQBz4uGe3y\n0M0s3w//QZG0JsE1BjWJ3mwKoSn/I1V0SLryV9UxJeibPfhyF6VJEYk63jZxZ5ki\n48vM7iKE3nAHamNFOMtUvyzEdO6VGNZ1uiuSu9nkyziEERapHJSLcEh83p2JhWV/\nSEsBB3bsT4l3V9ZYxk/9DX6ynCTzKLZTynw6Yo2PMYiMpavD5sfZ6v8U53qdZ+LX\nSNuw+vRTsvu3YlFkUStTdQ64sT72yGII0c8iFpSb2AWv7IgbypB5lW4/MRQjrzoc\n9yMhvMgXcgAlzoH5GpGE2EflbekcQxudxDh1t0o7f8OASRPTljNjL4oiKXBMhiAM\niUgDn7duE9LqupfSWK5WOUkF+XRV0qTaLCTDWaCzVa5YsApvSVPhbmoFqKXSQG8T\nU6SxQviqzJ06sD1jqm2sZ/LnD5xMEXhQvNx89oJrTRsCU/o0fy4tRhHp52aJoF7E\nWvr1kTlo6SGm6NjkmZVoKj6962/0XUYSOt8gR+L/sF7N6URUG+1Ko2jx8zhYHMEO\nju+Hw0TFHd+8mP29oOEIsIpuRpCp9jjgEJDdu7mGqJ1Py2Gs0uGeHEZd6DJhKggA\nIvdJu4Q9usjWaxQ9H3m2I/xEqw78sMEEFgCYfLTC0gf2ChaiGZuhKipcF04c81kM\nbOGmjuyJrajD/2rY9EHrqtCm5b2079YAIxUAmTOkT0uP2WmlZoM=\n=bhin\n-----END PGP SIGNATURE-----\n\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.9-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: rh-php72-php security update\nAdvisory ID:       RHSA-2019:3299-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:3299\nIssue date:        2019-11-01\nCVE Names:         CVE-2016-10166 CVE-2018-20783 CVE-2019-6977 \n                   CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 \n                   CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 \n                   CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 \n                   CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 \n                   CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 \n                   CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php72-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nThe following packages have been upgraded to a later upstream version:\nrh-php72-php (7.2.24). (BZ#1766603)\n\nSecurity Fix(es):\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\n* gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166)\n\n* gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c\n(CVE-2019-6977)\n\n* php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020)\n\n* php: File rename across filesystems may allow unwanted access during\nprocessing (CVE-2019-9637)\n\n* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638)\n\n* php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639)\n\n* php: Invalid read in exif_process_SOFn() (CVE-2019-9640)\n\n* php: Out-of-bounds read due to integer overflow in\niconv_mime_decode_headers() (CVE-2019-11039)\n\n* php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n* php: Buffer over-read in PHAR reading functions (CVE-2018-20783)\n\n* php: Heap-based buffer over-read in PHAR reading functions\n(CVE-2019-9021)\n\n* php: memcpy with negative length via crafted DNS response (CVE-2019-9022)\n\n* php: Heap-based buffer over-read in mbstring regular expression functions\n(CVE-2019-9023)\n\n* php: Out-of-bounds read in base64_decode_xmlrpc in\next/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024)\n\n* php: Heap buffer overflow in function exif_process_IFD_TAG()\n(CVE-2019-11034)\n\n* php: Heap buffer overflow in function exif_iif_add_value()\n(CVE-2019-11035)\n\n* php: Buffer over-read in exif_process_IFD_TAG() leading to information\ndisclosure (CVE-2019-11036)\n\n* gd: Information disclosure in gdImageCreateFromXbm() (CVE-2019-11038)\n\n* php: heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n* php: heap buffer over-read in exif_process_user_comment()\n(CVE-2019-11042)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1418983 - CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc()\n1672207 - CVE-2019-6977 gd: Heap based buffer overflow in gdImageColorMatch() in gd_color_match.c\n1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions\n1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode()\n1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions\n1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions\n1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c\n1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response\n1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing\n1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE\n1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE\n1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn()\n1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value()\n1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG()\n1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure\n1724149 - CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm()\n1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers()\n1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data()\n1739459 - CVE-2019-11041 php: heap buffer over-read in exif_scan_thumbnail()\n1739465 - CVE-2019-11042 php: heap buffer over-read in exif_process_user_comment()\n1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\naarch64:\nrh-php72-php-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-cli-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-common-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dba-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-devel-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-intl-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-json-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-process-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-recode-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-soap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xml-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-zip-7.2.24-1.el7.aarch64.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\naarch64:\nrh-php72-php-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-cli-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-common-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dba-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-devel-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-intl-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-json-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-process-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-recode-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-soap-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xml-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.aarch64.rpm\nrh-php72-php-zip-7.2.24-1.el7.aarch64.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nppc64le:\nrh-php72-php-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-cli-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-common-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dba-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-dbg-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-devel-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-embedded-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-enchant-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-fpm-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-gmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-intl-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-json-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-ldap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-odbc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-opcache-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pdo-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-process-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-pspell-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-recode-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-snmp-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-soap-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xml-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.ppc64le.rpm\nrh-php72-php-zip-7.2.24-1.el7.ppc64le.rpm\n\ns390x:\nrh-php72-php-7.2.24-1.el7.s390x.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.s390x.rpm\nrh-php72-php-cli-7.2.24-1.el7.s390x.rpm\nrh-php72-php-common-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dba-7.2.24-1.el7.s390x.rpm\nrh-php72-php-dbg-7.2.24-1.el7.s390x.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-devel-7.2.24-1.el7.s390x.rpm\nrh-php72-php-embedded-7.2.24-1.el7.s390x.rpm\nrh-php72-php-enchant-7.2.24-1.el7.s390x.rpm\nrh-php72-php-fpm-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-gmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-intl-7.2.24-1.el7.s390x.rpm\nrh-php72-php-json-7.2.24-1.el7.s390x.rpm\nrh-php72-php-ldap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.s390x.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.s390x.rpm\nrh-php72-php-odbc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-opcache-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pdo-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.s390x.rpm\nrh-php72-php-process-7.2.24-1.el7.s390x.rpm\nrh-php72-php-pspell-7.2.24-1.el7.s390x.rpm\nrh-php72-php-recode-7.2.24-1.el7.s390x.rpm\nrh-php72-php-snmp-7.2.24-1.el7.s390x.rpm\nrh-php72-php-soap-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xml-7.2.24-1.el7.s390x.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.s390x.rpm\nrh-php72-php-zip-7.2.24-1.el7.s390x.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php72-php-7.2.24-1.el7.src.rpm\n\nx86_64:\nrh-php72-php-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-bcmath-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-cli-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-common-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dba-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-dbg-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-debuginfo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-devel-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-embedded-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-enchant-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-fpm-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-gmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-intl-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-json-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-ldap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mbstring-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-mysqlnd-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-odbc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-opcache-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pdo-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pgsql-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-process-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-pspell-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-recode-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-snmp-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-soap-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xml-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-xmlrpc-7.2.24-1.el7.x86_64.rpm\nrh-php72-php-zip-7.2.24-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10166\nhttps://access.redhat.com/security/cve/CVE-2018-20783\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-9020\nhttps://access.redhat.com/security/cve/CVE-2019-9021\nhttps://access.redhat.com/security/cve/CVE-2019-9022\nhttps://access.redhat.com/security/cve/CVE-2019-9023\nhttps://access.redhat.com/security/cve/CVE-2019-9024\nhttps://access.redhat.com/security/cve/CVE-2019-9637\nhttps://access.redhat.com/security/cve/CVE-2019-9638\nhttps://access.redhat.com/security/cve/CVE-2019-9639\nhttps://access.redhat.com/security/cve/CVE-2019-9640\nhttps://access.redhat.com/security/cve/CVE-2019-11034\nhttps://access.redhat.com/security/cve/CVE-2019-11035\nhttps://access.redhat.com/security/cve/CVE-2019-11036\nhttps://access.redhat.com/security/cve/CVE-2019-11038\nhttps://access.redhat.com/security/cve/CVE-2019-11039\nhttps://access.redhat.com/security/cve/CVE-2019-11040\nhttps://access.redhat.com/security/cve/CVE-2019-11041\nhttps://access.redhat.com/security/cve/CVE-2019-11042\nhttps://access.redhat.com/security/cve/CVE-2019-11043\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXbwslNzjgjWX9erEAQgZrA//YpBwARJTytrbpWQquZ4hnjbScNEZK1d4\nsOOT+oiQSrzvghsNKNCKwEO1CLbNA9XOT7bCchtpD/HguTc4XeGNk7dAf/qA6UVB\ntJCxmqNBVBKqoe9UafmxLUFcVSkv/PHRVD2h+/TvmqdB8Uf2Z8hIIaBt7UsW34sb\nyBMLJVhyG98c/7VzwqFXW6Vm+Ly6+/ViYtloe5/Ex4D8FvB72Cc9uRvCTWdLLOXu\nPlwQKdaEt5CtUrTmLFEX+9t6tybwhNBf/dZ96nazCaSRtQVnhZI9s+wjoE6vEOOB\n+bOldvJ9tu7LclzMIz7SbSqjhPBSLtEMGZKcO1havVGDwcfPAEc12TW9DtVFDlqA\nXq+dFW5vviRCoMlSmNBmSqQZSWMF64LdzjvWfW2G/nBnNLOdhu/Wufs1sJUOc+cp\nV9PgQH0iWut0N89DaOzTH+4PQvvvTw12HuKHk+P+/O8bBBdcI9gpd5klce/5jquc\nQXqhy49koz6BturNpVnXfSWjdLPwQ1pwhGJOkv7vLsdx6HVeuY6BsSE+C28cHFl+\nz/AOZL4eCa9xKlePdGKCbqzTjMmCiJQbeShoBOKt1DtSgVVgtE0Kc5EZQcqop0aw\nRG304k1HSbrgsSRFxx6s1RophOQaC3ASvWkw5OY/8ylNrO9AAMxLRjZNCve6V7Rq\n86WRMpuQxpE=\n=winR\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.2 Release Notes linked from the References section",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-11042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142649"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11042"
      },
      {
        "db": "PACKETSTORM",
        "id": "154561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "154543"
      },
      {
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "db": "PACKETSTORM",
        "id": "157463"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-11042",
        "trust": 3.3
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-14",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "159094",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007695",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-142",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "157463",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3073",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3349",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3272",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0741",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2515",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3072",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3332",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4296",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1500",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3111",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6056",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072292",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-142649",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11042",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154561",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155066",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154543",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155070",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154768",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142649"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      },
      {
        "db": "PACKETSTORM",
        "id": "154561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "154543"
      },
      {
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "db": "PACKETSTORM",
        "id": "157463"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11042"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-142"
      }
    ]
  },
  "id": "VAR-201908-1841",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142649"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:36:58.322000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[SECURITY] [DLA 1878-1] php5 security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
      },
      {
        "title": "78256",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=78256"
      },
      {
        "title": "USN-4097-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/4097-1/"
      },
      {
        "title": "USN-4097-2",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/4097-2/"
      },
      {
        "title": "PHP Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=95904"
      },
      {
        "title": "Ubuntu Security Notice: php7.0, php7.2 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4097-1"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4097-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2019-1284",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1284"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2019-1283",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1283"
      },
      {
        "title": "Debian Security Advisories: DSA-4527-1 php7.3 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=877cb76e8aeddfa40b275ad142be1771"
      },
      {
        "title": "Red Hat: Moderate: php:7.2 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201624 - security advisory"
      },
      {
        "title": "Red Hat: Critical: rh-php72-php security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193299 - security advisory"
      },
      {
        "title": "Apple: macOS Catalina 10.15",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aafc8ca42bce10e92a70604a0d265a55"
      },
      {
        "title": "Debian Security Advisories: DSA-4529-1 php7.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ee5cd1d3e8c521eee01300cbf544b2d7"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/apple-tackles-a-dozen-bugs-in-catalina/148988/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-11042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-142"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11042"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://access.redhat.com/errata/rhsa-2019:3299"
      },
      {
        "trust": 2.5,
        "url": "https://usn.ubuntu.com/4097-1/"
      },
      {
        "trust": 2.4,
        "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
      },
      {
        "trust": 2.4,
        "url": "https://usn.ubuntu.com/4097-2/"
      },
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11042"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2019/sep/35"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2019/sep/38"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2019/oct/9"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=78256"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht210634"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2019/dsa-4527"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2019/dsa-4529"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2019/oct/15"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2019/oct/55"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht210722"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2021-14"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2019-11042"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11042"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11041"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914158-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2019:3300"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192243-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192270-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1500/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3073/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3272/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159094/red-hat-security-advisory-2020-3662-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-29928"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0741/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4296/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210722"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210634"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-php/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3072/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6056"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3349/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157463/red-hat-security-advisory-2020-1624-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3111/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3332/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11040"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11039"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11036"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11035"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11034"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-11040"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-11039"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-11041"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11038"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8717"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8757"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8701"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8730"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8745"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8748"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8758"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8755"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9022"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9640"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9024"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9638"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9637"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11036"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11035"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9638"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9024"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9639"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9023"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-20783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9022"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9640"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9021"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9023"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9020"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9639"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9637"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11034"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9020"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9021"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109465"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8753"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8706"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8744"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8746"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8708"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8756"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12153"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8749"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8741"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8715"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12152"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7065"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11050"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11045"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19203"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7062"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7059"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11045"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11047"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7066"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7065"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11047"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19203"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7063"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7064"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19246"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16163"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7066"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11048"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11048"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13224"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7060"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16163"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19246"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7063"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7062"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11050"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7059"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7060"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.3"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11043"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11038"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6977"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11043"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-10166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6977"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:1624"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8770"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8768"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142649"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      },
      {
        "db": "PACKETSTORM",
        "id": "154561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "154543"
      },
      {
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "db": "PACKETSTORM",
        "id": "157463"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11042"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-142"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-142649"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11042"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      },
      {
        "db": "PACKETSTORM",
        "id": "154561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "154543"
      },
      {
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "db": "PACKETSTORM",
        "id": "157463"
      },
      {
        "db": "PACKETSTORM",
        "id": "154768"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11042"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-142"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142649"
      },
      {
        "date": "2019-08-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-11042"
      },
      {
        "date": "2019-08-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      },
      {
        "date": "2019-09-23T18:25:24",
        "db": "PACKETSTORM",
        "id": "154561"
      },
      {
        "date": "2019-11-01T17:10:40",
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "date": "2020-09-08T18:10:32",
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "date": "2019-09-20T14:58:48",
        "db": "PACKETSTORM",
        "id": "154543"
      },
      {
        "date": "2019-11-01T17:11:58",
        "db": "PACKETSTORM",
        "id": "155070"
      },
      {
        "date": "2020-04-28T20:37:45",
        "db": "PACKETSTORM",
        "id": "157463"
      },
      {
        "date": "2019-10-08T19:59:26",
        "db": "PACKETSTORM",
        "id": "154768"
      },
      {
        "date": "2019-08-09T20:15:11.143000",
        "db": "NVD",
        "id": "CVE-2019-11042"
      },
      {
        "date": "2019-08-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-142"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142649"
      },
      {
        "date": "2020-10-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-11042"
      },
      {
        "date": "2019-08-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      },
      {
        "date": "2023-02-28T15:13:47.413000",
        "db": "NVD",
        "id": "CVE-2019-11042"
      },
      {
        "date": "2023-03-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-142"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-142"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP EXIF Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007695"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-142"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0464
Vulnerability from variot

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. PHP is prone to a buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. ========================================================================== Ubuntu Security Notice USN-2572-1 April 20, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)

It was discovered that PHP incorrectly handled unserializing PHAR files. (CVE-2015-2787)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.4 php5-cgi 5.5.12+dfsg-2ubuntu4.4 php5-cli 5.5.12+dfsg-2ubuntu4.4 php5-fpm 5.5.12+dfsg-2ubuntu4.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 php5-cgi 5.5.9+dfsg-1ubuntu4.9 php5-cli 5.5.9+dfsg-1ubuntu4.9 php5-fpm 5.5.9+dfsg-1ubuntu4.9

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.18 php5-cgi 5.3.10-1ubuntu3.18 php5-cli 5.3.10-1ubuntu3.18 php5-fpm 5.3.10-1ubuntu3.18

Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.30 php5-cgi 5.3.2-1ubuntu4.30 php5-cli 5.3.2-1ubuntu4.30

In general, a standard system update will make all the necessary changes. 6) - i386, x86_64

  1. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

This update also fixes the following bugs:

  • The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305)

  • When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299)

  • Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm

s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.ael7b_1.src.rpm

ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm

s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg= =FREZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

.

CVE-2015-4024

Denial of service when processing multipart/form-data requests.

For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.41-0+deb7u1.

For the stable distribution (jessie), these problems have been fixed in version 5.6.9+dfsg-0+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 5.6.9+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in version 5.6.9+dfsg-1.

We recommend that you upgrade your php5 packages

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0464",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5 (ht205031)"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.24"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 thats all  10.11"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(ht205267)"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4 (ht205031)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "5.5.0-dev",
        "scope": null,
        "trust": 0.3,
        "vendor": "php",
        "version": null
      },
      {
        "model": "5.4.1rc1-dev",
        "scope": null,
        "trust": 0.3,
        "vendor": "php",
        "version": null
      },
      {
        "model": "5.4.0beta2",
        "scope": null,
        "trust": 0.3,
        "vendor": "php",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-041"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3329"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.6.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3329"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "emmanuel law",
    "sources": [
      {
        "db": "BID",
        "id": "74240"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3329",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3329",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81290",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3329",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-041",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81290",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3329",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81290"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-041"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3329"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. PHP is prone to a buffer-overflow vulnerability. \nAttackers can exploit this issue to execute  arbitrary code in the context of the affected application. Failed  exploit attempts will result in denial-of-service conditions. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. ==========================================================================\nUbuntu Security Notice USN-2572-1\nApril 20, 2015\n\nphp5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only applied to\nUbuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR files. \n(CVE-2015-2787)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.4\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.4\n  php5-cli                        5.5.12+dfsg-2ubuntu4.4\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.9\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.9\n  php5-cli                        5.5.9+dfsg-1ubuntu4.9\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.9\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.18\n  php5-cgi                        5.3.10-1ubuntu3.18\n  php5-cli                        5.3.10-1ubuntu3.18\n  php5-fpm                        5.3.10-1ubuntu3.18\n\nUbuntu 10.04 LTS:\n  libapache2-mod-php5             5.3.2-1ubuntu4.30\n  php5-cgi                        5.3.2-1ubuntu4.30\n  php5-cli                        5.3.2-1ubuntu4.30\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, x86_64\n\n3. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php security and bug fix update\nAdvisory ID:       RHSA-2015:1135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1135.html\nIssue date:        2015-06-23\nCVE Names:         CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 \n                   CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 \n                   CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 \n                   CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 \n                   CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 \n                   CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 \n                   CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption. \n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nppc64:\nphp-5.4.16-36.el7_1.ppc64.rpm\nphp-cli-5.4.16-36.el7_1.ppc64.rpm\nphp-common-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-gd-5.4.16-36.el7_1.ppc64.rpm\nphp-ldap-5.4.16-36.el7_1.ppc64.rpm\nphp-mysql-5.4.16-36.el7_1.ppc64.rpm\nphp-odbc-5.4.16-36.el7_1.ppc64.rpm\nphp-pdo-5.4.16-36.el7_1.ppc64.rpm\nphp-pgsql-5.4.16-36.el7_1.ppc64.rpm\nphp-process-5.4.16-36.el7_1.ppc64.rpm\nphp-recode-5.4.16-36.el7_1.ppc64.rpm\nphp-soap-5.4.16-36.el7_1.ppc64.rpm\nphp-xml-5.4.16-36.el7_1.ppc64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-5.4.16-36.el7_1.s390x.rpm\nphp-cli-5.4.16-36.el7_1.s390x.rpm\nphp-common-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-gd-5.4.16-36.el7_1.s390x.rpm\nphp-ldap-5.4.16-36.el7_1.s390x.rpm\nphp-mysql-5.4.16-36.el7_1.s390x.rpm\nphp-odbc-5.4.16-36.el7_1.s390x.rpm\nphp-pdo-5.4.16-36.el7_1.s390x.rpm\nphp-pgsql-5.4.16-36.el7_1.s390x.rpm\nphp-process-5.4.16-36.el7_1.s390x.rpm\nphp-recode-5.4.16-36.el7_1.s390x.rpm\nphp-soap-5.4.16-36.el7_1.s390x.rpm\nphp-xml-5.4.16-36.el7_1.s390x.rpm\nphp-xmlrpc-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.ael7b_1.src.rpm\n\nppc64le:\nphp-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-cli-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-common-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-gd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-ldap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-odbc-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pdo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-process-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-recode-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-soap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xml-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.el7_1.ppc64.rpm\nphp-dba-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-devel-5.4.16-36.el7_1.ppc64.rpm\nphp-embedded-5.4.16-36.el7_1.ppc64.rpm\nphp-enchant-5.4.16-36.el7_1.ppc64.rpm\nphp-fpm-5.4.16-36.el7_1.ppc64.rpm\nphp-intl-5.4.16-36.el7_1.ppc64.rpm\nphp-mbstring-5.4.16-36.el7_1.ppc64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.ppc64.rpm\nphp-pspell-5.4.16-36.el7_1.ppc64.rpm\nphp-snmp-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.el7_1.s390x.rpm\nphp-dba-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-devel-5.4.16-36.el7_1.s390x.rpm\nphp-embedded-5.4.16-36.el7_1.s390x.rpm\nphp-enchant-5.4.16-36.el7_1.s390x.rpm\nphp-fpm-5.4.16-36.el7_1.s390x.rpm\nphp-intl-5.4.16-36.el7_1.s390x.rpm\nphp-mbstring-5.4.16-36.el7_1.s390x.rpm\nphp-mysqlnd-5.4.16-36.el7_1.s390x.rpm\nphp-pspell-5.4.16-36.el7_1.s390x.rpm\nphp-snmp-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nphp-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-dba-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-devel-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-embedded-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-enchant-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-fpm-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-intl-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pspell-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-snmp-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O\ndtqycPWs+07GhjmZ6NNx5Bg=\n=FREZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n\nCVE-2015-4024\n\n    Denial of service when processing multipart/form-data requests. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1. \n\nWe recommend that you upgrade your php5 packages",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      },
      {
        "db": "BID",
        "id": "74240"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81290"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3329"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3329",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "74240",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032145",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94440136",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003046",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-041",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-81290",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3329",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131528",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132406",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132442",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132198",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81290"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3329"
      },
      {
        "db": "BID",
        "id": "74240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-041"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3329"
      }
    ]
  },
  "id": "VAR-201506-0464",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81290"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:31:55.698000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "Sec Bug #69441",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69441"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c"
      },
      {
        "title": "Red Hat: CVE-2015-3329",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3329"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2572-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-510",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-510"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-511",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-511"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-509",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-509"
      },
      {
        "title": "Debian Security Advisories: DSA-3280-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=46f85ac4e3abfa7a18e115fb47892db6"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81290"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3329"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/74240"
      },
      {
        "trust": 2.4,
        "url": "http://www.debian.org/security/2015/dsa-3280"
      },
      {
        "trust": 2.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-2572-1"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=69441"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1186.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1032145"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c"
      },
      {
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3329"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94440136/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3329"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213449"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2572-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.30"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.18"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4605"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4604"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81290"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3329"
      },
      {
        "db": "BID",
        "id": "74240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-041"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3329"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81290"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3329"
      },
      {
        "db": "BID",
        "id": "74240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-041"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3329"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81290"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3329"
      },
      {
        "date": "2015-04-20T00:00:00",
        "db": "BID",
        "id": "74240"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      },
      {
        "date": "2015-04-20T19:22:00",
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "date": "2015-07-09T23:16:17",
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "date": "2015-06-23T14:07:16",
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "date": "2015-06-25T14:18:25",
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-06-10T01:21:58",
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "date": "2015-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-041"
      },
      {
        "date": "2015-06-09T18:59:02.537000",
        "db": "NVD",
        "id": "CVE-2015-3329"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81290"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3329"
      },
      {
        "date": "2016-07-05T21:28:00",
        "db": "BID",
        "id": "74240"
      },
      {
        "date": "2015-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      },
      {
        "date": "2019-12-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-041"
      },
      {
        "date": "2023-11-07T02:25:36.413000",
        "db": "NVD",
        "id": "CVE-2015-3329"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-041"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  phar_internal.h of  phar_set_inode Stack-based buffer overflow vulnerability in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003046"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-041"
      }
    ],
    "trust": 0.6
  }
}

var-201605-0117
Vulnerability from variot

Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. PHP is prone to a remote format-string vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5. ============================================================================ Ubuntu Security Notice USN-2984-1 May 24, 2016

php5, php7.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)

Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3078)

It was discovered that PHP incorrectly handled invalid indexes in the SplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)

It was discovered that the PHP rawurlencode() function incorrectly handled large strings. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)

It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. This issue only affected Ubuntu 16.04 LTS. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)

It was discovered that the PHP phar extension incorrectly handled certain archive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343)

It was discovered that the PHP bcpowmod() function incorrectly handled memory. (CVE-2016-4537, CVE-2016-4538)

It was discovered that the PHP XML parser incorrectly handled certain malformed XML data. (CVE-2016-4539)

It was discovered that certain PHP grapheme functions incorrectly handled negative offsets. (CVE-2016-4540, CVE-2016-4541)

It was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.4-7ubuntu2.1 php7.0-cgi 7.0.4-7ubuntu2.1 php7.0-cli 7.0.4-7ubuntu2.1 php7.0-fpm 7.0.4-7ubuntu2.1

Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.4 php5-cgi 5.6.11+dfsg-1ubuntu3.4 php5-cli 5.6.11+dfsg-1ubuntu3.4 php5-fpm 5.6.11+dfsg-1ubuntu3.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.17 php5-cgi 5.5.9+dfsg-1ubuntu4.17 php5-cli 5.5.9+dfsg-1ubuntu4.17 php5-fpm 5.5.9+dfsg-1ubuntu4.17

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.23 php5-cgi 5.3.10-1ubuntu3.23 php5-cli 5.3.10-1ubuntu3.23 php5-fpm 5.3.10-1ubuntu3.23

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update Advisory ID: RHSA-2016:2750-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html Issue date: 2016-11-15 CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 =====================================================================

  1. Summary:

An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.

The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)

Security Fixes in the rh-php56-php component:

  • Several Moderate and Low impact security issues were found in PHP. Under certain circumstances, these issues could cause PHP to crash, disclose portions of its memory, execute arbitrary code, or impact PHP application integrity. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)

  • Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted regular expression could cause PHP to crash or, possibly, execute arbitrary code. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)

Red Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch() 1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23) 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19) 1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3) 1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) 1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36) 1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c 1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated 1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent 1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives 1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile() 1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data 1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd 1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method 1323103 - CVE-2016-4073 php: Negative size parameter in memcpy 1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name 1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error() 1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode 1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file 1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads 1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure 1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream() 1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition 1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input 1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used 1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used 1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow 1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c 1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects 1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches 1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns 1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal 1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread 1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc 1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities() 1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file() 1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow 1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow 1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec 1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread 1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize 1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351603 - CVE-2016-6128 gd: Invalid color index not properly handled 1358395 - CVE-2016-5399 php: Improper error handling in bzread() 1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex 1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization 1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE 1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment 1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc() 1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http 1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize() 1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c 1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener 1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex 1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object 1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability 1374699 - CVE-2016-7126 php: select_colors write out-of-bounds 1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access 1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF 1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access 1374707 - CVE-2016-7130 php: wddx_deserialize null dereference 1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml 1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm

x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm

noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm

x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-7456 https://access.redhat.com/security/cve/CVE-2014-9767 https://access.redhat.com/security/cve/CVE-2015-2325 https://access.redhat.com/security/cve/CVE-2015-2326 https://access.redhat.com/security/cve/CVE-2015-2327 https://access.redhat.com/security/cve/CVE-2015-2328 https://access.redhat.com/security/cve/CVE-2015-3210 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8381 https://access.redhat.com/security/cve/CVE-2015-8383 https://access.redhat.com/security/cve/CVE-2015-8384 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2015-8392 https://access.redhat.com/security/cve/CVE-2015-8395 https://access.redhat.com/security/cve/CVE-2015-8835 https://access.redhat.com/security/cve/CVE-2015-8865 https://access.redhat.com/security/cve/CVE-2015-8866 https://access.redhat.com/security/cve/CVE-2015-8867 https://access.redhat.com/security/cve/CVE-2015-8873 https://access.redhat.com/security/cve/CVE-2015-8874 https://access.redhat.com/security/cve/CVE-2015-8876 https://access.redhat.com/security/cve/CVE-2015-8877 https://access.redhat.com/security/cve/CVE-2015-8879 https://access.redhat.com/security/cve/CVE-2016-1903 https://access.redhat.com/security/cve/CVE-2016-2554 https://access.redhat.com/security/cve/CVE-2016-3074 https://access.redhat.com/security/cve/CVE-2016-3141 https://access.redhat.com/security/cve/CVE-2016-3142 https://access.redhat.com/security/cve/CVE-2016-4070 https://access.redhat.com/security/cve/CVE-2016-4071 https://access.redhat.com/security/cve/CVE-2016-4072 https://access.redhat.com/security/cve/CVE-2016-4073 https://access.redhat.com/security/cve/CVE-2016-4342 https://access.redhat.com/security/cve/CVE-2016-4343 https://access.redhat.com/security/cve/CVE-2016-4473 https://access.redhat.com/security/cve/CVE-2016-4537 https://access.redhat.com/security/cve/CVE-2016-4538 https://access.redhat.com/security/cve/CVE-2016-4539 https://access.redhat.com/security/cve/CVE-2016-4540 https://access.redhat.com/security/cve/CVE-2016-4541 https://access.redhat.com/security/cve/CVE-2016-4542 https://access.redhat.com/security/cve/CVE-2016-4543 https://access.redhat.com/security/cve/CVE-2016-4544 https://access.redhat.com/security/cve/CVE-2016-5093 https://access.redhat.com/security/cve/CVE-2016-5094 https://access.redhat.com/security/cve/CVE-2016-5096 https://access.redhat.com/security/cve/CVE-2016-5114 https://access.redhat.com/security/cve/CVE-2016-5399 https://access.redhat.com/security/cve/CVE-2016-5766 https://access.redhat.com/security/cve/CVE-2016-5767 https://access.redhat.com/security/cve/CVE-2016-5768 https://access.redhat.com/security/cve/CVE-2016-5770 https://access.redhat.com/security/cve/CVE-2016-5771 https://access.redhat.com/security/cve/CVE-2016-5772 https://access.redhat.com/security/cve/CVE-2016-5773 https://access.redhat.com/security/cve/CVE-2016-6128 https://access.redhat.com/security/cve/CVE-2016-6207 https://access.redhat.com/security/cve/CVE-2016-6288 https://access.redhat.com/security/cve/CVE-2016-6289 https://access.redhat.com/security/cve/CVE-2016-6290 https://access.redhat.com/security/cve/CVE-2016-6291 https://access.redhat.com/security/cve/CVE-2016-6292 https://access.redhat.com/security/cve/CVE-2016-6294 https://access.redhat.com/security/cve/CVE-2016-6295 https://access.redhat.com/security/cve/CVE-2016-6296 https://access.redhat.com/security/cve/CVE-2016-6297 https://access.redhat.com/security/cve/CVE-2016-7124 https://access.redhat.com/security/cve/CVE-2016-7125 https://access.redhat.com/security/cve/CVE-2016-7126 https://access.redhat.com/security/cve/CVE-2016-7127 https://access.redhat.com/security/cve/CVE-2016-7128 https://access.redhat.com/security/cve/CVE-2016-7129 https://access.redhat.com/security/cve/CVE-2016-7130 https://access.redhat.com/security/cve/CVE-2016-7131 https://access.redhat.com/security/cve/CVE-2016-7132 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs UCuj+0gWfBsWXOgFhgH0uL8= =FcPG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05240731 Version: 1

HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-08-19 Last Updated: 2016-08-19

Potential Security Impact: Local Denial of Service (DoS), Elevation of Privilege, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Disclosure of Information, Unauthorized Modification

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory.

References:

- CVE-2016-1238 - Perl Local Elevation of Privilege
- CVE-2016-2381 - Perl Remote Unauthorized Modification
- CVE-2014-4330 - Perl Local Denial of Service (DoS)

    **Note:** applies only for the H/J-series SPR. Fix was already

provided in a previous L-series SPR. OSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and T1203L01^AAC

*Impacted releases:*

- L15.02
- L15.08.00, L15.08.01
- L16.05.00

- J06.14 through J06.16.02
- J06.17.00, J06.17.01
- J06.18.00, J06.18.01
- J06.19.00, J06.19.01, J06.19.02
- J06.20.00

- H06.25 through H06.26.01
- H06.27.00, H06.27.01
- H06.28.00, H06.28.01
- H06.29.00, H06.29.01

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2013-7456
  7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2014-4330
  4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-8383
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8386
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8387
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8389
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8390
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8391
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

CVE-2015-8393
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-8394
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8607
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8853
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-8865
  7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-8874
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-1238
  6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
  6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)

CVE-2016-1903
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE-2016-2381
  6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-2016-2554
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2016-3074
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4070
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2016-4071
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4072
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4073
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4342
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVE-2016-4343
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-4537
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4538
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4539
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4540
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4541
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4542
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4543
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-4544
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5093
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5094
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5096
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5114
  9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE-2016-5766
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5767
  8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2016-5768
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5769
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5770
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5771
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5772
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2016-5773
  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has released the following software updates to resolve the vulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP.

Install one of the SPRs below as appropriate for the system's release version:

  • L-Series:

    • T1203L01^AAE (OSS Scripting Languages) - already available

      This SPR already is present in these RVUs: None

      This SPR is usable with the following RVUs:

      • L15.02 through L16.05.00
  • H and J-Series:

    • T1203H01^AAF (OSS Scripting Languages) - already available

      This SPR already is present in these RVUs: None

      This SPR is usable with the following RVUs:

      • J06.14 through J06.20.00

      • H06.25 through H06.29.01

Note: Please refer to NonStop Hotstuff HS03333 for more information.

HISTORY Version:1 (rev.1) - 19 August 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


Debian Security Advisory DSA-3560-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2016 https://www.debian.org/security/faq


Package : php5 CVE ID : CVE-2015-8865 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. Please refer to the upstream changelog for more information:

https://php.net/ChangeLog-5.php#5.6.20

For the stable distribution (jessie), these problems have been fixed in version 5.6.20+dfsg-0+deb8u1.

We recommend that you upgrade your php5 packages.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/php < 5.6.28 >= 5.6.28

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.28"

References

[ 1 ] CVE-2015-8865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865 [ 2 ] CVE-2016-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074 [ 3 ] CVE-2016-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071 [ 4 ] CVE-2016-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072 [ 5 ] CVE-2016-4073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073 [ 6 ] CVE-2016-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537 [ 7 ] CVE-2016-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538 [ 8 ] CVE-2016-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539 [ 9 ] CVE-2016-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540 [ 10 ] CVE-2016-4541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541 [ 11 ] CVE-2016-4542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542 [ 12 ] CVE-2016-4543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543 [ 13 ] CVE-2016-4544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544 [ 14 ] CVE-2016-5385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385 [ 15 ] CVE-2016-6289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289 [ 16 ] CVE-2016-6290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290 [ 17 ] CVE-2016-6291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291 [ 18 ] CVE-2016-6292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292 [ 19 ] CVE-2016-6294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294 [ 20 ] CVE-2016-6295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295 [ 21 ] CVE-2016-6296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296 [ 22 ] CVE-2016-6297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297 [ 23 ] CVE-2016-7124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124 [ 24 ] CVE-2016-7125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125 [ 25 ] CVE-2016-7126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126 [ 26 ] CVE-2016-7127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127 [ 27 ] CVE-2016-7128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128 [ 28 ] CVE-2016-7129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129 [ 29 ] CVE-2016-7130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130 [ 30 ] CVE-2016-7131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131 [ 31 ] CVE-2016-7132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132 [ 32 ] CVE-2016-7133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133 [ 33 ] CVE-2016-7134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134 [ 34 ] CVE-2016-7411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411 [ 35 ] CVE-2016-7412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412 [ 36 ] CVE-2016-7413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413 [ 37 ] CVE-2016-7414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414 [ 38 ] CVE-2016-7416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416 [ 39 ] CVE-2016-7417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417 [ 40 ] CVE-2016-7418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201611-22

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0117",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.31"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.30"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.33"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.32"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "7.0.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.0.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.16"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.15"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.0.5"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.20"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "mac os security update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016-0020"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "7.0.5"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.20"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.34"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.6"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016-0030"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "85800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4071"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-558"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4071"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrew",
    "sources": [
      {
        "db": "BID",
        "id": "85800"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-4071",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4071",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-92890",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-4071",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4071",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-558",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-92890",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-4071",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92890"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4071"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-558"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. PHP is prone to a remote format-string vulnerability. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5. ============================================================================\nUbuntu Security Notice USN-2984-1\nMay 24, 2016\n\nphp5, php7.0 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)\n\nHans Jerry Illikainen discovered that the PHP Zip extension incorrectly\nhandled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. \n(CVE-2016-3078)\n\nIt was discovered that PHP incorrectly handled invalid indexes in the\nSplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)\n\nIt was discovered that the PHP rawurlencode() function incorrectly handled\nlarge strings. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n16.04 LTS. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\nfilenames in archives. This issue only affected Ubuntu 16.04 LTS. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\narchive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2016-4342, CVE-2016-4343)\n\nIt was discovered that the PHP bcpowmod() function incorrectly handled\nmemory. \n(CVE-2016-4537, CVE-2016-4538)\n\nIt was discovered that the PHP XML parser incorrectly handled certain\nmalformed XML data. (CVE-2016-4539)\n\nIt was discovered that certain PHP grapheme functions incorrectly handled\nnegative offsets. (CVE-2016-4540,\nCVE-2016-4541)\n\nIt was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543,\nCVE-2016-4544)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libapache2-mod-php7.0           7.0.4-7ubuntu2.1\n  php7.0-cgi                      7.0.4-7ubuntu2.1\n  php7.0-cli                      7.0.4-7ubuntu2.1\n  php7.0-fpm                      7.0.4-7ubuntu2.1\n\nUbuntu 15.10:\n  libapache2-mod-php5             5.6.11+dfsg-1ubuntu3.4\n  php5-cgi                        5.6.11+dfsg-1ubuntu3.4\n  php5-cli                        5.6.11+dfsg-1ubuntu3.4\n  php5-fpm                        5.6.11+dfsg-1ubuntu3.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.17\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.17\n  php5-cli                        5.5.9+dfsg-1ubuntu4.17\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.17\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.23\n  php5-cgi                        5.3.10-1ubuntu3.23\n  php5-cli                        5.3.10-1ubuntu3.23\n  php5-fpm                        5.3.10-1ubuntu3.23\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: rh-php56 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2016:2750-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2750.html\nIssue date:        2016-11-15\nCVE Names:         CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 \n                   CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 \n                   CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 \n                   CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 \n                   CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 \n                   CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 \n                   CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 \n                   CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 \n                   CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 \n                   CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 \n                   CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 \n                   CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 \n                   CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 \n                   CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 \n                   CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 \n                   CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 \n                   CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 \n                   CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 \n                   CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 \n                   CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 \n                   CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 \n                   CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 \n                   CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 \n                   CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 \n                   CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 \n                   CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 \n                   CVE-2016-7132 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-php56, rh-php56-php, and rh-php56-php-pear is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The rh-php56 packages provide a recent stable release of PHP\nwith PEAR 1.9.5 and enhanced language features including constant\nexpressions, variadic functions, arguments unpacking, and the interactive\ndebuger. The memcache, mongo, and XDebug extensions are also included. \n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which\nprovides a number of bug fixes and enhancements over the previous version. \n(BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Under\ncertain circumstances, these issues could cause PHP to crash, disclose\nportions of its memory, execute arbitrary code, or impact PHP application\nintegrity. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-7456,\nCVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867,\nCVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879,\nCVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142,\nCVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342,\nCVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539,\nCVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544,\nCVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399,\nCVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771,\nCVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288,\nCVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294,\nCVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125,\nCVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130,\nCVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the\nrh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted\nregular expression could cause PHP to crash or, possibly, execute arbitrary\ncode. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,\nCVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383,\nCVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391,\nCVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting\nCVE-2016-3074, CVE-2016-4473, and CVE-2016-5399. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch()\n1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23)\n1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)\n1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)\n1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories\n1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)\n1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)\n1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)\n1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)\n1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)\n1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)\n1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)\n1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)\n1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)\n1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c\n1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated\n1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent\n1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives\n1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile()\n1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data\n1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd\n1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method\n1323103 - CVE-2016-4073 php: Negative size parameter in memcpy\n1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \\0 inside name\n1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error()\n1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode\n1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file\n1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads\n1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure\n1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream()\n1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition\n1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input\n1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used\n1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used\n1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow\n1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c\n1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects\n1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches\n1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns\n1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal\n1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread\n1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc\n1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities()\n1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file()\n1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow\n1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec\n1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread\n1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize\n1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP\u0027s GC algorithm and unserialize\n1351603 - CVE-2016-6128 gd: Invalid color index not properly handled\n1358395 - CVE-2016-5399 php: Improper error handling in bzread()\n1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex\n1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization\n1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE\n1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment\n1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()\n1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http\n1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize()\n1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c\n1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex\n1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object\n1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability\n1374699 - CVE-2016-7126 php: select_colors write out-of-bounds\n1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access\n1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF\n1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access\n1374707 - CVE-2016-7130 php: wddx_deserialize null dereference\n1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml\n1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-2.3-1.el6.src.rpm\nrh-php56-php-5.6.25-1.el6.src.rpm\nrh-php56-php-pear-1.9.5-4.el6.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el6.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el6.x86_64.rpm\nrh-php56-php-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-imap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm\nrh-php56-runtime-2.3-1.el6.x86_64.rpm\nrh-php56-scldevel-2.3-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-2.3-1.el7.src.rpm\nrh-php56-php-5.6.25-1.el7.src.rpm\nrh-php56-php-pear-1.9.5-4.el7.src.rpm\n\nnoarch:\nrh-php56-php-pear-1.9.5-4.el7.noarch.rpm\n\nx86_64:\nrh-php56-2.3-1.el7.x86_64.rpm\nrh-php56-php-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-cli-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-common-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dba-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-devel-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-intl-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-process-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-recode-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-soap-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xml-5.6.25-1.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm\nrh-php56-runtime-2.3-1.el7.x86_64.rpm\nrh-php56-scldevel-2.3-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-7456\nhttps://access.redhat.com/security/cve/CVE-2014-9767\nhttps://access.redhat.com/security/cve/CVE-2015-2325\nhttps://access.redhat.com/security/cve/CVE-2015-2326\nhttps://access.redhat.com/security/cve/CVE-2015-2327\nhttps://access.redhat.com/security/cve/CVE-2015-2328\nhttps://access.redhat.com/security/cve/CVE-2015-3210\nhttps://access.redhat.com/security/cve/CVE-2015-3217\nhttps://access.redhat.com/security/cve/CVE-2015-5073\nhttps://access.redhat.com/security/cve/CVE-2015-8381\nhttps://access.redhat.com/security/cve/CVE-2015-8383\nhttps://access.redhat.com/security/cve/CVE-2015-8384\nhttps://access.redhat.com/security/cve/CVE-2015-8385\nhttps://access.redhat.com/security/cve/CVE-2015-8386\nhttps://access.redhat.com/security/cve/CVE-2015-8388\nhttps://access.redhat.com/security/cve/CVE-2015-8391\nhttps://access.redhat.com/security/cve/CVE-2015-8392\nhttps://access.redhat.com/security/cve/CVE-2015-8395\nhttps://access.redhat.com/security/cve/CVE-2015-8835\nhttps://access.redhat.com/security/cve/CVE-2015-8865\nhttps://access.redhat.com/security/cve/CVE-2015-8866\nhttps://access.redhat.com/security/cve/CVE-2015-8867\nhttps://access.redhat.com/security/cve/CVE-2015-8873\nhttps://access.redhat.com/security/cve/CVE-2015-8874\nhttps://access.redhat.com/security/cve/CVE-2015-8876\nhttps://access.redhat.com/security/cve/CVE-2015-8877\nhttps://access.redhat.com/security/cve/CVE-2015-8879\nhttps://access.redhat.com/security/cve/CVE-2016-1903\nhttps://access.redhat.com/security/cve/CVE-2016-2554\nhttps://access.redhat.com/security/cve/CVE-2016-3074\nhttps://access.redhat.com/security/cve/CVE-2016-3141\nhttps://access.redhat.com/security/cve/CVE-2016-3142\nhttps://access.redhat.com/security/cve/CVE-2016-4070\nhttps://access.redhat.com/security/cve/CVE-2016-4071\nhttps://access.redhat.com/security/cve/CVE-2016-4072\nhttps://access.redhat.com/security/cve/CVE-2016-4073\nhttps://access.redhat.com/security/cve/CVE-2016-4342\nhttps://access.redhat.com/security/cve/CVE-2016-4343\nhttps://access.redhat.com/security/cve/CVE-2016-4473\nhttps://access.redhat.com/security/cve/CVE-2016-4537\nhttps://access.redhat.com/security/cve/CVE-2016-4538\nhttps://access.redhat.com/security/cve/CVE-2016-4539\nhttps://access.redhat.com/security/cve/CVE-2016-4540\nhttps://access.redhat.com/security/cve/CVE-2016-4541\nhttps://access.redhat.com/security/cve/CVE-2016-4542\nhttps://access.redhat.com/security/cve/CVE-2016-4543\nhttps://access.redhat.com/security/cve/CVE-2016-4544\nhttps://access.redhat.com/security/cve/CVE-2016-5093\nhttps://access.redhat.com/security/cve/CVE-2016-5094\nhttps://access.redhat.com/security/cve/CVE-2016-5096\nhttps://access.redhat.com/security/cve/CVE-2016-5114\nhttps://access.redhat.com/security/cve/CVE-2016-5399\nhttps://access.redhat.com/security/cve/CVE-2016-5766\nhttps://access.redhat.com/security/cve/CVE-2016-5767\nhttps://access.redhat.com/security/cve/CVE-2016-5768\nhttps://access.redhat.com/security/cve/CVE-2016-5770\nhttps://access.redhat.com/security/cve/CVE-2016-5771\nhttps://access.redhat.com/security/cve/CVE-2016-5772\nhttps://access.redhat.com/security/cve/CVE-2016-5773\nhttps://access.redhat.com/security/cve/CVE-2016-6128\nhttps://access.redhat.com/security/cve/CVE-2016-6207\nhttps://access.redhat.com/security/cve/CVE-2016-6288\nhttps://access.redhat.com/security/cve/CVE-2016-6289\nhttps://access.redhat.com/security/cve/CVE-2016-6290\nhttps://access.redhat.com/security/cve/CVE-2016-6291\nhttps://access.redhat.com/security/cve/CVE-2016-6292\nhttps://access.redhat.com/security/cve/CVE-2016-6294\nhttps://access.redhat.com/security/cve/CVE-2016-6295\nhttps://access.redhat.com/security/cve/CVE-2016-6296\nhttps://access.redhat.com/security/cve/CVE-2016-6297\nhttps://access.redhat.com/security/cve/CVE-2016-7124\nhttps://access.redhat.com/security/cve/CVE-2016-7125\nhttps://access.redhat.com/security/cve/CVE-2016-7126\nhttps://access.redhat.com/security/cve/CVE-2016-7127\nhttps://access.redhat.com/security/cve/CVE-2016-7128\nhttps://access.redhat.com/security/cve/CVE-2016-7129\nhttps://access.redhat.com/security/cve/CVE-2016-7130\nhttps://access.redhat.com/security/cve/CVE-2016-7131\nhttps://access.redhat.com/security/cve/CVE-2016-7132\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs\nUCuj+0gWfBsWXOgFhgH0uL8=\n=FcPG\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05240731\nVersion: 1\n\nHPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and\nPHP, Multiple Local and Remote Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-08-19\nLast Updated: 2016-08-19\n\nPotential Security Impact: Local Denial of Service (DoS), Elevation of\nPrivilege, Remote Denial of Service (DoS), Execution of Arbitrary Code,\nUnauthorized Disclosure of Information, Unauthorized Modification\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential remote and local vulnerabilities impacting Perl and PHP\nhave been addressed by HPE NonStop Servers OSS Script Languages. The\nvulnerabilities include Perl\u0027s opportunistic loading of optional modules\nwhich might allow local users to gain elevation of privilege via a Trojan\nhorse library under the current working directory. \n\nReferences:\n\n    - CVE-2016-1238 - Perl Local Elevation of Privilege\n    - CVE-2016-2381 - Perl Remote Unauthorized Modification\n    - CVE-2014-4330 - Perl Local Denial of Service (DoS)\n\n        **Note:** applies only for the H/J-series SPR. Fix was already\nprovided in a previous L-series SPR. \nOSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and\nT1203L01^AAC\n\n    *Impacted releases:*\n\n    - L15.02\n    - L15.08.00, L15.08.01\n    - L16.05.00\n\n    - J06.14 through J06.16.02\n    - J06.17.00, J06.17.01\n    - J06.18.00, J06.18.01\n    - J06.19.00, J06.19.01, J06.19.02\n    - J06.20.00\n\n    - H06.25 through H06.26.01\n    - H06.27.00, H06.27.01\n    - H06.28.00, H06.28.01\n    - H06.29.00, H06.29.01\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2013-7456\n      7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-4330\n      4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-8383\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8386\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8387\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8389\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8390\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8391\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)\n\n    CVE-2015-8393\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-8394\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8607\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8853\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-8865\n      7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-8874\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-1238\n      6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\n      6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-1903\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    CVE-2016-2381\n      6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\n      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n    CVE-2016-2554\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-3074\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4070\n      7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-4071\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4072\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4073\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4342\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)\n\n    CVE-2016-4343\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4537\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4538\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4539\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4540\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4541\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4542\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4543\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-4544\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5093\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5094\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5096\n      8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5114\n      9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\n      6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n    CVE-2016-5766\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5767\n      8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5768\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5769\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5770\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5771\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5772\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-5773\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has released the following software updates to resolve the\nvulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP. \n\nInstall one of the SPRs below as appropriate for the system\u0027s release\nversion:\n\n  + L-Series:\n\n    * T1203L01^AAE (OSS Scripting Languages) - already available\n\n        This SPR already is present in these RVUs: None\n\n        This SPR is usable with the following RVUs:\n\n        - L15.02 through L16.05.00\n\n  + H and J-Series:\n\n    * T1203H01^AAF (OSS Scripting Languages) - already available\n\n        This SPR already is present in these RVUs: None\n\n        This SPR is usable with the following RVUs:\n\n         - J06.14 through J06.20.00\n\n         - H06.25 through H06.29.01\n\n**Note:** Please refer to *NonStop Hotstuff HS03333* for more information. \n\nHISTORY\nVersion:1 (rev.1) - 19 August 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3560-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nApril 27, 2016                        https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : php5\nCVE ID         : CVE-2015-8865 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072\n                 CVE-2016-4073\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. Please refer to the\nupstream changelog for more information:\n\n https://php.net/ChangeLog-5.php#5.6.20\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.20+dfsg-0+deb8u1. \n\nWe recommend that you upgrade your php5 packages. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/php                 \u003c 5.6.28                  \u003e= 5.6.28\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.28\"\n\nReferences\n==========\n\n[  1 ] CVE-2015-8865\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865\n[  2 ] CVE-2016-3074\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074\n[  3 ] CVE-2016-4071\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071\n[  4 ] CVE-2016-4072\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072\n[  5 ] CVE-2016-4073\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073\n[  6 ] CVE-2016-4537\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537\n[  7 ] CVE-2016-4538\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538\n[  8 ] CVE-2016-4539\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539\n[  9 ] CVE-2016-4540\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540\n[ 10 ] CVE-2016-4541\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541\n[ 11 ] CVE-2016-4542\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542\n[ 12 ] CVE-2016-4543\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543\n[ 13 ] CVE-2016-4544\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544\n[ 14 ] CVE-2016-5385\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385\n[ 15 ] CVE-2016-6289\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289\n[ 16 ] CVE-2016-6290\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290\n[ 17 ] CVE-2016-6291\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291\n[ 18 ] CVE-2016-6292\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292\n[ 19 ] CVE-2016-6294\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294\n[ 20 ] CVE-2016-6295\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295\n[ 21 ] CVE-2016-6296\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296\n[ 22 ] CVE-2016-6297\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297\n[ 23 ] CVE-2016-7124\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124\n[ 24 ] CVE-2016-7125\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125\n[ 25 ] CVE-2016-7126\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126\n[ 26 ] CVE-2016-7127\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127\n[ 27 ] CVE-2016-7128\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128\n[ 28 ] CVE-2016-7129\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129\n[ 29 ] CVE-2016-7130\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130\n[ 30 ] CVE-2016-7131\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131\n[ 31 ] CVE-2016-7132\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132\n[ 32 ] CVE-2016-7133\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133\n[ 33 ] CVE-2016-7134\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134\n[ 34 ] CVE-2016-7411\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411\n[ 35 ] CVE-2016-7412\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412\n[ 36 ] CVE-2016-7413\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413\n[ 37 ] CVE-2016-7414\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414\n[ 38 ] CVE-2016-7416\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416\n[ 39 ] CVE-2016-7417\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417\n[ 40 ] CVE-2016-7418\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201611-22\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      },
      {
        "db": "BID",
        "id": "85800"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92890"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4071"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-92890",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39645",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92890"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4071"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4071",
        "trust": 3.5
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/04/24/1",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "85800",
        "trust": 1.5
      },
      {
        "db": "EXPLOIT-DB",
        "id": "39645",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU91632741",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002854",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-558",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-92890",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4071",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137174",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139729",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138463",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136841",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139379",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139968",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92890"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4071"
      },
      {
        "db": "BID",
        "id": "85800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4071"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-558"
      }
    ]
  },
  "id": "VAR-201605-0117",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92890"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:24:56.351000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206567"
      },
      {
        "title": "HT206567",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206567"
      },
      {
        "title": "HPSBNS03635",
        "trust": 0.8,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05240731"
      },
      {
        "title": "Sec Bug #71704",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=71704"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "title": "Fixed bug #71704 php_snmp_error() Format String Vulnerability",
        "trust": 0.8,
        "url": "https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8"
      },
      {
        "title": "PHP 7 ChangeLog",
        "trust": 0.8,
        "url": "http://www.php.net/changelog-7.php"
      },
      {
        "title": "PHP Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61241"
      },
      {
        "title": "Debian Security Advisories: DSA-3560-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f33dfec360e1186a6d0f52314de3ce6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-698",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-698"
      },
      {
        "title": "Ubuntu Security Notice: php5, php7.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2984-1"
      },
      {
        "title": "Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162750 - security advisory"
      },
      {
        "title": "Apple: OS X El Capitan v10.11.5 and Security Update 2016-003",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3c550201b398ce302f3a9adf27215fda"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-4071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-558"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4071"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=71704"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "http://www.php.net/changelog-7.php"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206567"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2016/04/24/1"
      },
      {
        "trust": 1.4,
        "url": "https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8"
      },
      {
        "trust": 1.3,
        "url": "https://www.exploit-db.com/exploits/39645/"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201611-22"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2750.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/85800"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05240731"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
      },
      {
        "trust": 1.2,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
      },
      {
        "trust": 1.2,
        "url": "http://www.debian.org/security/2016/dsa-3560"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2952-1"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2952-2"
      },
      {
        "trust": 1.0,
        "url": "https://git.php.net/?p=php-src.git%3ba=commit%3bh=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4071"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91632741/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4071"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8865"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4073"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4544"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8386"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8391"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8383"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8874"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.2,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2984-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/linuxrpm-rhsa-rhel6-unaffected"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/./dsa-3560"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3132"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.4-7ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3078"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.23"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.17"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2984-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6288"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5093"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8383"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8384"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4342"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-7456"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5073"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2327"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4473"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8874"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5096"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4070"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2328"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8853"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05240731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8393"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8389"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8390"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://php.net/changelog-5.php#5.6.20"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4393"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4396"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4395"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7131"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7417"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4542"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6297"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7124"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4538"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7132"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7416"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8865"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5385"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4539"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4072"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7134"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7411"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4537"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7413"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4541"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6290"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7414"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7126"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4071"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7133"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6295"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6294"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7125"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4543"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4540"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7418"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7127"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3074"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92890"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4071"
      },
      {
        "db": "BID",
        "id": "85800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4071"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-558"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-92890"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4071"
      },
      {
        "db": "BID",
        "id": "85800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      },
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4071"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-558"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92890"
      },
      {
        "date": "2016-05-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4071"
      },
      {
        "date": "2016-03-02T00:00:00",
        "db": "BID",
        "id": "85800"
      },
      {
        "date": "2016-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      },
      {
        "date": "2016-05-24T23:31:17",
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "date": "2016-11-15T16:44:45",
        "db": "PACKETSTORM",
        "id": "139729"
      },
      {
        "date": "2016-08-22T18:18:17",
        "db": "PACKETSTORM",
        "id": "138463"
      },
      {
        "date": "2016-04-28T15:45:53",
        "db": "PACKETSTORM",
        "id": "136841"
      },
      {
        "date": "2016-10-27T19:22:00",
        "db": "PACKETSTORM",
        "id": "139379"
      },
      {
        "date": "2016-12-01T16:38:01",
        "db": "PACKETSTORM",
        "id": "139968"
      },
      {
        "date": "2016-05-20T11:00:15.473000",
        "db": "NVD",
        "id": "CVE-2016-4071"
      },
      {
        "date": "2016-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-558"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92890"
      },
      {
        "date": "2018-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4071"
      },
      {
        "date": "2016-12-20T00:05:00",
        "db": "BID",
        "id": "85800"
      },
      {
        "date": "2016-10-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      },
      {
        "date": "2023-11-07T02:32:33.527000",
        "db": "NVD",
        "id": "CVE-2016-4071"
      },
      {
        "date": "2016-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-558"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137174"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-558"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/snmp/snmp.c of  php_snmp_error Format string vulnerability in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002854"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-558"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0264
Vulnerability from variot

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. PHP is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability stems from the fact that the program does not verify whether the first character of the file name is a ' ' character. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

This update also fixes the following bugs:

  • The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305)

  • When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299)

  • Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm

s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: php-5.4.16-36.ael7b_1.src.rpm

ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm

s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: php-5.4.16-36.el7_1.src.rpm

x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg= =FREZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.41-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 5e8d107dba11f8c87693edfdc32f56b7 php-5.4.41-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 24d6895fe6b0e9c88b04ceaccc35383d php-5.4.41-x86_64-1_slack14.0.txz

Slackware 14.1 package: 52011eec3a256a365789562b63e8ba84 php-5.4.41-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 82b75af6253121cab6cc84dd714f554c php-5.4.41-x86_64-1_slack14.1.txz

Slackware -current package: e1c64f133f44b0abac21e0846e39d3c8 n/php-5.6.9-i586-1.txz

Slackware x86_64 -current package: ae51c99af34a4bd8721e7140c38a8c1a n/php-5.6.9-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.4.41-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0264",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.37"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.30"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.36"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.35"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.34"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.33"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.32"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.31"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.10"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.2"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.41"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-558"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4021"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.40",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4021"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-4021",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-4021",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-81982",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4021",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-558",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81982",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-4021",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81982"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-558"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4021"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \\0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. PHP is prone to a remote memory-corruption vulnerability. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability stems from the fact that the program does not verify whether the first character of the file name is a \u0027 \u0027 character. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php security and bug fix update\nAdvisory ID:       RHSA-2015:1135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1135.html\nIssue date:        2015-06-23\nCVE Names:         CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 \n                   CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 \n                   CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 \n                   CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 \n                   CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 \n                   CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 \n                   CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption. \n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()\n1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188599 - CVE-2014-9652 file: out of bounds read in mconvert()\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nppc64:\nphp-5.4.16-36.el7_1.ppc64.rpm\nphp-cli-5.4.16-36.el7_1.ppc64.rpm\nphp-common-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-gd-5.4.16-36.el7_1.ppc64.rpm\nphp-ldap-5.4.16-36.el7_1.ppc64.rpm\nphp-mysql-5.4.16-36.el7_1.ppc64.rpm\nphp-odbc-5.4.16-36.el7_1.ppc64.rpm\nphp-pdo-5.4.16-36.el7_1.ppc64.rpm\nphp-pgsql-5.4.16-36.el7_1.ppc64.rpm\nphp-process-5.4.16-36.el7_1.ppc64.rpm\nphp-recode-5.4.16-36.el7_1.ppc64.rpm\nphp-soap-5.4.16-36.el7_1.ppc64.rpm\nphp-xml-5.4.16-36.el7_1.ppc64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-5.4.16-36.el7_1.s390x.rpm\nphp-cli-5.4.16-36.el7_1.s390x.rpm\nphp-common-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-gd-5.4.16-36.el7_1.s390x.rpm\nphp-ldap-5.4.16-36.el7_1.s390x.rpm\nphp-mysql-5.4.16-36.el7_1.s390x.rpm\nphp-odbc-5.4.16-36.el7_1.s390x.rpm\nphp-pdo-5.4.16-36.el7_1.s390x.rpm\nphp-pgsql-5.4.16-36.el7_1.s390x.rpm\nphp-process-5.4.16-36.el7_1.s390x.rpm\nphp-recode-5.4.16-36.el7_1.s390x.rpm\nphp-soap-5.4.16-36.el7_1.s390x.rpm\nphp-xml-5.4.16-36.el7_1.s390x.rpm\nphp-xmlrpc-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.ael7b_1.src.rpm\n\nppc64le:\nphp-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-cli-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-common-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-gd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-ldap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-odbc-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pdo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-process-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-recode-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-soap-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xml-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.el7_1.ppc64.rpm\nphp-dba-5.4.16-36.el7_1.ppc64.rpm\nphp-debuginfo-5.4.16-36.el7_1.ppc64.rpm\nphp-devel-5.4.16-36.el7_1.ppc64.rpm\nphp-embedded-5.4.16-36.el7_1.ppc64.rpm\nphp-enchant-5.4.16-36.el7_1.ppc64.rpm\nphp-fpm-5.4.16-36.el7_1.ppc64.rpm\nphp-intl-5.4.16-36.el7_1.ppc64.rpm\nphp-mbstring-5.4.16-36.el7_1.ppc64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.ppc64.rpm\nphp-pspell-5.4.16-36.el7_1.ppc64.rpm\nphp-snmp-5.4.16-36.el7_1.ppc64.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.el7_1.s390x.rpm\nphp-dba-5.4.16-36.el7_1.s390x.rpm\nphp-debuginfo-5.4.16-36.el7_1.s390x.rpm\nphp-devel-5.4.16-36.el7_1.s390x.rpm\nphp-embedded-5.4.16-36.el7_1.s390x.rpm\nphp-enchant-5.4.16-36.el7_1.s390x.rpm\nphp-fpm-5.4.16-36.el7_1.s390x.rpm\nphp-intl-5.4.16-36.el7_1.s390x.rpm\nphp-mbstring-5.4.16-36.el7_1.s390x.rpm\nphp-mysqlnd-5.4.16-36.el7_1.s390x.rpm\nphp-pspell-5.4.16-36.el7_1.s390x.rpm\nphp-snmp-5.4.16-36.el7_1.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nphp-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-dba-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-devel-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-embedded-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-enchant-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-fpm-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-intl-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-pspell-5.4.16-36.ael7b_1.ppc64le.rpm\nphp-snmp-5.4.16-36.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.el7_1.src.rpm\n\nx86_64:\nphp-5.4.16-36.el7_1.x86_64.rpm\nphp-cli-5.4.16-36.el7_1.x86_64.rpm\nphp-common-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-gd-5.4.16-36.el7_1.x86_64.rpm\nphp-ldap-5.4.16-36.el7_1.x86_64.rpm\nphp-mysql-5.4.16-36.el7_1.x86_64.rpm\nphp-odbc-5.4.16-36.el7_1.x86_64.rpm\nphp-pdo-5.4.16-36.el7_1.x86_64.rpm\nphp-pgsql-5.4.16-36.el7_1.x86_64.rpm\nphp-process-5.4.16-36.el7_1.x86_64.rpm\nphp-recode-5.4.16-36.el7_1.x86_64.rpm\nphp-soap-5.4.16-36.el7_1.x86_64.rpm\nphp-xml-5.4.16-36.el7_1.x86_64.rpm\nphp-xmlrpc-5.4.16-36.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.el7_1.x86_64.rpm\nphp-dba-5.4.16-36.el7_1.x86_64.rpm\nphp-debuginfo-5.4.16-36.el7_1.x86_64.rpm\nphp-devel-5.4.16-36.el7_1.x86_64.rpm\nphp-embedded-5.4.16-36.el7_1.x86_64.rpm\nphp-enchant-5.4.16-36.el7_1.x86_64.rpm\nphp-fpm-5.4.16-36.el7_1.x86_64.rpm\nphp-intl-5.4.16-36.el7_1.x86_64.rpm\nphp-mbstring-5.4.16-36.el7_1.x86_64.rpm\nphp-mysqlnd-5.4.16-36.el7_1.x86_64.rpm\nphp-pspell-5.4.16-36.el7_1.x86_64.rpm\nphp-snmp-5.4.16-36.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O\ndtqycPWs+07GhjmZ6NNx5Bg=\n=FREZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.41-i486-1_slack14.1.txz:  Upgraded. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n5e8d107dba11f8c87693edfdc32f56b7  php-5.4.41-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n24d6895fe6b0e9c88b04ceaccc35383d  php-5.4.41-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n52011eec3a256a365789562b63e8ba84  php-5.4.41-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n82b75af6253121cab6cc84dd714f554c  php-5.4.41-x86_64-1_slack14.1.txz\n\nSlackware -current package:\ne1c64f133f44b0abac21e0846e39d3c8  n/php-5.6.9-i586-1.txz\n\nSlackware x86_64 -current package:\nae51c99af34a4bd8721e7140c38a8c1a  n/php-5.6.9-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.41-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      },
      {
        "db": "BID",
        "id": "74700"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81982"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4021"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-81982",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81982"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4021",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "74700",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032433",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003048",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-558",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "132619",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-81982",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4021",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132440",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132406",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132442",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132284",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81982"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4021"
      },
      {
        "db": "BID",
        "id": "74700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-558"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4021"
      }
    ]
  },
  "id": "VAR-201506-0264",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81982"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:23:02.233000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "Sec Bug #69453",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69453"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "Debian Security Advisories: DSA-3280-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=46f85ac4e3abfa7a18e115fb47892db6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-535",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-535"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-534",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-534"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-536",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-536"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2658-1"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-4021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4021"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 2.1,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=69453"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1186.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1219.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/74700"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "http://www.debian.org/security/2015/dsa-3280"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158616.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/159031.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158915.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1032433"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4021"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4021"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=2c1e49075ba48d93439a9e79eae43d9f8469b832"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/6075/security-advisory-alienvault-v5-2-addresses-55-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4605"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4604"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/189.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39136"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2658-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4024"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7243"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-7243"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2326"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81982"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4021"
      },
      {
        "db": "BID",
        "id": "74700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-558"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4021"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81982"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4021"
      },
      {
        "db": "BID",
        "id": "74700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-558"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4021"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81982"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4021"
      },
      {
        "date": "2015-05-12T00:00:00",
        "db": "BID",
        "id": "74700"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      },
      {
        "date": "2015-06-25T14:18:12",
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "date": "2015-06-23T14:07:16",
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "date": "2015-07-09T23:16:26",
        "db": "PACKETSTORM",
        "id": "132619"
      },
      {
        "date": "2015-06-25T14:18:25",
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-06-12T13:17:49",
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "date": "2015-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-558"
      },
      {
        "date": "2015-06-09T18:59:04.567000",
        "db": "NVD",
        "id": "CVE-2015-4021"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81982"
      },
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4021"
      },
      {
        "date": "2017-07-21T13:07:00",
        "db": "BID",
        "id": "74700"
      },
      {
        "date": "2015-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-558"
      },
      {
        "date": "2019-04-22T17:48:00.643000",
        "db": "NVD",
        "id": "CVE-2015-4021"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132406"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-558"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/phar/tar.c of  phar_parse_tarfile Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003048"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-558"
      }
    ],
    "trust": 0.6
  }
}

var-202002-1306
Vulnerability from variot

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. PHP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A buffer error vulnerability exists in PHP 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, and 7.4.x prior to 7.4.2. (CVE-2015-9253). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2020:5275-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:5275 Issue date: 2020-12-01 CVE Names: CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 ==================================================================== 1. Summary:

An update for rh-php73-php is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.20). (BZ#1853211)

Security Fix(es):

  • php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045)

  • php: Information disclosure in exif_read_data() (CVE-2019-11047)

  • php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)

  • oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)

  • oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)

  • php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)

  • php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)

  • php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)

  • php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)

  • php: Information disclosure in exif_read_data() function (CVE-2020-7064)

  • php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)

  • php: Out of bounds read when parsing EXIF information (CVE-2019-11050)

  • oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)

  • php: Information disclosure in function get_headers (CVE-2020-7066)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Software Collections 3.6 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c 1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data() 1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte 1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information 1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex 1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function 1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c 1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c 1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress 1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions 1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function 1820604 - CVE-2020-7066 php: Information disclosure in function get_headers 1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution 1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php73-php-7.3.20-1.el7.src.rpm

aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm

ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php73-php-7.3.20-1.el7.src.rpm

aarch64: rh-php73-php-7.3.20-1.el7.aarch64.rpm rh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm rh-php73-php-cli-7.3.20-1.el7.aarch64.rpm rh-php73-php-common-7.3.20-1.el7.aarch64.rpm rh-php73-php-dba-7.3.20-1.el7.aarch64.rpm rh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm rh-php73-php-devel-7.3.20-1.el7.aarch64.rpm rh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm rh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm rh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm rh-php73-php-gd-7.3.20-1.el7.aarch64.rpm rh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-intl-7.3.20-1.el7.aarch64.rpm rh-php73-php-json-7.3.20-1.el7.aarch64.rpm rh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm rh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm rh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm rh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm rh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm rh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm rh-php73-php-process-7.3.20-1.el7.aarch64.rpm rh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm rh-php73-php-recode-7.3.20-1.el7.aarch64.rpm rh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm rh-php73-php-soap-7.3.20-1.el7.aarch64.rpm rh-php73-php-xml-7.3.20-1.el7.aarch64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm rh-php73-php-zip-7.3.20-1.el7.aarch64.rpm

ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source: rh-php73-php-7.3.20-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source: rh-php73-php-7.3.20-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.20-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm rh-php73-php-common-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm rh-php73-php-json-7.3.20-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm rh-php73-php-process-7.3.20-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.20-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm rh-php73-php-cli-7.3.20-1.el7.s390x.rpm rh-php73-php-common-7.3.20-1.el7.s390x.rpm rh-php73-php-dba-7.3.20-1.el7.s390x.rpm rh-php73-php-dbg-7.3.20-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm rh-php73-php-devel-7.3.20-1.el7.s390x.rpm rh-php73-php-embedded-7.3.20-1.el7.s390x.rpm rh-php73-php-enchant-7.3.20-1.el7.s390x.rpm rh-php73-php-fpm-7.3.20-1.el7.s390x.rpm rh-php73-php-gd-7.3.20-1.el7.s390x.rpm rh-php73-php-gmp-7.3.20-1.el7.s390x.rpm rh-php73-php-intl-7.3.20-1.el7.s390x.rpm rh-php73-php-json-7.3.20-1.el7.s390x.rpm rh-php73-php-ldap-7.3.20-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm rh-php73-php-odbc-7.3.20-1.el7.s390x.rpm rh-php73-php-opcache-7.3.20-1.el7.s390x.rpm rh-php73-php-pdo-7.3.20-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm rh-php73-php-process-7.3.20-1.el7.s390x.rpm rh-php73-php-pspell-7.3.20-1.el7.s390x.rpm rh-php73-php-recode-7.3.20-1.el7.s390x.rpm rh-php73-php-snmp-7.3.20-1.el7.s390x.rpm rh-php73-php-soap-7.3.20-1.el7.s390x.rpm rh-php73-php-xml-7.3.20-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm rh-php73-php-zip-7.3.20-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php73-php-7.3.20-1.el7.src.rpm

x86_64: rh-php73-php-7.3.20-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm rh-php73-php-cli-7.3.20-1.el7.x86_64.rpm rh-php73-php-common-7.3.20-1.el7.x86_64.rpm rh-php73-php-dba-7.3.20-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm rh-php73-php-devel-7.3.20-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm rh-php73-php-gd-7.3.20-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-intl-7.3.20-1.el7.x86_64.rpm rh-php73-php-json-7.3.20-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm rh-php73-php-process-7.3.20-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm rh-php73-php-recode-7.3.20-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm rh-php73-php-soap-7.3.20-1.el7.x86_64.rpm rh-php73-php-xml-7.3.20-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm rh-php73-php-zip-7.3.20-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-11045 https://access.redhat.com/security/cve/CVE-2019-11047 https://access.redhat.com/security/cve/CVE-2019-11048 https://access.redhat.com/security/cve/CVE-2019-11050 https://access.redhat.com/security/cve/CVE-2019-19203 https://access.redhat.com/security/cve/CVE-2019-19204 https://access.redhat.com/security/cve/CVE-2019-19246 https://access.redhat.com/security/cve/CVE-2020-7059 https://access.redhat.com/security/cve/CVE-2020-7060 https://access.redhat.com/security/cve/CVE-2020-7062 https://access.redhat.com/security/cve/CVE-2020-7063 https://access.redhat.com/security/cve/CVE-2020-7064 https://access.redhat.com/security/cve/CVE-2020-7065 https://access.redhat.com/security/cve/CVE-2020-7066 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw becOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ KUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI 6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH rcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0 D1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh viPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi EWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC 5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo RwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB gGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4 0afoNZ3Sfdc\xaaB8 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64

For the stable distribution (buster), these problems have been fixed in version 7.3.14-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8 TjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV wtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4 M/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d 94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N QT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la ILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX gCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB 743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf AU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8 flI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX Q2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=EPNV -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-57


                                       https://security.gentoo.org/

Severity: High Title: PHP: Multiple vulnerabilities Date: March 26, 2020 Bugs: #671872, #706168, #710304, #713484 ID: 202003-57


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands.

Background

PHP is an open source general-purpose scripting language that is especially suited for web development. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 7.2.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29"

All PHP 7.3.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16"

All PHP 7.4.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4"

References

[ 1 ] CVE-2018-19518 https://nvd.nist.gov/vuln/detail/CVE-2018-19518 [ 2 ] CVE-2020-7059 https://nvd.nist.gov/vuln/detail/CVE-2020-7059 [ 3 ] CVE-2020-7060 https://nvd.nist.gov/vuln/detail/CVE-2020-7060 [ 4 ] CVE-2020-7061 https://nvd.nist.gov/vuln/detail/CVE-2020-7061 [ 5 ] CVE-2020-7062 https://nvd.nist.gov/vuln/detail/CVE-2020-7062 [ 6 ] CVE-2020-7063 https://nvd.nist.gov/vuln/detail/CVE-2020-7063 [ 7 ] CVE-2020-7064 https://nvd.nist.gov/vuln/detail/CVE-2020-7064 [ 8 ] CVE-2020-7065 https://nvd.nist.gov/vuln/detail/CVE-2020-7065 [ 9 ] CVE-2020-7066 https://nvd.nist.gov/vuln/detail/CVE-2020-7066

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202003-57

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

. ========================================================================== Ubuntu Security Notice USN-4279-2 February 19, 2020

php7.0 regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary:

USN-4279-1 introduced a regression in PHP. The updated packages caused a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253)

It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059)

It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.12 php7.0-cgi 7.0.33-0ubuntu0.16.04.12 php7.0-cli 7.0.33-0ubuntu0.16.04.12 php7.0-fpm 7.0.33-0ubuntu0.16.04.12

In general, a standard system update will make all the necessary changes

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-1306",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.27"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.2"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.0"
      },
      {
        "model": "tenable.sc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.19.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.2.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.3.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.4.2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7060"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.2",
                "versionStartIncluding": "7.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.27",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.14",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.4",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7060"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu,Debian,Red Hat,Gentoo",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-315"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-7060",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-001730",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-185185",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-7060",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security@php.net",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 2.5,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-001730",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-7060",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "security@php.net",
            "id": "CVE-2020-7060",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-001730",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-315",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-185185",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-7060",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185185"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7060"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7060"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-315"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. PHP Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A buffer error vulnerability exists in PHP 7.2.x prior to 7.2.27, 7.3.x prior to 7.3.14, and 7.4.x prior to 7.4.2. \n(CVE-2015-9253). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: rh-php73-php security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2020:5275-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:5275\nIssue date:        2020-12-01\nCVE Names:         CVE-2019-11045 CVE-2019-11047 CVE-2019-11048\n                   CVE-2019-11050 CVE-2019-19203 CVE-2019-19204\n                   CVE-2019-19246 CVE-2020-7059 CVE-2020-7060\n                   CVE-2020-7062 CVE-2020-7063 CVE-2020-7064\n                   CVE-2020-7065 CVE-2020-7066\n====================================================================\n1. Summary:\n\nAn update for rh-php73-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nThe following packages have been upgraded to a later upstream version:\nrh-php73-php (7.3.20). (BZ#1853211)\n\nSecurity Fix(es):\n\n* php: DirectoryIterator class accepts filenames with embedded \\0 byte and\ntreats them as terminating at that byte (CVE-2019-11045)\n\n* php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in\nfile gb18030.c (CVE-2019-19203)\n\n* oniguruma: Heap-based buffer over-read in function\nfetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function\n(CVE-2020-7060)\n\n* php: NULL pointer dereference in PHP session upload progress\n(CVE-2020-7062)\n\n* php: Files added to tar with Phar::buildFromIterator have all-access\npermissions (CVE-2020-7063)\n\n* php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n* php: Using mb_strtolower() function with UTF-32LE encoding leads to\npotential code execution (CVE-2020-7065)\n\n* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n* oniguruma: Heap-based buffer overflow in str_lower_case_match in\nregexec.c (CVE-2019-19246)\n\n* php: Information disclosure in function get_headers (CVE-2020-7066)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nSoftware Collections 3.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1777537 - CVE-2019-19246 oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c\n1786570 - CVE-2019-11047 php: Information disclosure in exif_read_data()\n1786572 - CVE-2019-11045 php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte\n1788258 - CVE-2019-11050 php: Out of bounds read when parsing EXIF information\n1797776 - CVE-2020-7059 php: Out of bounds read in php_strip_tags_ex\n1797779 - CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function\n1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c\n1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c\n1808532 - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress\n1808536 - CVE-2020-7063 php: Files added to tar with Phar::buildFromIterator have all-access permissions\n1820601 - CVE-2020-7064 php: Information disclosure in exif_read_data() function\n1820604 - CVE-2020-7066 php: Information disclosure in function get_headers\n1820627 - CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution\n1837842 - CVE-2019-11048 php: Integer wraparounds when receiving multipart forms\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\naarch64:\nrh-php73-php-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-cli-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-common-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dba-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-devel-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-intl-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-json-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-process-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-recode-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-soap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xml-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-zip-7.3.20-1.el7.aarch64.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\naarch64:\nrh-php73-php-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-cli-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-common-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dba-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-devel-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-intl-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-json-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-process-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-recode-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-soap-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xml-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.aarch64.rpm\nrh-php73-php-zip-7.3.20-1.el7.aarch64.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.20-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.20-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.20-1.el7.s390x.rpm\nrh-php73-php-common-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.20-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.20-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.20-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.20-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.20-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.20-1.el7.s390x.rpm\nrh-php73-php-json-7.3.20-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.s390x.rpm\nrh-php73-php-process-7.3.20-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.20-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.20-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.20-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.20-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.20-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php73-php-7.3.20-1.el7.src.rpm\n\nx86_64:\nrh-php73-php-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.20-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.20-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11045\nhttps://access.redhat.com/security/cve/CVE-2019-11047\nhttps://access.redhat.com/security/cve/CVE-2019-11048\nhttps://access.redhat.com/security/cve/CVE-2019-11050\nhttps://access.redhat.com/security/cve/CVE-2019-19203\nhttps://access.redhat.com/security/cve/CVE-2019-19204\nhttps://access.redhat.com/security/cve/CVE-2019-19246\nhttps://access.redhat.com/security/cve/CVE-2020-7059\nhttps://access.redhat.com/security/cve/CVE-2020-7060\nhttps://access.redhat.com/security/cve/CVE-2020-7062\nhttps://access.redhat.com/security/cve/CVE-2020-7063\nhttps://access.redhat.com/security/cve/CVE-2020-7064\nhttps://access.redhat.com/security/cve/CVE-2020-7065\nhttps://access.redhat.com/security/cve/CVE-2020-7066\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX8Y0i9zjgjWX9erEAQg0Fw/8DpkMHPAzp4Tb6ym275eMnlcICweGyFtw\nbecOAQt6d3zo6+1fQ7TvsDhciqoSppofF1z4i1HKRZlvsrkzmPkzXfBh0Z1M99YQ\nKUsvTcbQ9fd5AzHzkVIQ1NL9Qvhl8We0DL/WEiz6ob3yczwgZAz7yVq+dl7IkfoI\n6G/lbIT0g5C9OPpma+KPw2mB1fiaGnPp5+i3o1srMYOcqqd8oWDWOQZJVB1TlkEH\nrcPfqKdlrwIl2gu9LlGw8leNS0392lsd8UOaVt8rjsW5wdPAZno8rCFp+TMXymJ0\nD1FlsrWwsc89QPgeJd13cc487nJnIos8bRxTDsJL/pQdyhIYNLGA7dA20YdMElDh\nviPblEXhfwRMHeSgTUUTU4dvNk6DiGQWigiNh2973EgYDTxA2AGvLo2ygfFXCVGi\nEWcECya+Cz+G0/IaJPE1ohnVqdfdrDVncOFNmfdQ6QvDZaoZyqi37UubtA+JB1qC\n5f1j9vtfWTMRpkCqmF/94WQ81h2401lqHz6yWlbn2DOALN/R8Cso5mLwwd/9cWLo\nRwIpTvHOFY++tzoh8Mn9WDaMNkPkf39n30BDtKQA4XG53vo3/RZHmpkmwxy4UVgB\ngGP537Uy95zumCJMFRsKvkqTg62O6AEOneydtZT/yYGiF9uhHBboTorij+aD7LN4\n0afoNZ3Sfdc\\xaaB8\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.14-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8\nTjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV\nwtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4\nM/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d\n94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N\nQT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la\nILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX\ngCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB\n743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf\nAU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8\nflI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX\nQ2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=EPNV\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202003-57\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: PHP: Multiple vulnerabilities\n     Date: March 26, 2020\n     Bugs: #671872, #706168, #710304, #713484\n       ID: 202003-57\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould result in the execution of arbitrary shell commands. \n\nBackground\n==========\n\nPHP is an open source general-purpose scripting language that is\nespecially suited for web development. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 7.2.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.2.29\"\n\nAll PHP 7.3.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.3.16\"\n\nAll PHP 7.4.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.4.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-19518\n      https://nvd.nist.gov/vuln/detail/CVE-2018-19518\n[ 2 ] CVE-2020-7059\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7059\n[ 3 ] CVE-2020-7060\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7060\n[ 4 ] CVE-2020-7061\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7061\n[ 5 ] CVE-2020-7062\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7062\n[ 6 ] CVE-2020-7063\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7063\n[ 7 ] CVE-2020-7064\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7064\n[ 8 ] CVE-2020-7065\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7065\n[ 9 ] CVE-2020-7066\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7066\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-57\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n\n. ==========================================================================\nUbuntu Security Notice USN-4279-2\nFebruary 19, 2020\n\nphp7.0 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nUSN-4279-1 introduced a regression in PHP. The updated packages caused a regression. \nThis update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that PHP incorrectly handled certain scripts. \n An attacker could possibly use this issue to cause a denial of service. \n This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. \n (CVE-2015-9253)\n \n It was discovered that PHP incorrectly handled certain inputs. An attacker\n could possibly use this issue to expose sensitive information. \n (CVE-2020-7059)\n \n It was discovered that PHP incorrectly handled certain inputs. \n An attacker could possibly use this issue to execute arbitrary code. \n This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS\n and Ubuntu 19.10. (CVE-2020-7060)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.12\n  php7.0-cgi                      7.0.33-0ubuntu0.16.04.12\n  php7.0-cli                      7.0.33-0ubuntu0.16.04.12\n  php7.0-fpm                      7.0.33-0ubuntu0.16.04.12\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185185"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7060"
      },
      {
        "db": "PACKETSTORM",
        "id": "156397"
      },
      {
        "db": "PACKETSTORM",
        "id": "160292"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "156399"
      },
      {
        "db": "PACKETSTORM",
        "id": "156934"
      },
      {
        "db": "PACKETSTORM",
        "id": "156441"
      },
      {
        "db": "PACKETSTORM",
        "id": "156423"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-7060",
        "trust": 3.3
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-14",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "160292",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159094",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001730",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-315",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156399",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156934",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156441",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156423",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6056",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4262",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0741",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0748",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0566",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0584",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3072",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0853",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4296",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2515",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072292",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-14917",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-185185",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7060",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156397",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185185"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      },
      {
        "db": "PACKETSTORM",
        "id": "156397"
      },
      {
        "db": "PACKETSTORM",
        "id": "160292"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "156399"
      },
      {
        "db": "PACKETSTORM",
        "id": "156934"
      },
      {
        "db": "PACKETSTORM",
        "id": "156441"
      },
      {
        "db": "PACKETSTORM",
        "id": "156423"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7060"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-315"
      }
    ]
  },
  "id": "VAR-202002-1306",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185185"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:51:25.814000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Sec Bug #79037",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=79037"
      },
      {
        "title": "PHP mbstring Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=109491"
      },
      {
        "title": "Ubuntu Security Notice: php5, php7.0, php7.2, php7.3 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4279-1"
      },
      {
        "title": "Ubuntu Security Notice: php7.0 regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4279-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1347",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1347"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1346",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1346"
      },
      {
        "title": "Red Hat: Moderate: rh-php73-php security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205275 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4628-1 php7.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=688741de46e2d16edb2da10e1d501450"
      },
      {
        "title": "Red Hat: Moderate: php:7.3 security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203662 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4626-1 php7.3 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=66162fd32170228a0805fd7114196e44"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-14"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-7060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-315"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7060"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.debian.org/security/2020/dsa-4628"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7060"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202003-57"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/4279-1/"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2020/feb/27"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2020/feb/31"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2021/jan/3"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2020/dsa-4626"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=79037"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2021-14"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7060"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-7060"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7059"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4262/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156423/debian-security-advisory-4628-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0748/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156441/ubuntu-security-notice-usn-4279-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159094/red-hat-security-advisory-2020-3662-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160292/red-hat-security-advisory-2020-5275-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0566/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0741/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156934/gentoo-linux-security-advisory-202003-57.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0853/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4296/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0584/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3072/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6056"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-31420"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156399/debian-security-advisory-4626-1.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11045"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11047"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11050"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7065"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7062"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7064"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7066"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7063"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9253"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/4279-1"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11050"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19203"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7059"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11045"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7066"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7065"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11047"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19203"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19204"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7063"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19246"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11048"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-11048"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19204"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7064"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19246"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7062"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11046"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.3/7.3.11-0ubuntu0.19.10.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.11"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5275"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11042"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11041"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11039"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11039"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13224"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11042"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11041"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16163"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16163"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11049"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.3"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19518"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7061"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4279-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.12"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.0"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185185"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      },
      {
        "db": "PACKETSTORM",
        "id": "156397"
      },
      {
        "db": "PACKETSTORM",
        "id": "160292"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "156399"
      },
      {
        "db": "PACKETSTORM",
        "id": "156934"
      },
      {
        "db": "PACKETSTORM",
        "id": "156441"
      },
      {
        "db": "PACKETSTORM",
        "id": "156423"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7060"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-315"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-185185"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      },
      {
        "db": "PACKETSTORM",
        "id": "156397"
      },
      {
        "db": "PACKETSTORM",
        "id": "160292"
      },
      {
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "db": "PACKETSTORM",
        "id": "156399"
      },
      {
        "db": "PACKETSTORM",
        "id": "156934"
      },
      {
        "db": "PACKETSTORM",
        "id": "156441"
      },
      {
        "db": "PACKETSTORM",
        "id": "156423"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7060"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-315"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185185"
      },
      {
        "date": "2020-02-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7060"
      },
      {
        "date": "2020-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      },
      {
        "date": "2020-02-18T15:04:45",
        "db": "PACKETSTORM",
        "id": "156397"
      },
      {
        "date": "2020-12-01T16:36:40",
        "db": "PACKETSTORM",
        "id": "160292"
      },
      {
        "date": "2020-09-08T18:10:32",
        "db": "PACKETSTORM",
        "id": "159094"
      },
      {
        "date": "2020-02-18T15:05:02",
        "db": "PACKETSTORM",
        "id": "156399"
      },
      {
        "date": "2020-03-27T13:06:15",
        "db": "PACKETSTORM",
        "id": "156934"
      },
      {
        "date": "2020-02-20T17:44:31",
        "db": "PACKETSTORM",
        "id": "156441"
      },
      {
        "date": "2020-02-19T15:28:10",
        "db": "PACKETSTORM",
        "id": "156423"
      },
      {
        "date": "2020-02-10T08:15:12.797000",
        "db": "NVD",
        "id": "CVE-2020-7060"
      },
      {
        "date": "2020-02-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-315"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185185"
      },
      {
        "date": "2021-07-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7060"
      },
      {
        "date": "2020-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      },
      {
        "date": "2022-07-01T12:33:19.773000",
        "db": "NVD",
        "id": "CVE-2020-7060"
      },
      {
        "date": "2022-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-315"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-315"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP Out-of-bounds read vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001730"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-315"
      }
    ],
    "trust": 0.6
  }
}

var-201503-0206
Vulnerability from variot

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. PHP of phar_object.c of phar_rename_archive Function uses freed memory (Use-after-free) Service disruption (DoS) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A use-after-free vulnerability exists in the 'phar_rename_archive' function in the phar_object.c file of PHP 5.5.21 and prior versions and 5.6.x versions prior to 5.6.6.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. Please note that this package build also moves the configuration files from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz

Slackware 14.1 package: 9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz

Slackware -current package: 30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz

Slackware x86_64 -current package: 1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.4.40-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11

OS X El Capitan 10.11 is now available and addresses the following:

Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issue existed in Address Book framework's handling of an environment variable. This issue was addressed through improved environment variable handling. CVE-ID CVE-2015-5897 : Dan Bastone of Gotham Digital Science

AirScan Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connection Description: An issue existed in the processing of eSCL packets. This issue was addressed through improved validation checks. CVE-ID CVE-2015-5853 : an anonymous researcher

apache_mod_php Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution. This issue was addressed by updating PHP to version 5.5.27. CVE-ID CVE-2014-9425 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330

Apple Online Store Kit Available for: Mac OS X v10.6.8 and later Impact: A malicious application may gain access to a user's keychain items Description: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University

AppleEvents Available for: Mac OS X v10.6.8 and later Impact: A user connected through screen sharing can send Apple Events to a local user's session Description: An issue existed with Apple Event filtering that allowed some users to send events to other users. This was addressed by improved Apple Event handling. CVE-ID CVE-2015-5849 : Jack Lawrence (@_jackhl)

Audio Available for: Mac OS X v10.6.8 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea

bash Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in bash Description: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. These issues were addressed by updating bash version 3.2 to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187

Certificate Trust Policy Available for: Mac OS X v10.6.8 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork Cookies Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork FTPProtocol Available for: Mac OS X v10.6.8 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in the handling of FTP packets when using the PASV command. This issue was resolved through improved validation. CVE-ID CVE-2015-5912 : Amit Klein

CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A maliciously crafted URL may be able to bypass HSTS and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd

CFNetwork Proxies Available for: Mac OS X v10.6.8 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group

CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.

CoreCrypto Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.

CoreText Available for: Mac OS X v10.6.8 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

Dev Tools Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash

Dev Tools Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam

Disk Images Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco

dyld Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : TaiG Jailbreak Team

EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious application can prevent some systems from booting Description: An issue existed with the addresses covered by the protected range register. This issue was fixed by changing the protected range. CVE-ID CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore

EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashing Description: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare

Finder Available for: Mac OS X v10.6.8 and later Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option. CVE-ID CVE-2015-5901 : Apple

Game Center Available for: Mac OS X v10.6.8 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser

Heimdal Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to replay Kerberos credentials to the SMB server Description: An authentication issue existed in Kerberos credentials. This issue was addressed through additional validation of credentials using a list of recently seen credentials. CVE-ID CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu Fan of Microsoft Corporation, China

ICU Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2014-8147 CVE-2015-5922

Install Framework Legacy Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to gain root privileges Description: A restriction issue existed in the Install private framework containing a privileged executable. This issue was addressed by removing the executable. CVE-ID CVE-2015-5888 : Apple

Intel Graphics Driver Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in the Intel Graphics Driver. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5830 : Yuki MIZUNO (@mzyy94) CVE-2015-5877 : Camillus Gerard Cai

IOAudioFamily Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOAudioFamily that led to the disclosure of kernel memory content. This issue was addressed by permuting kernel pointers. CVE-ID CVE-2015-5864 : Luca Todesco

IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5871 : Ilja van Sprundel of IOActive CVE-2015-5872 : Ilja van Sprundel of IOActive CVE-2015-5873 : Ilja van Sprundel of IOActive CVE-2015-5890 : Ilja van Sprundel of IOActive

IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOGraphics which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-5865 : Luca Todesco

IOHIDFamily Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5866 : Apple CVE-2015-5867 : moony li of Trend Micro

IOStorageFamily Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the Kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through additional entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. These issues were addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser

Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issue was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney

Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in the handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory layout. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in debugging interfaces that led to the disclosure of memory content. This issue was addressed by sanitizing output from debugging interfaces. CVE-ID CVE-2015-5870 : Apple

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to cause a system denial of service Description: A state management issue existed in debugging functionality. This issue was addressed through improved validation. CVE-ID CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team

libc Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation

libpthread Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team

libxpc Available for: Mac OS X v10.6.8 and later Impact: Many SSH connections could cause a denial of service Description: launchd had no limit on the number of processes that could be started by a network connection. This issue was addressed by limiting the number of SSH processes to 40. CVE-ID CVE-2015-5881 : Apple

Login Window Available for: Mac OS X v10.6.8 and later Impact: The screen lock may not engage after the specified time period Description: An issue existed with captured display locking. The issue was addressed through improved lock handling. CVE-ID CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher

lukemftpd Available for: Mac OS X v10.6.8 and later Impact: A remote attacker may be able to deny service to the FTP server Description: A glob-processing issue existed in tnftpd. This issue was addressed through improved glob validation. CVE-ID CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com

Mail Available for: Mac OS X v10.6.8 and later Impact: Printing an email may leak sensitive user information Description: An issue existed in Mail which bypassed user preferences when printing an email. This issue was addressed through improved user preference enforcement. CVE-ID CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners

Mail Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position may be able to intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop Description: An issue existed in handling encryption parameters for large email attachments sent via Mail Drop. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail. CVE-ID CVE-2015-5884 : John McCombs of Integrated Mapping Ltd

Multipeer Connectivity Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem

NetworkExtension Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd

Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: An issue existed in parsing links in the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher

Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: A cross-site scripting issue existed in parsing text by the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)

OpenSSH Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSH Description: Multiple vulnerabilities existed in OpenSSH versions prior to 6.9. These issues were addressed by updating OpenSSH to version 6.9. CVE-ID CVE-2014-2532

OpenSSL Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287

procmail Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in procmail Description: Multiple vulnerabilities existed in procmail versions prior to 3.22. These issues were addressed by removing procmail. CVE-ID CVE-2014-3618

remote_cmds Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with root privileges Description: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary. CVE-ID CVE-2015-5889 : Philip Pettersson

removefile Available for: Mac OS X v10.6.8 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher

Ruby Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in Ruby Description: Multiple vulnerabilities existed in Ruby versions prior to 2.0.0p645. These were addressed by updating Ruby to version 2.0.0p645. CVE-ID CVE-2014-8080 CVE-2014-8090 CVE-2015-1855

Security Available for: Mac OS X v10.6.8 and later Impact: The lock state of the keychain may be incorrectly displayed to the user Description: A state management issue existed in the way keychain lock status was tracked. This issue was addressed through improved state management. CVE-ID CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple

Security Available for: Mac OS X v10.6.8 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-5894 : Hannes Oud of kWallet GmbH

Security Available for: Mac OS X v10.6.8 and later Impact: A remote server may prompt for a certificate before identifying itself Description: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. This issue was addressed by requiring the ServerKeyExchange first. CVE-ID CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute

SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5891 : Ilja van Sprundel of IOActive

SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in SMBClient that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5893 : Ilja van Sprundel of IOActive

SQLite Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-3414 CVE-2015-3415 CVE-2015-3416

Telephony Available for: Mac OS X v10.6.8 and later Impact: A local attacker can place phone calls without the user's knowledge when using Continuity Description: An issue existed in the authorization checks for placing phone calls. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-3785 : Dan Bastone of Gotham Digital Science

Terminal Available for: Mac OS X v10.6.8 and later Impact: Maliciously crafted text could mislead the user in Terminal Description: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. This issue was addressed by suppressing bidirectional override characters in Terminal. CVE-ID CVE-2015-5883 : an anonymous researcher

tidy Available for: Mac OS X v10.6.8 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in tidy. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com

Time Machine Available for: Mac OS X v10.6.8 and later Impact: A local attacker may gain access to keychain items Description: An issue existed in backups by the Time Machine framework. This issue was addressed through improved coverage of Time Machine backups. CVE-ID CVE-2015-5854 : Jonas Magazinius of Assured AB

Note: OS X El Capitan 10.11 includes the security content of Safari 9: https://support.apple.com/kb/HT205265.

OS X El Capitan 10.11 may be obtained from the Mac App Store: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO /hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6 QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54 YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR 8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1 nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e g6jld/w5tPuCFhGucE7Z =XciV -----END PGP SIGNATURE----- .

Release Date: 2015-06-10 Last Updated: 2015-06-10

Potential Security Impact: Remote denial of service (DoS), man-in-the-middle (MitM) attack, modification of data, local modification of data

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities.

References:

CVE-2013-5704 - Apache: Permissions, Privileges, and Access Control (CWE-264)

CVE-2014-0118 - Apache: Resource Management Errors (CWE-399)

CVE-2014-0226 - Apache: Race Conditions (CWE-362)

CVE-2014-0227 - Tomcat: Data Handling (CWE-19)

CVE-2014-0231 - PHP: Resource Management Errors (CWE-399)

CVE-2014-8142 - PHP: Use After Free (CWE-416)

CVE-2014-9709 - PHP: Buffer Errors (CWE-119)

CVE-2015-0231 - PHP: Use After Free (CWE-416)

CVE-2015-0273 - PHP: Use After Free (CWE-416)

CVE-2015-1352 - PHP: Null Pointer Dereference (CWE-476)

CVE-2015-2301 - PHP: Use After Free (CWE-416)

CVE-2015-2305 - PHP: Numeric Errors (CWE-189)

CVE-2015-2331 - PHP: Numeric Errors (CWE-189)

CVE-2015-2783 - PHP: Buffer Errors (CWE-119)

SSRT102066

SSRT102067

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP-UX B.11.31 running HP-UX Apache Web Server Suite v4.04 or earlier

HP-UX B.11.31 running HP-UX Apache Web Server v2.2.15.22 or earlier

HP-UX B.11.31 running Tomcat Servlet Engine v6.0.39.03 or earlier

HP-UX B.11.31 running PHP v5.4.11.04 or earlier

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2013-5704 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0227 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9709 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-1352 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2305 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2783 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following software updates to resolve the vulnerabilities.

The updates are available for download from http://software.hp.com

NOTE: HP-UX Web Server Suite v4.05 HPUXWSATW405 contains Apache v2.2.29.01, Tomcat Servlet Engine 6.0.43.01, PHP 5.4.40.01, and Webmin v1.070.13

HP-UX 11i Release Apache Depot name

B.11.31 (11i v3 32-bit) HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot

B.11.31 (11i v3 64-bit) HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot

MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v4.05 or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.29.01 or subsequent

hpuxws22TOMCAT.TOMCAT action: install revision C.6.0.43.01 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 10 June 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlV4nnEACgkQ4B86/C0qfVnNlgCg3gDsUsP86K+UwNjIqDPPvzlX ko0An3qKeH/kCmzlb7g2jHIv90x5L9cO =rrIH -----END PGP SIGNATURE----- .

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2015:079 http://www.mandriva.com/en/support/security/


Package : php Date : March 28, 2015 Affected: Business Server 1.0


Problem Description:

Multiple vulnerabilities has been discovered and corrected in php:

S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding.

Taoguang Chen discovered that PHP incorrectly handled unserializing objects.

It was discovered that PHP incorrectly handled memory in the phar extension. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231).

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code (CVE-2015-2331).

It was discovered that the PHP opcache component incorrectly handled memory.

It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. The libzip packages has been patched to address the CVE-2015-2331 flaw.

Additionally the php-xdebug package has been upgraded to the latest 2.3.2 and the PECL packages which requires so has been rebuilt for php-5.5.23.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://php.net/ChangeLog-5.php#5.5.22 http://php.net/ChangeLog-5.php#5.5.23 http://www.ubuntu.com/usn/usn-2535-1/ http://www.ubuntu.com/usn/usn-2501-1/ https://bugzilla.redhat.com/show_bug.cgi?id=1204676


Updated Packages:

Mandriva Business Server 1/X86_64: 3c1e2ab81c1731c63a99a4a7c66d48d3 mbs1/x86_64/apache-mod_php-5.5.23-1.mbs1.x86_64.rpm 6a12e93ebf52d6cb505652cb919b73c3 mbs1/x86_64/lib64php5_common5-5.5.23-1.mbs1.x86_64.rpm 92ae97e82c0bae091c65847f672f0369 mbs1/x86_64/lib64zip2-0.10.1-2.1.mbs1.x86_64.rpm ac28732246df9bf58921740921560c67 mbs1/x86_64/lib64zip-devel-0.10.1-2.1.mbs1.x86_64.rpm 538fad85574f17991959c00f0b4a43b1 mbs1/x86_64/libzip-0.10.1-2.1.mbs1.x86_64.rpm 70d44c88afb55e2b1519e8d3a71f274c mbs1/x86_64/php-apc-3.1.15-1.17.mbs1.x86_64.rpm 2e2f9c88f1d92bc4f3f0e4df3908fd73 mbs1/x86_64/php-apc-admin-3.1.15-1.17.mbs1.x86_64.rpm e3d5f3fb0fcace77e78209986102b171 mbs1/x86_64/php-bcmath-5.5.23-1.mbs1.x86_64.rpm 1ca44e20629234028499eda497f27059 mbs1/x86_64/php-bz2-5.5.23-1.mbs1.x86_64.rpm 473167211cea7e0b62916e66921ee5a4 mbs1/x86_64/php-calendar-5.5.23-1.mbs1.x86_64.rpm 214618465b0e9b1dac6efb3b4f52b988 mbs1/x86_64/php-cgi-5.5.23-1.mbs1.x86_64.rpm 6b178d78c6dd197b6643e7e493bce359 mbs1/x86_64/php-cli-5.5.23-1.mbs1.x86_64.rpm c1d4dd5178780fc999f449024ebde36e mbs1/x86_64/php-ctype-5.5.23-1.mbs1.x86_64.rpm 152132662ebefb9ade6fa67465b9af2a mbs1/x86_64/php-curl-5.5.23-1.mbs1.x86_64.rpm 01961ff4ec2820dd005d336f0671fe04 mbs1/x86_64/php-dba-5.5.23-1.mbs1.x86_64.rpm 96a7ecb45d71793af39558a1369853e2 mbs1/x86_64/php-devel-5.5.23-1.mbs1.x86_64.rpm 2106bf2eb5a17f18379add6b17408ed3 mbs1/x86_64/php-doc-5.5.23-1.mbs1.noarch.rpm c657e211cc4627a792f67e6c9f5eb06b mbs1/x86_64/php-dom-5.5.23-1.mbs1.x86_64.rpm 675db3e8eb585640b7a04a04e5ffce93 mbs1/x86_64/php-enchant-5.5.23-1.mbs1.x86_64.rpm bf345e51365465268e696684b77c9cc8 mbs1/x86_64/php-exif-5.5.23-1.mbs1.x86_64.rpm 69352287afb24b38ba68f995ddece5ab mbs1/x86_64/php-fileinfo-5.5.23-1.mbs1.x86_64.rpm bbf3d7067c2bbc71a4a9ae5e353c6f8e mbs1/x86_64/php-filter-5.5.23-1.mbs1.x86_64.rpm c6a25a432547a0e8d404dab281963d74 mbs1/x86_64/php-fpm-5.5.23-1.mbs1.x86_64.rpm 889332d46d1d9f1a2cf6421b6a5b5e3f mbs1/x86_64/php-ftp-5.5.23-1.mbs1.x86_64.rpm 86a90c9565562b5b360eb11d431536e7 mbs1/x86_64/php-gd-5.5.23-1.mbs1.x86_64.rpm dba72038f9098f7332e969b19c9d65a8 mbs1/x86_64/php-gettext-5.5.23-1.mbs1.x86_64.rpm b25d3f9ded7322a2b28942648ec74ff4 mbs1/x86_64/php-gmp-5.5.23-1.mbs1.x86_64.rpm 9bf5bfcb843c2d3b71855792e6b2050e mbs1/x86_64/php-hash-5.5.23-1.mbs1.x86_64.rpm 284a394dbe68e756c8813a53c0a89c66 mbs1/x86_64/php-iconv-5.5.23-1.mbs1.x86_64.rpm 9df2ec7f05f9a7955770e3ed4513cbfb mbs1/x86_64/php-imap-5.5.23-1.mbs1.x86_64.rpm e5947618cc905d249191bcc2066ffed1 mbs1/x86_64/php-ini-5.5.23-1.mbs1.x86_64.rpm d4f9e91e2877d6aaff0ee07bc5bdd95b mbs1/x86_64/php-intl-5.5.23-1.mbs1.x86_64.rpm 071ba0290df66c3ac1b0f0fa18ec2195 mbs1/x86_64/php-json-5.5.23-1.mbs1.x86_64.rpm 62146a98a0d24ee66cebd23887fc43fa mbs1/x86_64/php-ldap-5.5.23-1.mbs1.x86_64.rpm 03a94596eaf34eaac0c7e6f88a6aa7cb mbs1/x86_64/php-mbstring-5.5.23-1.mbs1.x86_64.rpm d966c79af040bd5c18dc4a2771bf7184 mbs1/x86_64/php-mcrypt-5.5.23-1.mbs1.x86_64.rpm 9ab71c0a90c649b4c31386a3582a5d26 mbs1/x86_64/php-mssql-5.5.23-1.mbs1.x86_64.rpm 80dd51f72e2cd0d854904dc7595a4bb0 mbs1/x86_64/php-mysql-5.5.23-1.mbs1.x86_64.rpm 88bc7c5a10b7a7f12b71b342afbbd18e mbs1/x86_64/php-mysqli-5.5.23-1.mbs1.x86_64.rpm 231ec6adca00980d04f39ce5fd866a83 mbs1/x86_64/php-mysqlnd-5.5.23-1.mbs1.x86_64.rpm 2c831cf0074977bf76d413c5e9b3f9de mbs1/x86_64/php-odbc-5.5.23-1.mbs1.x86_64.rpm 1a4553dcf596125aab2976b2f8c4792c mbs1/x86_64/php-opcache-5.5.23-1.mbs1.x86_64.rpm 4cb160e28e8899628c6e698376add11f mbs1/x86_64/php-openssl-5.5.23-1.mbs1.x86_64.rpm aa04993c7abe0539302a36527ad4674a mbs1/x86_64/php-pcntl-5.5.23-1.mbs1.x86_64.rpm 57b65d1dec0785825ea2cc8462a2256d mbs1/x86_64/php-pdo-5.5.23-1.mbs1.x86_64.rpm 6d5b8bf803d93067f4bce7daad5379ba mbs1/x86_64/php-pdo_dblib-5.5.23-1.mbs1.x86_64.rpm 3785dea886512d3473b1cda3d762aa9c mbs1/x86_64/php-pdo_mysql-5.5.23-1.mbs1.x86_64.rpm 330c62452427e64106c47fcd1e674ed6 mbs1/x86_64/php-pdo_odbc-5.5.23-1.mbs1.x86_64.rpm a3803c5de5acbb0d3c6a26c42b8ec39b mbs1/x86_64/php-pdo_pgsql-5.5.23-1.mbs1.x86_64.rpm 2f6a19bc0adc914b46fbab06e3dc7ac7 mbs1/x86_64/php-pdo_sqlite-5.5.23-1.mbs1.x86_64.rpm 4d452c2c81e21f9ce1d08afadba60d6a mbs1/x86_64/php-pgsql-5.5.23-1.mbs1.x86_64.rpm 39c301d412cbd28256f141fd409ea561 mbs1/x86_64/php-phar-5.5.23-1.mbs1.x86_64.rpm 9c78e1c9192cd1219f1415424156c491 mbs1/x86_64/php-posix-5.5.23-1.mbs1.x86_64.rpm 5bb762bd20418abbd99c38d0d14127d1 mbs1/x86_64/php-readline-5.5.23-1.mbs1.x86_64.rpm e97eb930df1a35f0646e62f88dd8b1e6 mbs1/x86_64/php-recode-5.5.23-1.mbs1.x86_64.rpm 2b4a91ff5da098a80fa0a74b184f9621 mbs1/x86_64/php-session-5.5.23-1.mbs1.x86_64.rpm 5ecc3ef7dde9a12cc70308c323c650f9 mbs1/x86_64/php-shmop-5.5.23-1.mbs1.x86_64.rpm 7380aeaced54d09831dc4828772a9b4f mbs1/x86_64/php-snmp-5.5.23-1.mbs1.x86_64.rpm 030ca0276e74f616a1cc8866cc4a3149 mbs1/x86_64/php-soap-5.5.23-1.mbs1.x86_64.rpm ba8b4a7dafc450564d41bf54de7b2ea2 mbs1/x86_64/php-sockets-5.5.23-1.mbs1.x86_64.rpm 61859f052b4a89c1d4ea9bff4251041f mbs1/x86_64/php-sqlite3-5.5.23-1.mbs1.x86_64.rpm 81639f4e567c6358f8d1b22c9e2acf98 mbs1/x86_64/php-sybase_ct-5.5.23-1.mbs1.x86_64.rpm 2f4a24db6aedc32c32f8a1d202a798e2 mbs1/x86_64/php-sysvmsg-5.5.23-1.mbs1.x86_64.rpm aab6b3451a848ebf916418e28303fb23 mbs1/x86_64/php-sysvsem-5.5.23-1.mbs1.x86_64.rpm 6820a01599b0e7d543cd6faa5adf1aee mbs1/x86_64/php-sysvshm-5.5.23-1.mbs1.x86_64.rpm ed7aa5fc5226ede2325b64f862ba121b mbs1/x86_64/php-tidy-5.5.23-1.mbs1.x86_64.rpm 6fd07a6cfcff5b6f5791b3c173d6de3f mbs1/x86_64/php-tokenizer-5.5.23-1.mbs1.x86_64.rpm 7130ab17ba8d88e08abbff8cc5ce9406 mbs1/x86_64/php-wddx-5.5.23-1.mbs1.x86_64.rpm bb977de60a780898623b458e8be594fc mbs1/x86_64/php-xdebug-2.3.2-1.mbs1.x86_64.rpm f66d72fa26d7c2ddf28cbd9834f50981 mbs1/x86_64/php-xml-5.5.23-1.mbs1.x86_64.rpm 52b65a29cce730602f7788545d8c68eb mbs1/x86_64/php-xmlreader-5.5.23-1.mbs1.x86_64.rpm 8e7ce89111d36fa56003a7b2cfb5ca17 mbs1/x86_64/php-xmlrpc-5.5.23-1.mbs1.x86_64.rpm 64a27f8e54344c459ffa5a2bb1c33521 mbs1/x86_64/php-xmlwriter-5.5.23-1.mbs1.x86_64.rpm 506d5cd854c2d3140f38b67137fe4f16 mbs1/x86_64/php-xsl-5.5.23-1.mbs1.x86_64.rpm 3e74425e2868a46bf8db184feaeac041 mbs1/x86_64/php-zip-5.5.23-1.mbs1.x86_64.rpm fa27aa395c0d87bf832471e3f6f06c68 mbs1/x86_64/php-zlib-5.5.23-1.mbs1.x86_64.rpm 5be5023a4703f52af150c7fbcb2c4e5a mbs1/SRPMS/libzip-0.10.1-2.1.mbs1.src.rpm bdf35808447e6b0224eb958adf086dc5 mbs1/SRPMS/php-5.5.23-1.mbs1.src.rpm a5047c3b6e20db0167f65ff6ad667e99 mbs1/SRPMS/php-apc-3.1.15-1.17.mbs1.src.rpm 2eb2949f57a66f2eed5110181ce7f8ce mbs1/SRPMS/php-xdebug-2.3.2-1.mbs1.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. ============================================================================ Ubuntu Security Notice USN-2535-1 March 18, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP. (CVE-2014-8117)

S. (CVE-2015-2301)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3 php5-cgi 5.5.12+dfsg-2ubuntu4.3 php5-cli 5.5.12+dfsg-2ubuntu4.3 php5-enchant 5.5.12+dfsg-2ubuntu4.3 php5-fpm 5.5.12+dfsg-2ubuntu4.3

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.7 php5-cgi 5.5.9+dfsg-1ubuntu4.7 php5-cli 5.5.9+dfsg-1ubuntu4.7 php5-enchant 5.5.9+dfsg-1ubuntu4.7 php5-fpm 5.5.9+dfsg-1ubuntu4.7

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.17 php5-cgi 5.3.10-1ubuntu3.17 php5-cli 5.3.10-1ubuntu3.17 php5-enchant 5.3.10-1ubuntu3.17 php5-fpm 5.3.10-1ubuntu3.17

Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.29 php5-cgi 5.3.2-1ubuntu4.29 php5-cli 5.3.2-1ubuntu4.29 php5-enchant 5.3.2-1ubuntu4.29

In general, a standard system update will make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2535-1 CVE-2014-8117, CVE-2014-9705, CVE-2015-0273, CVE-2015-2301

Package Information: https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.3 https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.7 https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.17 https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.29

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0206",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.10"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "10.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73037"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-624"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2301"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.22",
                "versionStartIncluding": "5.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.6",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.40",
                "versionStartIncluding": "5.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2301"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Xinchen Hui",
    "sources": [
      {
        "db": "BID",
        "id": "73037"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-2301",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-2301",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-80262",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-2301",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-624",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80262",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-2301",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80262"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2301"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-624"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2301"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. PHP of phar_object.c of phar_rename_archive Function uses freed memory (Use-after-free) Service disruption (DoS) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. PHP is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A use-after-free vulnerability exists in the \u0027phar_rename_archive\u0027 function in the phar_object.c file of PHP 5.5.21 and prior versions and 5.6.x versions prior to 5.6.6. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.40-i486-1_slack14.1.txz:  Upgraded. \n  Please note that this package build also moves the configuration files\n  from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n2666059d6540b1b4385d25dfc5ebbe99  php-5.4.40-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc146f500912ba9c7e5d652e5e3643c04  php-5.4.40-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9efc8a96f9a3f3261e5f640292b1b781  php-5.4.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c95e077f314f1cfa3ee83b9aba90b91  php-5.4.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n30d14f237c71fada0d594c2360a58016  n/php-5.6.8-i486-1.txz\n\nSlackware x86_64 -current package:\n1a0fcc590aa4dff5de5f08293936d0d9  n/php-5.6.8-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.40-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-30-3 OS X El Capitan 10.11\n\nOS X El Capitan 10.11 is now available and addresses the following:\n\nAddress Book\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to inject arbitrary code to\nprocesses loading the Address Book framework\nDescription:  An issue existed in Address Book framework\u0027s handling\nof an environment variable. This issue was addressed through improved\nenvironment variable handling. \nCVE-ID\nCVE-2015-5897 : Dan Bastone of Gotham Digital Science\n\nAirScan\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker with a privileged network position may be able\nto extract payload from eSCL packets sent over a secure connection\nDescription:  An issue existed in the processing of eSCL packets. \nThis issue was addressed through improved validation checks. \nCVE-ID\nCVE-2015-5853 : an anonymous researcher\n\napache_mod_php\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.5.27, including one which may have led to remote code execution. \nThis issue was addressed by updating PHP to version 5.5.27. \nCVE-ID\nCVE-2014-9425\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9705\nCVE-2014-9709\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0235\nCVE-2015-0273\nCVE-2015-1351\nCVE-2015-1352\nCVE-2015-2301\nCVE-2015-2305\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2783\nCVE-2015-2787\nCVE-2015-3329\nCVE-2015-3330\n\nApple Online Store Kit\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may gain access to a user\u0027s keychain\nitems\nDescription:  An issue existed in validation of access control lists\nfor iCloud keychain items. This issue was addressed through improved\naccess control list checks. \nCVE-ID\nCVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of\nIndiana University, Tongxin Li of Peking University, Tongxin Li of\nPeking University, Xiaolong Bai of Tsinghua University\n\nAppleEvents\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A user connected through screen sharing can send Apple\nEvents to a local user\u0027s session\nDescription:  An issue existed with Apple Event filtering that\nallowed some users to send events to other users. This was addressed\nby improved Apple Event handling. \nCVE-ID\nCVE-2015-5849 : Jack Lawrence (@_jackhl)\n\nAudio\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription:  A memory corruption issue existed in the handling of\naudio files. This issue issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\n\nbash\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in bash\nDescription:  Multiple vulnerabilities existed in bash versions prior\nto 3.2 patch level 57. These issues were addressed by updating bash\nversion 3.2 to patch level 57. \nCVE-ID\nCVE-2014-6277\nCVE-2014-7186\nCVE-2014-7187\n\nCertificate Trust Policy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork Cookies\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription:  A cross-domain cookie issue existed in the handling of\ntop level domains. The issue was address through improved\nrestrictions of cookie creation. \nCVE-ID\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork FTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Malicious FTP servers may be able to cause the client to\nperform reconnaissance on other hosts\nDescription:  An issue existed in the handling of FTP packets when\nusing the PASV command. This issue was resolved through improved\nvalidation. \nCVE-ID\nCVE-2015-5912 : Amit Klein\n\nCFNetwork HTTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A maliciously crafted URL may be able to bypass HSTS and\nleak sensitive data\nDescription:  A URL parsing vulnerability existed in HSTS handling. \nThis issue was addressed through improved URL parsing. \nCVE-ID\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork HTTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription:  An issue existed in the handling of HSTS state in\nSafari private browsing mode. This issue was addressed through\nimproved state handling. \nCVE-ID\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\n\nCFNetwork Proxies\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Connecting to a malicious web proxy may set malicious\ncookies for a website\nDescription:  An issue existed in the handling of proxy connect\nresponses. This issue was addressed by removing the set-cookie header\nwhile parsing the connect response. \nCVE-ID\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork SSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  A certificate validation issue existed in NSURL when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-ID\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\n\nCFNetwork SSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of RC4. \nAn attacker could force the use of RC4, even if the server preferred\nbetter ciphers, by blocking TLS 1.0 and higher connections until\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\naddressed by removing the fallback to SSL 3.0. \n\nCoreCrypto\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to determine a private key\nDescription:  By observing many signing or decryption attempts, an\nattacker may have been able to determine the RSA private key. This\nissue was addressed using improved encryption algorithms. \n\nCoreText\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\nDev Tools\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in dyld. This was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-5876 : beist of grayhash\n\nDev Tools\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : @PanguTeam\n\nDisk Images\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in DiskImages. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\n\ndyld\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : TaiG Jailbreak Team\n\nEFI\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application can prevent some systems from\nbooting\nDescription:  An issue existed with the addresses covered by the\nprotected range register. This issue was fixed by changing the\nprotected range. \nCVE-ID\nCVE-2015-5900 : Xeno Kovah \u0026 Corey Kallenberg from LegbaCore\n\nEFI\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious Apple Ethernet Thunderbolt adapter may be able\nto affect firmware flashing\nDescription:  Apple Ethernet Thunderbolt adapters could modify the\nhost firmware if connected during an EFI update. This issue was\naddressed by not loading option ROMs during updates. \nCVE-ID\nCVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare\n\nFinder\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The \"Secure Empty Trash\" feature may not securely delete\nfiles placed in the Trash\nDescription:  An issue existed in guaranteeing secure deletion of\nTrash files on some systems, such as those with flash storage. This\nissue was addressed by removing the \"Secure Empty Trash\" option. \nCVE-ID\nCVE-2015-5901 : Apple\n\nGame Center\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious Game Center application may be able to access a\nplayer\u0027s email address\nDescription:  An issue existed in Game Center in the handling of a\nplayer\u0027s email. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2015-5855 : Nasser Alnasser\n\nHeimdal\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to replay Kerberos credentials to\nthe SMB server\nDescription:  An authentication issue existed in Kerberos\ncredentials. This issue was addressed through additional validation\nof credentials using a list of recently seen credentials. \nCVE-ID\nCVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu\nFan of Microsoft Corporation, China\n\nICU\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in ICU\nDescription:  Multiple vulnerabilities existed in ICU versions prior\nto 53.1.0. These issues were addressed by updating ICU to version\n55.1. \nCVE-ID\nCVE-2014-8146\nCVE-2014-8147\nCVE-2015-5922\n\nInstall Framework Legacy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to gain root privileges\nDescription:  A restriction issue existed in the Install private\nframework containing a privileged executable. This issue was\naddressed by removing the executable. \nCVE-ID\nCVE-2015-5888 : Apple\n\nIntel Graphics Driver\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Multiple memory corruption issues existed in the Intel\nGraphics Driver. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5830 : Yuki MIZUNO (@mzyy94)\nCVE-2015-5877 : Camillus Gerard Cai\n\nIOAudioFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in IOAudioFamily that led to the\ndisclosure of kernel memory content. This issue was addressed by\npermuting kernel pointers. \nCVE-ID\nCVE-2015-5864 : Luca Todesco\n\nIOGraphics\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nkernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5871 : Ilja van Sprundel of IOActive\nCVE-2015-5872 : Ilja van Sprundel of IOActive\nCVE-2015-5873 : Ilja van Sprundel of IOActive\nCVE-2015-5890 : Ilja van Sprundel of IOActive\n\nIOGraphics\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in IOGraphics which could have led to\nthe disclosure of kernel memory layout. This issue was addressed\nthrough improved memory management. \nCVE-ID\nCVE-2015-5865 : Luca Todesco\n\nIOHIDFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple memory corruption issues existed in\nIOHIDFamily. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5866 : Apple\nCVE-2015-5867 : moony li of Trend Micro\n\nIOStorageFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to read kernel memory\nDescription:  A memory initialization issue existed in the kernel. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5863 : Ilja van Sprundel of IOActive\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nKernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\nCVE-2015-5896 : Maxime Villard of m00nbsd\nCVE-2015-5903 : CESG\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local process can modify other processes without\nentitlement checks\nDescription:  An issue existed where root processes using the\nprocessor_set_tasks API were allowed to retrieve the task ports of\nother processes. This issue was addressed through additional\nentitlement checks. \nCVE-ID\nCVE-2015-5882 : Pedro Vilaca, working from original research by\nMing-chieh Pan and Sung-ting Tsai; Jonathan Levin\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may control the value of stack cookies\nDescription:  Multiple weaknesses existed in the generation of user\nspace stack cookies. These issues were addressed through improved\ngeneration of stack cookies. \nCVE-ID\nCVE-2013-3951 : Stefan Esser\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to launch denial of service attacks\non targeted TCP connections without knowing the correct sequence\nnumber\nDescription:  An issue existed in xnu\u0027s validation of TCP packet\nheaders. This issue was addressed through improved TCP packet header\nvalidation. \nCVE-ID\nCVE-2015-5879 : Jonathan Looney\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a local LAN segment may disable IPv6 routing\nDescription:  An insufficient validation issue existed in the\nhandling of IPv6 router advertisements that allowed an attacker to\nset the hop limit to an arbitrary value. This issue was addressed by\nenforcing a minimum hop limit. \nCVE-ID\nCVE-2015-5869 : Dennis Spindel Ljungmark\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed that led to the disclosure of kernel\nmemory layout. This was addressed through improved initialization of\nkernel memory structures. \nCVE-ID\nCVE-2015-5842 : beist of grayhash\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in debugging interfaces that led to\nthe disclosure of memory content. This issue was addressed by\nsanitizing output from debugging interfaces. \nCVE-ID\nCVE-2015-5870 : Apple\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A state management issue existed in debugging\nfunctionality. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team\n\nlibc\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\nCorporation\n\nlibpthread\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\n\nlibxpc\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Many SSH connections could cause a denial of service\nDescription:  launchd had no limit on the number of processes that\ncould be started by a network connection. This issue was addressed by\nlimiting the number of SSH processes to 40. \nCVE-ID\nCVE-2015-5881 : Apple\n\nLogin Window\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The screen lock may not engage after the specified time\nperiod\nDescription:  An issue existed with captured display locking. The\nissue was addressed through improved lock handling. \nCVE-ID\nCVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau\ninformationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni\nVaahtera, and an anonymous researcher\n\nlukemftpd\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A remote attacker may be able to deny service to the FTP\nserver\nDescription:  A glob-processing issue existed in tnftpd. This issue\nwas addressed through improved glob validation. \nCVE-ID\nCVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com\n\nMail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Printing an email may leak sensitive user information\nDescription:  An issue existed in Mail which bypassed user\npreferences when printing an email. This issue was addressed through\nimproved user preference enforcement. \nCVE-ID\nCVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,\nDennis Klein from Eschenburg, Germany, Jeff Hammett of Systim\nTechnology Partners\n\nMail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a privileged network position may be able to\nintercept attachments of S/MIME-encrypted e-mail sent via Mail Drop\nDescription:  An issue existed in handling encryption parameters for\nlarge email attachments sent via Mail Drop. The issue is addressed by\nno longer offering Mail Drop when sending an encrypted e-mail. \nCVE-ID\nCVE-2015-5884 : John McCombs of Integrated Mapping Ltd\n\nMultipeer Connectivity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to observe unprotected\nmultipeer data\nDescription:  An issue existed in convenience initializer handling in\nwhich encryption could be actively downgraded to a non-encrypted\nsession. This issue was addressed by changing the convenience\ninitializer to require encryption. \nCVE-ID\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\n\nNetworkExtension\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An uninitialized memory issue in the kernel led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved memory initialization. \nCVE-ID\nCVE-2015-5831 : Maxime Villard of m00nbsd\n\nNotes\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to leak sensitive user information\nDescription:  An issue existed in parsing links in the Notes\napplication. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher\n\nNotes\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to leak sensitive user information\nDescription:  A cross-site scripting issue existed in parsing text by\nthe Notes application. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2015-5875 : xisigr of Tencent\u0027s Xuanwu LAB (www.tencent.com)\n\nOpenSSH\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in OpenSSH\nDescription:  Multiple vulnerabilities existed in OpenSSH versions\nprior to 6.9. These issues were addressed by updating OpenSSH to\nversion 6.9. \nCVE-ID\nCVE-2014-2532\n\nOpenSSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-0286\nCVE-2015-0287\n\nprocmail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in procmail\nDescription:  Multiple vulnerabilities existed in procmail versions\nprior to 3.22. These issues were addressed by removing procmail. \nCVE-ID\nCVE-2014-3618\n\nremote_cmds\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with root\nprivileges\nDescription:  An issue existed in the usage of environment variables\nby the rsh binary. This issue was addressed by dropping setuid\nprivileges from the rsh binary. \nCVE-ID\nCVE-2015-5889 : Philip Pettersson\n\nremovefile\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Processing malicious data may lead to unexpected application\ntermination\nDescription:  An overflow fault existed in the checkint division\nroutines. This issue was addressed with improved division routines. \nCVE-ID\nCVE-2015-5840 : an anonymous researcher\n\nRuby\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in Ruby\nDescription:  Multiple vulnerabilities existed in Ruby versions prior\nto 2.0.0p645. These were addressed by updating Ruby to version\n2.0.0p645. \nCVE-ID\nCVE-2014-8080\nCVE-2014-8090\nCVE-2015-1855\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The lock state of the keychain may be incorrectly displayed\nto the user\nDescription:  A state management issue existed in the way keychain\nlock status was tracked. This issue was addressed through improved\nstate management. \nCVE-ID\nCVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,\nEric E. Lawrence, Apple\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A trust evaluation configured to require revocation checking\nmay succeed even if revocation checking fails\nDescription:  The kSecRevocationRequirePositiveResponse flag was\nspecified but not implemented. This issue was addressed by\nimplementing the flag. \nCVE-ID\nCVE-2015-5894 : Hannes Oud of kWallet GmbH\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A remote server may prompt for a certificate before\nidentifying itself\nDescription:  Secure Transport accepted the CertificateRequest\nmessage before the ServerKeyExchange message. This issue was\naddressed by requiring the ServerKeyExchange first. \nCVE-ID\nCVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nINRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of\nMicrosoft Research, Pierre-Yves Strub of IMDEA Software Institute\n\nSMB\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5891 : Ilja van Sprundel of IOActive\n\nSMB\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in SMBClient that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-5893 : Ilja van Sprundel of IOActive\n\nSQLite\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in SQLite v3.8.5\nDescription:  Multiple vulnerabilities existed in SQLite v3.8.5. \nThese issues were addressed by updating SQLite to version 3.8.10.2. \nCVE-ID\nCVE-2015-3414\nCVE-2015-3415\nCVE-2015-3416\n\nTelephony\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker can place phone calls without the user\u0027s\nknowledge when using Continuity\nDescription:  An issue existed in the authorization checks for\nplacing phone calls. This issue was addressed through improved\nauthorization checks. \nCVE-ID\nCVE-2015-3785 : Dan Bastone of Gotham Digital Science\n\nTerminal\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Maliciously crafted text could mislead the user in Terminal\nDescription:  Terminal did not handle bidirectional override\ncharacters in the same way when displaying text and when selecting\ntext. This issue was addressed by suppressing bidirectional override\ncharacters in Terminal. \nCVE-ID\nCVE-2015-5883 : an anonymous researcher\n\ntidy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in tidy. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\n\nTime Machine\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may gain access to keychain items\nDescription:  An issue existed in backups by the Time Machine\nframework. This issue was addressed through improved coverage of Time\nMachine backups. \nCVE-ID\nCVE-2015-5854 : Jonas Magazinius of Assured AB\n\nNote:  OS X El Capitan 10.11 includes the security content of\nSafari 9: https://support.apple.com/kb/HT205265. \n\nOS X El Capitan 10.11 may be obtained from the Mac App Store:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw\nS5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO\n/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6\nQhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54\nYJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop\nhpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O\nc3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR\n8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r\nN1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT\nfJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1\nnJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e\ng6jld/w5tPuCFhGucE7Z\n=XciV\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-06-10\nLast Updated: 2015-06-10\n\nPotential Security Impact: Remote denial of service (DoS), man-in-the-middle\n(MitM) attack, modification of data, local modification of data\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the HP-UX Apache\nWeb Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited\nremotely to create a Denial of Service (DoS) and other vulnerabilities. \n\nReferences:\n\nCVE-2013-5704 - Apache: Permissions, Privileges, and Access Control (CWE-264)\n\nCVE-2014-0118 - Apache: Resource Management Errors (CWE-399)\n\nCVE-2014-0226 - Apache: Race Conditions (CWE-362)\n\nCVE-2014-0227 - Tomcat: Data Handling (CWE-19)\n\nCVE-2014-0231 - PHP: Resource Management Errors (CWE-399)\n\nCVE-2014-8142 - PHP: Use After Free (CWE-416)\n\nCVE-2014-9709 - PHP: Buffer Errors (CWE-119)\n\nCVE-2015-0231 - PHP: Use After Free (CWE-416)\n\nCVE-2015-0273 - PHP: Use After Free (CWE-416)\n\nCVE-2015-1352 - PHP: Null Pointer Dereference (CWE-476)\n\nCVE-2015-2301 - PHP: Use After Free (CWE-416)\n\nCVE-2015-2305 - PHP: Numeric Errors (CWE-189)\n\nCVE-2015-2331 - PHP: Numeric Errors (CWE-189)\n\nCVE-2015-2783 - PHP: Buffer Errors (CWE-119)\n\nSSRT102066\n\nSSRT102067\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.31 running HP-UX Apache Web Server Suite v4.04 or earlier\n\nHP-UX B.11.31 running HP-UX Apache Web Server v2.2.15.22 or earlier\n\nHP-UX B.11.31 running Tomcat Servlet Engine v6.0.39.03 or earlier\n\nHP-UX B.11.31 running PHP v5.4.11.04 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-5704    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-0227    (AV:N/AC:L/Au:N/C:N/I:P/A:P)       6.4\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9709    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-1352    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-2305    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-2783    (AV:N/AC:M/Au:N/C:P/I:N/A:P)       5.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the\nvulnerabilities. \n\nThe updates are available for download from http://software.hp.com\n\nNOTE: HP-UX Web Server Suite v4.05 HPUXWSATW405 contains Apache v2.2.29.01,\nTomcat Servlet Engine 6.0.43.01, PHP 5.4.40.01, and Webmin v1.070.13\n\nHP-UX 11i Release\n Apache Depot name\n\nB.11.31 (11i v3 32-bit)\n HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot\n\nB.11.31 (11i v3 64-bit)\n HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v4.05 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.29.01 or subsequent\n\nhpuxws22TOMCAT.TOMCAT\naction: install revision C.6.0.43.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 10 June 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niEYEARECAAYFAlV4nnEACgkQ4B86/C0qfVnNlgCg3gDsUsP86K+UwNjIqDPPvzlX\nko0An3qKeH/kCmzlb7g2jHIv90x5L9cO\n=rrIH\n-----END PGP SIGNATURE-----\n. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:079\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : php\n Date    : March 28, 2015\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in php:\n \n S. Paraschoudis discovered that PHP incorrectly handled memory in\n the enchant binding. \n \n Taoguang Chen discovered that PHP incorrectly handled unserializing\n objects. \n \n It was discovered that PHP incorrectly handled memory in the phar\n extension. NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2014-8142 (CVE-2015-0231). \n \n An integer overflow flaw, leading to a heap-based buffer overflow,\n was found in the way libzip, which is embedded in PHP, processed\n certain ZIP archives. If an attacker were able to supply a specially\n crafted ZIP archive to an application using libzip, it could cause\n the application to crash or, possibly, execute arbitrary code\n (CVE-2015-2331). \n \n It was discovered that the PHP opcache component incorrectly handled\n memory. \n \n It was discovered that the PHP PostgreSQL database extension\n incorrectly handled certain pointers. The libzip packages\n has been patched to address the CVE-2015-2331 flaw. \n \n Additionally the php-xdebug package has been upgraded to the latest\n 2.3.2 and the PECL packages which requires so has been rebuilt for\n php-5.5.23. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n http://php.net/ChangeLog-5.php#5.5.22\n http://php.net/ChangeLog-5.php#5.5.23\n http://www.ubuntu.com/usn/usn-2535-1/\n http://www.ubuntu.com/usn/usn-2501-1/\n https://bugzilla.redhat.com/show_bug.cgi?id=1204676\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 3c1e2ab81c1731c63a99a4a7c66d48d3  mbs1/x86_64/apache-mod_php-5.5.23-1.mbs1.x86_64.rpm\n 6a12e93ebf52d6cb505652cb919b73c3  mbs1/x86_64/lib64php5_common5-5.5.23-1.mbs1.x86_64.rpm\n 92ae97e82c0bae091c65847f672f0369  mbs1/x86_64/lib64zip2-0.10.1-2.1.mbs1.x86_64.rpm\n ac28732246df9bf58921740921560c67  mbs1/x86_64/lib64zip-devel-0.10.1-2.1.mbs1.x86_64.rpm\n 538fad85574f17991959c00f0b4a43b1  mbs1/x86_64/libzip-0.10.1-2.1.mbs1.x86_64.rpm\n 70d44c88afb55e2b1519e8d3a71f274c  mbs1/x86_64/php-apc-3.1.15-1.17.mbs1.x86_64.rpm\n 2e2f9c88f1d92bc4f3f0e4df3908fd73  mbs1/x86_64/php-apc-admin-3.1.15-1.17.mbs1.x86_64.rpm\n e3d5f3fb0fcace77e78209986102b171  mbs1/x86_64/php-bcmath-5.5.23-1.mbs1.x86_64.rpm\n 1ca44e20629234028499eda497f27059  mbs1/x86_64/php-bz2-5.5.23-1.mbs1.x86_64.rpm\n 473167211cea7e0b62916e66921ee5a4  mbs1/x86_64/php-calendar-5.5.23-1.mbs1.x86_64.rpm\n 214618465b0e9b1dac6efb3b4f52b988  mbs1/x86_64/php-cgi-5.5.23-1.mbs1.x86_64.rpm\n 6b178d78c6dd197b6643e7e493bce359  mbs1/x86_64/php-cli-5.5.23-1.mbs1.x86_64.rpm\n c1d4dd5178780fc999f449024ebde36e  mbs1/x86_64/php-ctype-5.5.23-1.mbs1.x86_64.rpm\n 152132662ebefb9ade6fa67465b9af2a  mbs1/x86_64/php-curl-5.5.23-1.mbs1.x86_64.rpm\n 01961ff4ec2820dd005d336f0671fe04  mbs1/x86_64/php-dba-5.5.23-1.mbs1.x86_64.rpm\n 96a7ecb45d71793af39558a1369853e2  mbs1/x86_64/php-devel-5.5.23-1.mbs1.x86_64.rpm\n 2106bf2eb5a17f18379add6b17408ed3  mbs1/x86_64/php-doc-5.5.23-1.mbs1.noarch.rpm\n c657e211cc4627a792f67e6c9f5eb06b  mbs1/x86_64/php-dom-5.5.23-1.mbs1.x86_64.rpm\n 675db3e8eb585640b7a04a04e5ffce93  mbs1/x86_64/php-enchant-5.5.23-1.mbs1.x86_64.rpm\n bf345e51365465268e696684b77c9cc8  mbs1/x86_64/php-exif-5.5.23-1.mbs1.x86_64.rpm\n 69352287afb24b38ba68f995ddece5ab  mbs1/x86_64/php-fileinfo-5.5.23-1.mbs1.x86_64.rpm\n bbf3d7067c2bbc71a4a9ae5e353c6f8e  mbs1/x86_64/php-filter-5.5.23-1.mbs1.x86_64.rpm\n c6a25a432547a0e8d404dab281963d74  mbs1/x86_64/php-fpm-5.5.23-1.mbs1.x86_64.rpm\n 889332d46d1d9f1a2cf6421b6a5b5e3f  mbs1/x86_64/php-ftp-5.5.23-1.mbs1.x86_64.rpm\n 86a90c9565562b5b360eb11d431536e7  mbs1/x86_64/php-gd-5.5.23-1.mbs1.x86_64.rpm\n dba72038f9098f7332e969b19c9d65a8  mbs1/x86_64/php-gettext-5.5.23-1.mbs1.x86_64.rpm\n b25d3f9ded7322a2b28942648ec74ff4  mbs1/x86_64/php-gmp-5.5.23-1.mbs1.x86_64.rpm\n 9bf5bfcb843c2d3b71855792e6b2050e  mbs1/x86_64/php-hash-5.5.23-1.mbs1.x86_64.rpm\n 284a394dbe68e756c8813a53c0a89c66  mbs1/x86_64/php-iconv-5.5.23-1.mbs1.x86_64.rpm\n 9df2ec7f05f9a7955770e3ed4513cbfb  mbs1/x86_64/php-imap-5.5.23-1.mbs1.x86_64.rpm\n e5947618cc905d249191bcc2066ffed1  mbs1/x86_64/php-ini-5.5.23-1.mbs1.x86_64.rpm\n d4f9e91e2877d6aaff0ee07bc5bdd95b  mbs1/x86_64/php-intl-5.5.23-1.mbs1.x86_64.rpm\n 071ba0290df66c3ac1b0f0fa18ec2195  mbs1/x86_64/php-json-5.5.23-1.mbs1.x86_64.rpm\n 62146a98a0d24ee66cebd23887fc43fa  mbs1/x86_64/php-ldap-5.5.23-1.mbs1.x86_64.rpm\n 03a94596eaf34eaac0c7e6f88a6aa7cb  mbs1/x86_64/php-mbstring-5.5.23-1.mbs1.x86_64.rpm\n d966c79af040bd5c18dc4a2771bf7184  mbs1/x86_64/php-mcrypt-5.5.23-1.mbs1.x86_64.rpm\n 9ab71c0a90c649b4c31386a3582a5d26  mbs1/x86_64/php-mssql-5.5.23-1.mbs1.x86_64.rpm\n 80dd51f72e2cd0d854904dc7595a4bb0  mbs1/x86_64/php-mysql-5.5.23-1.mbs1.x86_64.rpm\n 88bc7c5a10b7a7f12b71b342afbbd18e  mbs1/x86_64/php-mysqli-5.5.23-1.mbs1.x86_64.rpm\n 231ec6adca00980d04f39ce5fd866a83  mbs1/x86_64/php-mysqlnd-5.5.23-1.mbs1.x86_64.rpm\n 2c831cf0074977bf76d413c5e9b3f9de  mbs1/x86_64/php-odbc-5.5.23-1.mbs1.x86_64.rpm\n 1a4553dcf596125aab2976b2f8c4792c  mbs1/x86_64/php-opcache-5.5.23-1.mbs1.x86_64.rpm\n 4cb160e28e8899628c6e698376add11f  mbs1/x86_64/php-openssl-5.5.23-1.mbs1.x86_64.rpm\n aa04993c7abe0539302a36527ad4674a  mbs1/x86_64/php-pcntl-5.5.23-1.mbs1.x86_64.rpm\n 57b65d1dec0785825ea2cc8462a2256d  mbs1/x86_64/php-pdo-5.5.23-1.mbs1.x86_64.rpm\n 6d5b8bf803d93067f4bce7daad5379ba  mbs1/x86_64/php-pdo_dblib-5.5.23-1.mbs1.x86_64.rpm\n 3785dea886512d3473b1cda3d762aa9c  mbs1/x86_64/php-pdo_mysql-5.5.23-1.mbs1.x86_64.rpm\n 330c62452427e64106c47fcd1e674ed6  mbs1/x86_64/php-pdo_odbc-5.5.23-1.mbs1.x86_64.rpm\n a3803c5de5acbb0d3c6a26c42b8ec39b  mbs1/x86_64/php-pdo_pgsql-5.5.23-1.mbs1.x86_64.rpm\n 2f6a19bc0adc914b46fbab06e3dc7ac7  mbs1/x86_64/php-pdo_sqlite-5.5.23-1.mbs1.x86_64.rpm\n 4d452c2c81e21f9ce1d08afadba60d6a  mbs1/x86_64/php-pgsql-5.5.23-1.mbs1.x86_64.rpm\n 39c301d412cbd28256f141fd409ea561  mbs1/x86_64/php-phar-5.5.23-1.mbs1.x86_64.rpm\n 9c78e1c9192cd1219f1415424156c491  mbs1/x86_64/php-posix-5.5.23-1.mbs1.x86_64.rpm\n 5bb762bd20418abbd99c38d0d14127d1  mbs1/x86_64/php-readline-5.5.23-1.mbs1.x86_64.rpm\n e97eb930df1a35f0646e62f88dd8b1e6  mbs1/x86_64/php-recode-5.5.23-1.mbs1.x86_64.rpm\n 2b4a91ff5da098a80fa0a74b184f9621  mbs1/x86_64/php-session-5.5.23-1.mbs1.x86_64.rpm\n 5ecc3ef7dde9a12cc70308c323c650f9  mbs1/x86_64/php-shmop-5.5.23-1.mbs1.x86_64.rpm\n 7380aeaced54d09831dc4828772a9b4f  mbs1/x86_64/php-snmp-5.5.23-1.mbs1.x86_64.rpm\n 030ca0276e74f616a1cc8866cc4a3149  mbs1/x86_64/php-soap-5.5.23-1.mbs1.x86_64.rpm\n ba8b4a7dafc450564d41bf54de7b2ea2  mbs1/x86_64/php-sockets-5.5.23-1.mbs1.x86_64.rpm\n 61859f052b4a89c1d4ea9bff4251041f  mbs1/x86_64/php-sqlite3-5.5.23-1.mbs1.x86_64.rpm\n 81639f4e567c6358f8d1b22c9e2acf98  mbs1/x86_64/php-sybase_ct-5.5.23-1.mbs1.x86_64.rpm\n 2f4a24db6aedc32c32f8a1d202a798e2  mbs1/x86_64/php-sysvmsg-5.5.23-1.mbs1.x86_64.rpm\n aab6b3451a848ebf916418e28303fb23  mbs1/x86_64/php-sysvsem-5.5.23-1.mbs1.x86_64.rpm\n 6820a01599b0e7d543cd6faa5adf1aee  mbs1/x86_64/php-sysvshm-5.5.23-1.mbs1.x86_64.rpm\n ed7aa5fc5226ede2325b64f862ba121b  mbs1/x86_64/php-tidy-5.5.23-1.mbs1.x86_64.rpm\n 6fd07a6cfcff5b6f5791b3c173d6de3f  mbs1/x86_64/php-tokenizer-5.5.23-1.mbs1.x86_64.rpm\n 7130ab17ba8d88e08abbff8cc5ce9406  mbs1/x86_64/php-wddx-5.5.23-1.mbs1.x86_64.rpm\n bb977de60a780898623b458e8be594fc  mbs1/x86_64/php-xdebug-2.3.2-1.mbs1.x86_64.rpm\n f66d72fa26d7c2ddf28cbd9834f50981  mbs1/x86_64/php-xml-5.5.23-1.mbs1.x86_64.rpm\n 52b65a29cce730602f7788545d8c68eb  mbs1/x86_64/php-xmlreader-5.5.23-1.mbs1.x86_64.rpm\n 8e7ce89111d36fa56003a7b2cfb5ca17  mbs1/x86_64/php-xmlrpc-5.5.23-1.mbs1.x86_64.rpm\n 64a27f8e54344c459ffa5a2bb1c33521  mbs1/x86_64/php-xmlwriter-5.5.23-1.mbs1.x86_64.rpm\n 506d5cd854c2d3140f38b67137fe4f16  mbs1/x86_64/php-xsl-5.5.23-1.mbs1.x86_64.rpm\n 3e74425e2868a46bf8db184feaeac041  mbs1/x86_64/php-zip-5.5.23-1.mbs1.x86_64.rpm\n fa27aa395c0d87bf832471e3f6f06c68  mbs1/x86_64/php-zlib-5.5.23-1.mbs1.x86_64.rpm \n 5be5023a4703f52af150c7fbcb2c4e5a  mbs1/SRPMS/libzip-0.10.1-2.1.mbs1.src.rpm\n bdf35808447e6b0224eb958adf086dc5  mbs1/SRPMS/php-5.5.23-1.mbs1.src.rpm\n a5047c3b6e20db0167f65ff6ad667e99  mbs1/SRPMS/php-apc-3.1.15-1.17.mbs1.src.rpm\n 2eb2949f57a66f2eed5110181ce7f8ce  mbs1/SRPMS/php-xdebug-2.3.2-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. ============================================================================\nUbuntu Security Notice USN-2535-1\nMarch 18, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n(CVE-2014-8117)\n\nS. \n(CVE-2015-2301)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.3\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.3\n  php5-cli                        5.5.12+dfsg-2ubuntu4.3\n  php5-enchant                    5.5.12+dfsg-2ubuntu4.3\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.3\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.7\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.7\n  php5-cli                        5.5.9+dfsg-1ubuntu4.7\n  php5-enchant                    5.5.9+dfsg-1ubuntu4.7\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.7\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.17\n  php5-cgi                        5.3.10-1ubuntu3.17\n  php5-cli                        5.3.10-1ubuntu3.17\n  php5-enchant                    5.3.10-1ubuntu3.17\n  php5-fpm                        5.3.10-1ubuntu3.17\n\nUbuntu 10.04 LTS:\n  libapache2-mod-php5             5.3.2-1ubuntu4.29\n  php5-cgi                        5.3.2-1ubuntu4.29\n  php5-cli                        5.3.2-1ubuntu4.29\n  php5-enchant                    5.3.2-1ubuntu4.29\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2535-1\n  CVE-2014-8117, CVE-2014-9705, CVE-2015-0273, CVE-2015-2301\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.3\n  https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.7\n  https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.17\n  https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.29\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2301"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      },
      {
        "db": "BID",
        "id": "73037"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80262"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2301"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "132263"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130885"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-2301",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "73037",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1031949",
        "trust": 1.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/03/15/6",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002002",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-624",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "130940",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-80262",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2301",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131577",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132263",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130885",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80262"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2301"
      },
      {
        "db": "BID",
        "id": "73037"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "132263"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-624"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2301"
      }
    ]
  },
  "id": "VAR-201503-0206",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80262"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:31:57.226000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "Sec Bug #68901",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=68901"
      },
      {
        "title": "Fixed bug #68901 (use after free)",
        "trust": 0.8,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b"
      },
      {
        "title": "Bug 1194747",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194747"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "php-src-php-5.6.6",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54699"
      },
      {
        "title": "php-src-php-5.6.6",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54698"
      },
      {
        "title": "php-src-php-5.5.22",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54697"
      },
      {
        "title": "php-src-php-5.5.22",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54696"
      },
      {
        "title": "php-src-php-5.4.38",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54695"
      },
      {
        "title": "php-src-php-5.4.38",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54694"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2535-1"
      },
      {
        "title": "Red Hat: CVE-2015-2301",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-2301"
      },
      {
        "title": "Debian Security Advisories: DSA-3198-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c4d31fb1a942bdc1ee4d9ee7c751940"
      },
      {
        "title": "Debian CVElist Bug Report Logs: php5: CVE-2015-2331",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ba7729d0dba9bfe30fe987c59a0c7f95"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-509",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-509"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-2301"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-624"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2301"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=68901"
      },
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/73037"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-2535-1"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194747"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.8,
        "url": "http://www.debian.org/security/2015/dsa-3198"
      },
      {
        "trust": 1.8,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:079"
      },
      {
        "trust": 1.8,
        "url": "http://openwall.com/lists/oss-security/2015/03/15/6"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1053.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1031949"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2301"
      },
      {
        "trust": 1.0,
        "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=b2cf3f064b8f5efef89bb084521b61318c71781b"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2301"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.4,
        "url": "http://php.net/changelog-5.php#5.5.22"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2331"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.3,
        "url": "http://php.net/changelog-5.php#5.6.6"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/apr/151"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04686230"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2331"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1351"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143748090628601\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=144050155601375\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143403519711434\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2535-1/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41307"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2305"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8080"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8090"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3951"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8147"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht205265."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8611"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://www.tencent.com)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2535-1/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2501-1/"
      },
      {
        "trust": 0.1,
        "url": "http://php.net/changelog-5.php#5.5.23"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204676"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.17"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8117"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.29"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.7"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80262"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2301"
      },
      {
        "db": "BID",
        "id": "73037"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "132263"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-624"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2301"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-80262"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2301"
      },
      {
        "db": "BID",
        "id": "73037"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "132263"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-624"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2301"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80262"
      },
      {
        "date": "2015-03-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-2301"
      },
      {
        "date": "2015-02-20T00:00:00",
        "db": "BID",
        "id": "73037"
      },
      {
        "date": "2015-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      },
      {
        "date": "2015-04-22T20:14:00",
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "date": "2015-10-01T16:33:47",
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "date": "2015-06-11T23:41:13",
        "db": "PACKETSTORM",
        "id": "132263"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-03-30T21:16:25",
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "date": "2015-03-19T00:38:57",
        "db": "PACKETSTORM",
        "id": "130885"
      },
      {
        "date": "2015-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-624"
      },
      {
        "date": "2015-03-30T10:59:10.630000",
        "db": "NVD",
        "id": "CVE-2015-2301"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80262"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-2301"
      },
      {
        "date": "2016-07-05T21:28:00",
        "db": "BID",
        "id": "73037"
      },
      {
        "date": "2015-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      },
      {
        "date": "2022-08-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-624"
      },
      {
        "date": "2023-11-07T02:25:12.740000",
        "db": "NVD",
        "id": "CVE-2015-2301"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131081"
      },
      {
        "db": "PACKETSTORM",
        "id": "130885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-624"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  phar_object.c of  phar_rename_archive Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002002"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-624"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0267
Vulnerability from variot

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. PHP is prone to multiple security-bypass vulnerabilities. An attacker can leverage these issues to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language supports multiple grammars, multiple databases and operating systems, and supports C and C++ for program expansion. A security vulnerability exists in PHP due to the program truncating pathnames when it encounters '\x00' bytes. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: php55-php security update Advisory ID: RHSA-2015:1186-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1186.html Issue date: 2015-06-25 CVE Names: CVE-2015-2783 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4598 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 =====================================================================

  1. Summary:

Updated php55-php packages that fix multiple security issues are now available for Red Hat Software Collections 2.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2015-4604, CVE-2015-4605)

All php55-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: php55-php-5.5.21-4.el6.src.rpm

x86_64: php55-php-5.5.21-4.el6.x86_64.rpm php55-php-bcmath-5.5.21-4.el6.x86_64.rpm php55-php-cli-5.5.21-4.el6.x86_64.rpm php55-php-common-5.5.21-4.el6.x86_64.rpm php55-php-dba-5.5.21-4.el6.x86_64.rpm php55-php-debuginfo-5.5.21-4.el6.x86_64.rpm php55-php-devel-5.5.21-4.el6.x86_64.rpm php55-php-enchant-5.5.21-4.el6.x86_64.rpm php55-php-fpm-5.5.21-4.el6.x86_64.rpm php55-php-gd-5.5.21-4.el6.x86_64.rpm php55-php-gmp-5.5.21-4.el6.x86_64.rpm php55-php-imap-5.5.21-4.el6.x86_64.rpm php55-php-intl-5.5.21-4.el6.x86_64.rpm php55-php-ldap-5.5.21-4.el6.x86_64.rpm php55-php-mbstring-5.5.21-4.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-4.el6.x86_64.rpm php55-php-odbc-5.5.21-4.el6.x86_64.rpm php55-php-opcache-5.5.21-4.el6.x86_64.rpm php55-php-pdo-5.5.21-4.el6.x86_64.rpm php55-php-pgsql-5.5.21-4.el6.x86_64.rpm php55-php-process-5.5.21-4.el6.x86_64.rpm php55-php-pspell-5.5.21-4.el6.x86_64.rpm php55-php-recode-5.5.21-4.el6.x86_64.rpm php55-php-snmp-5.5.21-4.el6.x86_64.rpm php55-php-soap-5.5.21-4.el6.x86_64.rpm php55-php-tidy-5.5.21-4.el6.x86_64.rpm php55-php-xml-5.5.21-4.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-4.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):

Source: php55-php-5.5.21-4.el6.src.rpm

x86_64: php55-php-5.5.21-4.el6.x86_64.rpm php55-php-bcmath-5.5.21-4.el6.x86_64.rpm php55-php-cli-5.5.21-4.el6.x86_64.rpm php55-php-common-5.5.21-4.el6.x86_64.rpm php55-php-dba-5.5.21-4.el6.x86_64.rpm php55-php-debuginfo-5.5.21-4.el6.x86_64.rpm php55-php-devel-5.5.21-4.el6.x86_64.rpm php55-php-enchant-5.5.21-4.el6.x86_64.rpm php55-php-fpm-5.5.21-4.el6.x86_64.rpm php55-php-gd-5.5.21-4.el6.x86_64.rpm php55-php-gmp-5.5.21-4.el6.x86_64.rpm php55-php-imap-5.5.21-4.el6.x86_64.rpm php55-php-intl-5.5.21-4.el6.x86_64.rpm php55-php-ldap-5.5.21-4.el6.x86_64.rpm php55-php-mbstring-5.5.21-4.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-4.el6.x86_64.rpm php55-php-odbc-5.5.21-4.el6.x86_64.rpm php55-php-opcache-5.5.21-4.el6.x86_64.rpm php55-php-pdo-5.5.21-4.el6.x86_64.rpm php55-php-pgsql-5.5.21-4.el6.x86_64.rpm php55-php-process-5.5.21-4.el6.x86_64.rpm php55-php-pspell-5.5.21-4.el6.x86_64.rpm php55-php-recode-5.5.21-4.el6.x86_64.rpm php55-php-snmp-5.5.21-4.el6.x86_64.rpm php55-php-soap-5.5.21-4.el6.x86_64.rpm php55-php-tidy-5.5.21-4.el6.x86_64.rpm php55-php-xml-5.5.21-4.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-4.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source: php55-php-5.5.21-4.el6.src.rpm

x86_64: php55-php-5.5.21-4.el6.x86_64.rpm php55-php-bcmath-5.5.21-4.el6.x86_64.rpm php55-php-cli-5.5.21-4.el6.x86_64.rpm php55-php-common-5.5.21-4.el6.x86_64.rpm php55-php-dba-5.5.21-4.el6.x86_64.rpm php55-php-debuginfo-5.5.21-4.el6.x86_64.rpm php55-php-devel-5.5.21-4.el6.x86_64.rpm php55-php-enchant-5.5.21-4.el6.x86_64.rpm php55-php-fpm-5.5.21-4.el6.x86_64.rpm php55-php-gd-5.5.21-4.el6.x86_64.rpm php55-php-gmp-5.5.21-4.el6.x86_64.rpm php55-php-imap-5.5.21-4.el6.x86_64.rpm php55-php-intl-5.5.21-4.el6.x86_64.rpm php55-php-ldap-5.5.21-4.el6.x86_64.rpm php55-php-mbstring-5.5.21-4.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-4.el6.x86_64.rpm php55-php-odbc-5.5.21-4.el6.x86_64.rpm php55-php-opcache-5.5.21-4.el6.x86_64.rpm php55-php-pdo-5.5.21-4.el6.x86_64.rpm php55-php-pgsql-5.5.21-4.el6.x86_64.rpm php55-php-process-5.5.21-4.el6.x86_64.rpm php55-php-pspell-5.5.21-4.el6.x86_64.rpm php55-php-recode-5.5.21-4.el6.x86_64.rpm php55-php-snmp-5.5.21-4.el6.x86_64.rpm php55-php-soap-5.5.21-4.el6.x86_64.rpm php55-php-tidy-5.5.21-4.el6.x86_64.rpm php55-php-xml-5.5.21-4.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-4.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: php55-php-5.5.21-4.el6.src.rpm

x86_64: php55-php-5.5.21-4.el6.x86_64.rpm php55-php-bcmath-5.5.21-4.el6.x86_64.rpm php55-php-cli-5.5.21-4.el6.x86_64.rpm php55-php-common-5.5.21-4.el6.x86_64.rpm php55-php-dba-5.5.21-4.el6.x86_64.rpm php55-php-debuginfo-5.5.21-4.el6.x86_64.rpm php55-php-devel-5.5.21-4.el6.x86_64.rpm php55-php-enchant-5.5.21-4.el6.x86_64.rpm php55-php-fpm-5.5.21-4.el6.x86_64.rpm php55-php-gd-5.5.21-4.el6.x86_64.rpm php55-php-gmp-5.5.21-4.el6.x86_64.rpm php55-php-imap-5.5.21-4.el6.x86_64.rpm php55-php-intl-5.5.21-4.el6.x86_64.rpm php55-php-ldap-5.5.21-4.el6.x86_64.rpm php55-php-mbstring-5.5.21-4.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-4.el6.x86_64.rpm php55-php-odbc-5.5.21-4.el6.x86_64.rpm php55-php-opcache-5.5.21-4.el6.x86_64.rpm php55-php-pdo-5.5.21-4.el6.x86_64.rpm php55-php-pgsql-5.5.21-4.el6.x86_64.rpm php55-php-process-5.5.21-4.el6.x86_64.rpm php55-php-pspell-5.5.21-4.el6.x86_64.rpm php55-php-recode-5.5.21-4.el6.x86_64.rpm php55-php-snmp-5.5.21-4.el6.x86_64.rpm php55-php-soap-5.5.21-4.el6.x86_64.rpm php55-php-tidy-5.5.21-4.el6.x86_64.rpm php55-php-xml-5.5.21-4.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-4.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: php55-php-5.5.21-4.el7.src.rpm

x86_64: php55-php-5.5.21-4.el7.x86_64.rpm php55-php-bcmath-5.5.21-4.el7.x86_64.rpm php55-php-cli-5.5.21-4.el7.x86_64.rpm php55-php-common-5.5.21-4.el7.x86_64.rpm php55-php-dba-5.5.21-4.el7.x86_64.rpm php55-php-debuginfo-5.5.21-4.el7.x86_64.rpm php55-php-devel-5.5.21-4.el7.x86_64.rpm php55-php-enchant-5.5.21-4.el7.x86_64.rpm php55-php-fpm-5.5.21-4.el7.x86_64.rpm php55-php-gd-5.5.21-4.el7.x86_64.rpm php55-php-gmp-5.5.21-4.el7.x86_64.rpm php55-php-intl-5.5.21-4.el7.x86_64.rpm php55-php-ldap-5.5.21-4.el7.x86_64.rpm php55-php-mbstring-5.5.21-4.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-4.el7.x86_64.rpm php55-php-odbc-5.5.21-4.el7.x86_64.rpm php55-php-opcache-5.5.21-4.el7.x86_64.rpm php55-php-pdo-5.5.21-4.el7.x86_64.rpm php55-php-pgsql-5.5.21-4.el7.x86_64.rpm php55-php-process-5.5.21-4.el7.x86_64.rpm php55-php-pspell-5.5.21-4.el7.x86_64.rpm php55-php-recode-5.5.21-4.el7.x86_64.rpm php55-php-snmp-5.5.21-4.el7.x86_64.rpm php55-php-soap-5.5.21-4.el7.x86_64.rpm php55-php-xml-5.5.21-4.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-4.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):

Source: php55-php-5.5.21-4.el7.src.rpm

x86_64: php55-php-5.5.21-4.el7.x86_64.rpm php55-php-bcmath-5.5.21-4.el7.x86_64.rpm php55-php-cli-5.5.21-4.el7.x86_64.rpm php55-php-common-5.5.21-4.el7.x86_64.rpm php55-php-dba-5.5.21-4.el7.x86_64.rpm php55-php-debuginfo-5.5.21-4.el7.x86_64.rpm php55-php-devel-5.5.21-4.el7.x86_64.rpm php55-php-enchant-5.5.21-4.el7.x86_64.rpm php55-php-fpm-5.5.21-4.el7.x86_64.rpm php55-php-gd-5.5.21-4.el7.x86_64.rpm php55-php-gmp-5.5.21-4.el7.x86_64.rpm php55-php-intl-5.5.21-4.el7.x86_64.rpm php55-php-ldap-5.5.21-4.el7.x86_64.rpm php55-php-mbstring-5.5.21-4.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-4.el7.x86_64.rpm php55-php-odbc-5.5.21-4.el7.x86_64.rpm php55-php-opcache-5.5.21-4.el7.x86_64.rpm php55-php-pdo-5.5.21-4.el7.x86_64.rpm php55-php-pgsql-5.5.21-4.el7.x86_64.rpm php55-php-process-5.5.21-4.el7.x86_64.rpm php55-php-pspell-5.5.21-4.el7.x86_64.rpm php55-php-recode-5.5.21-4.el7.x86_64.rpm php55-php-snmp-5.5.21-4.el7.x86_64.rpm php55-php-soap-5.5.21-4.el7.x86_64.rpm php55-php-xml-5.5.21-4.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-4.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: php55-php-5.5.21-4.el7.src.rpm

x86_64: php55-php-5.5.21-4.el7.x86_64.rpm php55-php-bcmath-5.5.21-4.el7.x86_64.rpm php55-php-cli-5.5.21-4.el7.x86_64.rpm php55-php-common-5.5.21-4.el7.x86_64.rpm php55-php-dba-5.5.21-4.el7.x86_64.rpm php55-php-debuginfo-5.5.21-4.el7.x86_64.rpm php55-php-devel-5.5.21-4.el7.x86_64.rpm php55-php-enchant-5.5.21-4.el7.x86_64.rpm php55-php-fpm-5.5.21-4.el7.x86_64.rpm php55-php-gd-5.5.21-4.el7.x86_64.rpm php55-php-gmp-5.5.21-4.el7.x86_64.rpm php55-php-intl-5.5.21-4.el7.x86_64.rpm php55-php-ldap-5.5.21-4.el7.x86_64.rpm php55-php-mbstring-5.5.21-4.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-4.el7.x86_64.rpm php55-php-odbc-5.5.21-4.el7.x86_64.rpm php55-php-opcache-5.5.21-4.el7.x86_64.rpm php55-php-pdo-5.5.21-4.el7.x86_64.rpm php55-php-pgsql-5.5.21-4.el7.x86_64.rpm php55-php-process-5.5.21-4.el7.x86_64.rpm php55-php-pspell-5.5.21-4.el7.x86_64.rpm php55-php-recode-5.5.21-4.el7.x86_64.rpm php55-php-snmp-5.5.21-4.el7.x86_64.rpm php55-php-soap-5.5.21-4.el7.x86_64.rpm php55-php-xml-5.5.21-4.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVi8HYXlSAg2UNWIIRAiyPAJ99IZMPIkUJWe8WmApDpEGV6ff98wCgxBYL TtBX6SWqx78H/4bsQXtRlo4= =EuyB -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2658-1 July 06, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description: - php5: HTML-embedded scripting language interpreter

Details:

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)

Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. (CVE-2015-4021)

Max Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. (CVE-2015-4022, CVE-2015-4643)

Shusheng Liu discovered that PHP incorrectly handled certain malformed form data. (CVE-2015-4024)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. (CVE-2015-4147)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4644)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.2 php5-cgi 5.6.4+dfsg-4ubuntu6.2 php5-cli 5.6.4+dfsg-4ubuntu6.2 php5-fpm 5.6.4+dfsg-4ubuntu6.2

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.6 php5-cgi 5.5.12+dfsg-2ubuntu4.6 php5-cli 5.5.12+dfsg-2ubuntu4.6 php5-fpm 5.5.12+dfsg-2ubuntu4.6

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.11 php5-cgi 5.5.9+dfsg-1ubuntu4.11 php5-cli 5.5.9+dfsg-1ubuntu4.11 php5-fpm 5.5.9+dfsg-1ubuntu4.11

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.19 php5-cgi 5.3.10-1ubuntu3.19 php5-cli 5.3.10-1ubuntu3.19 php5-fpm 5.3.10-1ubuntu3.19

In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.41-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 5e8d107dba11f8c87693edfdc32f56b7 php-5.4.41-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 24d6895fe6b0e9c88b04ceaccc35383d php-5.4.41-x86_64-1_slack14.0.txz

Slackware 14.1 package: 52011eec3a256a365789562b63e8ba84 php-5.4.41-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 82b75af6253121cab6cc84dd714f554c php-5.4.41-x86_64-1_slack14.1.txz

Slackware -current package: e1c64f133f44b0abac21e0846e39d3c8 n/php-5.6.9-i586-1.txz

Slackware x86_64 -current package: ae51c99af34a4bd8721e7140c38a8c1a n/php-5.6.9-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.4.41-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.

CVE-2015-4024

Denial of service when processing multipart/form-data requests.

For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.41-0+deb7u1.

For the stable distribution (jessie), these problems have been fixed in version 5.6.9+dfsg-0+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 5.6.9+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in version 5.6.9+dfsg-1.

We recommend that you upgrade your php5 packages

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0267",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.14"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.28"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.19"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.15"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.35"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.30"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.14"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.2"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.33"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.7"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.15"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.32"
      },
      {
        "model": "tealeaf customer experience 9.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.34"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.26"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.4"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.41"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.16"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.2"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.25"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.37"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.36"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.27"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.29"
      },
      {
        "model": "tealeaf customer experience 9.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "5.4.0rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "php",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.18"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.31"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.23"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.21"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74904"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4025"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.40",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4025"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tomas Hoger",
    "sources": [
      {
        "db": "BID",
        "id": "74904"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-4025",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-4025",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81986",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4025",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-613",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81986",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-4025",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81986"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4025"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4025"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. PHP is prone to multiple security-bypass vulnerabilities. \nAn attacker can leverage these issues to bypass security restrictions and  perform unauthorized actions. This may aid in further attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language supports multiple grammars, multiple databases and operating systems, and supports C and C++ for program expansion. A security vulnerability exists in PHP due to the program truncating pathnames when it encounters \u0027\\x00\u0027 bytes. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: php55-php security update\nAdvisory ID:       RHSA-2015:1186-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1186.html\nIssue date:        2015-06-25\nCVE Names:         CVE-2015-2783 CVE-2015-3307 CVE-2015-3329 \n                   CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 \n                   CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 \n                   CVE-2015-4025 CVE-2015-4026 CVE-2015-4598 \n                   CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 \n                   CVE-2015-4605 \n=====================================================================\n\n1. Summary:\n\nUpdated php55-php packages that fix multiple security issues are now\navailable for Red Hat Software Collections 2. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,\nCVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP\u0027s File Information (fileinfo) extension. \nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2015-4604,\nCVE-2015-4605)\n\nAll php55-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS\n1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp55-php-5.5.21-4.el6.src.rpm\n\nx86_64:\nphp55-php-5.5.21-4.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-4.el6.x86_64.rpm\nphp55-php-cli-5.5.21-4.el6.x86_64.rpm\nphp55-php-common-5.5.21-4.el6.x86_64.rpm\nphp55-php-dba-5.5.21-4.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-4.el6.x86_64.rpm\nphp55-php-devel-5.5.21-4.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-4.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-4.el6.x86_64.rpm\nphp55-php-gd-5.5.21-4.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-4.el6.x86_64.rpm\nphp55-php-imap-5.5.21-4.el6.x86_64.rpm\nphp55-php-intl-5.5.21-4.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-4.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-4.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-4.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-4.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-4.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-4.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-4.el6.x86_64.rpm\nphp55-php-process-5.5.21-4.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-4.el6.x86_64.rpm\nphp55-php-recode-5.5.21-4.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-4.el6.x86_64.rpm\nphp55-php-soap-5.5.21-4.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-4.el6.x86_64.rpm\nphp55-php-xml-5.5.21-4.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nphp55-php-5.5.21-4.el6.src.rpm\n\nx86_64:\nphp55-php-5.5.21-4.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-4.el6.x86_64.rpm\nphp55-php-cli-5.5.21-4.el6.x86_64.rpm\nphp55-php-common-5.5.21-4.el6.x86_64.rpm\nphp55-php-dba-5.5.21-4.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-4.el6.x86_64.rpm\nphp55-php-devel-5.5.21-4.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-4.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-4.el6.x86_64.rpm\nphp55-php-gd-5.5.21-4.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-4.el6.x86_64.rpm\nphp55-php-imap-5.5.21-4.el6.x86_64.rpm\nphp55-php-intl-5.5.21-4.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-4.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-4.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-4.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-4.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-4.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-4.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-4.el6.x86_64.rpm\nphp55-php-process-5.5.21-4.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-4.el6.x86_64.rpm\nphp55-php-recode-5.5.21-4.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-4.el6.x86_64.rpm\nphp55-php-soap-5.5.21-4.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-4.el6.x86_64.rpm\nphp55-php-xml-5.5.21-4.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nphp55-php-5.5.21-4.el6.src.rpm\n\nx86_64:\nphp55-php-5.5.21-4.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-4.el6.x86_64.rpm\nphp55-php-cli-5.5.21-4.el6.x86_64.rpm\nphp55-php-common-5.5.21-4.el6.x86_64.rpm\nphp55-php-dba-5.5.21-4.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-4.el6.x86_64.rpm\nphp55-php-devel-5.5.21-4.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-4.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-4.el6.x86_64.rpm\nphp55-php-gd-5.5.21-4.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-4.el6.x86_64.rpm\nphp55-php-imap-5.5.21-4.el6.x86_64.rpm\nphp55-php-intl-5.5.21-4.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-4.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-4.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-4.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-4.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-4.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-4.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-4.el6.x86_64.rpm\nphp55-php-process-5.5.21-4.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-4.el6.x86_64.rpm\nphp55-php-recode-5.5.21-4.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-4.el6.x86_64.rpm\nphp55-php-soap-5.5.21-4.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-4.el6.x86_64.rpm\nphp55-php-xml-5.5.21-4.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp55-php-5.5.21-4.el6.src.rpm\n\nx86_64:\nphp55-php-5.5.21-4.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-4.el6.x86_64.rpm\nphp55-php-cli-5.5.21-4.el6.x86_64.rpm\nphp55-php-common-5.5.21-4.el6.x86_64.rpm\nphp55-php-dba-5.5.21-4.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-4.el6.x86_64.rpm\nphp55-php-devel-5.5.21-4.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-4.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-4.el6.x86_64.rpm\nphp55-php-gd-5.5.21-4.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-4.el6.x86_64.rpm\nphp55-php-imap-5.5.21-4.el6.x86_64.rpm\nphp55-php-intl-5.5.21-4.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-4.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-4.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-4.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-4.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-4.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-4.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-4.el6.x86_64.rpm\nphp55-php-process-5.5.21-4.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-4.el6.x86_64.rpm\nphp55-php-recode-5.5.21-4.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-4.el6.x86_64.rpm\nphp55-php-soap-5.5.21-4.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-4.el6.x86_64.rpm\nphp55-php-xml-5.5.21-4.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp55-php-5.5.21-4.el7.src.rpm\n\nx86_64:\nphp55-php-5.5.21-4.el7.x86_64.rpm\nphp55-php-bcmath-5.5.21-4.el7.x86_64.rpm\nphp55-php-cli-5.5.21-4.el7.x86_64.rpm\nphp55-php-common-5.5.21-4.el7.x86_64.rpm\nphp55-php-dba-5.5.21-4.el7.x86_64.rpm\nphp55-php-debuginfo-5.5.21-4.el7.x86_64.rpm\nphp55-php-devel-5.5.21-4.el7.x86_64.rpm\nphp55-php-enchant-5.5.21-4.el7.x86_64.rpm\nphp55-php-fpm-5.5.21-4.el7.x86_64.rpm\nphp55-php-gd-5.5.21-4.el7.x86_64.rpm\nphp55-php-gmp-5.5.21-4.el7.x86_64.rpm\nphp55-php-intl-5.5.21-4.el7.x86_64.rpm\nphp55-php-ldap-5.5.21-4.el7.x86_64.rpm\nphp55-php-mbstring-5.5.21-4.el7.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-4.el7.x86_64.rpm\nphp55-php-odbc-5.5.21-4.el7.x86_64.rpm\nphp55-php-opcache-5.5.21-4.el7.x86_64.rpm\nphp55-php-pdo-5.5.21-4.el7.x86_64.rpm\nphp55-php-pgsql-5.5.21-4.el7.x86_64.rpm\nphp55-php-process-5.5.21-4.el7.x86_64.rpm\nphp55-php-pspell-5.5.21-4.el7.x86_64.rpm\nphp55-php-recode-5.5.21-4.el7.x86_64.rpm\nphp55-php-snmp-5.5.21-4.el7.x86_64.rpm\nphp55-php-soap-5.5.21-4.el7.x86_64.rpm\nphp55-php-xml-5.5.21-4.el7.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-4.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nphp55-php-5.5.21-4.el7.src.rpm\n\nx86_64:\nphp55-php-5.5.21-4.el7.x86_64.rpm\nphp55-php-bcmath-5.5.21-4.el7.x86_64.rpm\nphp55-php-cli-5.5.21-4.el7.x86_64.rpm\nphp55-php-common-5.5.21-4.el7.x86_64.rpm\nphp55-php-dba-5.5.21-4.el7.x86_64.rpm\nphp55-php-debuginfo-5.5.21-4.el7.x86_64.rpm\nphp55-php-devel-5.5.21-4.el7.x86_64.rpm\nphp55-php-enchant-5.5.21-4.el7.x86_64.rpm\nphp55-php-fpm-5.5.21-4.el7.x86_64.rpm\nphp55-php-gd-5.5.21-4.el7.x86_64.rpm\nphp55-php-gmp-5.5.21-4.el7.x86_64.rpm\nphp55-php-intl-5.5.21-4.el7.x86_64.rpm\nphp55-php-ldap-5.5.21-4.el7.x86_64.rpm\nphp55-php-mbstring-5.5.21-4.el7.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-4.el7.x86_64.rpm\nphp55-php-odbc-5.5.21-4.el7.x86_64.rpm\nphp55-php-opcache-5.5.21-4.el7.x86_64.rpm\nphp55-php-pdo-5.5.21-4.el7.x86_64.rpm\nphp55-php-pgsql-5.5.21-4.el7.x86_64.rpm\nphp55-php-process-5.5.21-4.el7.x86_64.rpm\nphp55-php-pspell-5.5.21-4.el7.x86_64.rpm\nphp55-php-recode-5.5.21-4.el7.x86_64.rpm\nphp55-php-snmp-5.5.21-4.el7.x86_64.rpm\nphp55-php-soap-5.5.21-4.el7.x86_64.rpm\nphp55-php-xml-5.5.21-4.el7.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-4.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp55-php-5.5.21-4.el7.src.rpm\n\nx86_64:\nphp55-php-5.5.21-4.el7.x86_64.rpm\nphp55-php-bcmath-5.5.21-4.el7.x86_64.rpm\nphp55-php-cli-5.5.21-4.el7.x86_64.rpm\nphp55-php-common-5.5.21-4.el7.x86_64.rpm\nphp55-php-dba-5.5.21-4.el7.x86_64.rpm\nphp55-php-debuginfo-5.5.21-4.el7.x86_64.rpm\nphp55-php-devel-5.5.21-4.el7.x86_64.rpm\nphp55-php-enchant-5.5.21-4.el7.x86_64.rpm\nphp55-php-fpm-5.5.21-4.el7.x86_64.rpm\nphp55-php-gd-5.5.21-4.el7.x86_64.rpm\nphp55-php-gmp-5.5.21-4.el7.x86_64.rpm\nphp55-php-intl-5.5.21-4.el7.x86_64.rpm\nphp55-php-ldap-5.5.21-4.el7.x86_64.rpm\nphp55-php-mbstring-5.5.21-4.el7.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-4.el7.x86_64.rpm\nphp55-php-odbc-5.5.21-4.el7.x86_64.rpm\nphp55-php-opcache-5.5.21-4.el7.x86_64.rpm\nphp55-php-pdo-5.5.21-4.el7.x86_64.rpm\nphp55-php-pgsql-5.5.21-4.el7.x86_64.rpm\nphp55-php-process-5.5.21-4.el7.x86_64.rpm\nphp55-php-pspell-5.5.21-4.el7.x86_64.rpm\nphp55-php-recode-5.5.21-4.el7.x86_64.rpm\nphp55-php-snmp-5.5.21-4.el7.x86_64.rpm\nphp55-php-soap-5.5.21-4.el7.x86_64.rpm\nphp55-php-xml-5.5.21-4.el7.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3330\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4025\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/cve/CVE-2015-4604\nhttps://access.redhat.com/security/cve/CVE-2015-4605\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVi8HYXlSAg2UNWIIRAiyPAJ99IZMPIkUJWe8WmApDpEGV6ff98wCgxBYL\nTtBX6SWqx78H/4bsQXtRlo4=\n=EuyB\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ============================================================================\nUbuntu Security Notice USN-2658-1\nJuly 06, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n\nSoftware Description:\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nNeal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL\nbytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled\nfilenames starting with a NULL byte. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command\nwhen connecting to remote FTP servers. (CVE-2015-4022,\nCVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed form\ndata. (CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\ndata types. (CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\nthat the uri property is a string. A remote attacker could possibly use these issues to\nobtain sensitive information or cause a denial of service. This issue only affected Ubuntu\n15.04. (CVE-2015-4644)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libapache2-mod-php5             5.6.4+dfsg-4ubuntu6.2\n  php5-cgi                        5.6.4+dfsg-4ubuntu6.2\n  php5-cli                        5.6.4+dfsg-4ubuntu6.2\n  php5-fpm                        5.6.4+dfsg-4ubuntu6.2\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.6\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.6\n  php5-cli                        5.5.12+dfsg-2ubuntu4.6\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.6\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.11\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.11\n  php5-cli                        5.5.9+dfsg-1ubuntu4.11\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.11\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.19\n  php5-cgi                        5.3.10-1ubuntu3.19\n  php5-cli                        5.3.10-1ubuntu3.19\n  php5-fpm                        5.3.10-1ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.41-i486-1_slack14.1.txz:  Upgraded. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n5e8d107dba11f8c87693edfdc32f56b7  php-5.4.41-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n24d6895fe6b0e9c88b04ceaccc35383d  php-5.4.41-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n52011eec3a256a365789562b63e8ba84  php-5.4.41-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n82b75af6253121cab6cc84dd714f554c  php-5.4.41-x86_64-1_slack14.1.txz\n\nSlackware -current package:\ne1c64f133f44b0abac21e0846e39d3c8  n/php-5.6.9-i586-1.txz\n\nSlackware x86_64 -current package:\nae51c99af34a4bd8721e7140c38a8c1a  n/php-5.6.9-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.41-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n\nCVE-2015-4024\n\n    Denial of service when processing multipart/form-data requests. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1. \n\nWe recommend that you upgrade your php5 packages",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4025"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      },
      {
        "db": "BID",
        "id": "74904"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81986"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4025"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4025",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "74904",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032431",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003051",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-613",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81986",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4025",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132440",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132531",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132442",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132284",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132198",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81986"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4025"
      },
      {
        "db": "BID",
        "id": "74904"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4025"
      }
    ]
  },
  "id": "VAR-201506-0267",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81986"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:10:45.318000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "Sec Bug #69418",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69418"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "TLSA-2015-15",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-15j.html"
      },
      {
        "title": "php-src-php-5.5.25",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56180"
      },
      {
        "title": "php-src-php-5.6.9",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56183"
      },
      {
        "title": "php-src-php-5.6.9",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56182"
      },
      {
        "title": "php-src-php-5.5.25",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56181"
      },
      {
        "title": "php-src-php-5.4.41",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56179"
      },
      {
        "title": "php-src-php-5.4.41",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56178"
      },
      {
        "title": "Red Hat: CVE-2015-4025",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-4025"
      },
      {
        "title": "Debian Security Advisories: DSA-3280-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=46f85ac4e3abfa7a18e115fb47892db6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-535",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-535"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-534",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-534"
      },
      {
        "title": "Tenable Security Advisories: [R4] SecurityCenter 5.0.0.1 Affected by Third-party Library",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-06"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-536",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-536"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2658-1"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-4025"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4025"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=69418"
      },
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1186.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/74904"
      },
      {
        "trust": 1.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "http://www.debian.org/security/2015/dsa-3280"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158616.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/159031.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158915.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1219.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1032431"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4025"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4025"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223408"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.oracle.com/technetwork/topics/security/bulletinjul2017-3814622.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/6075/security-advisory-alienvault-v5-2-addresses-55-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972384"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4605"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4604"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/19.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39139"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2658-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.11"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2658-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.19"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4024"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7243"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-7243"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81986"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4025"
      },
      {
        "db": "BID",
        "id": "74904"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4025"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81986"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4025"
      },
      {
        "db": "BID",
        "id": "74904"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4025"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81986"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4025"
      },
      {
        "date": "2015-05-29T00:00:00",
        "db": "BID",
        "id": "74904"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      },
      {
        "date": "2015-06-25T14:18:12",
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "date": "2015-07-07T00:23:34",
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "date": "2015-06-25T14:18:25",
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-06-12T13:17:49",
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "date": "2015-06-10T01:21:58",
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "date": "2015-05-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      },
      {
        "date": "2015-06-09T18:59:07.723000",
        "db": "NVD",
        "id": "CVE-2015-4025"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81986"
      },
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4025"
      },
      {
        "date": "2017-07-21T13:07:00",
        "db": "BID",
        "id": "74904"
      },
      {
        "date": "2015-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      },
      {
        "date": "2019-04-22T17:48:00.643000",
        "db": "NVD",
        "id": "CVE-2015-4025"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP Vulnerabilities in which restrictions on extensions are bypassed",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003051"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-613"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0265
Vulnerability from variot

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. PHP is prone to an integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. 7) - x86_64

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: php security update Advisory ID: RHSA-2015:1218-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1218.html Issue date: 2015-07-09 CVE Names: CVE-2014-9425 CVE-2014-9705 CVE-2014-9709 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash. (CVE-2014-9425)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1177734 - CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy() 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-bcmath-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

x86_64: php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm

ppc64: php-5.3.3-46.el6_6.ppc64.rpm php-cli-5.3.3-46.el6_6.ppc64.rpm php-common-5.3.3-46.el6_6.ppc64.rpm php-debuginfo-5.3.3-46.el6_6.ppc64.rpm php-gd-5.3.3-46.el6_6.ppc64.rpm php-ldap-5.3.3-46.el6_6.ppc64.rpm php-mysql-5.3.3-46.el6_6.ppc64.rpm php-odbc-5.3.3-46.el6_6.ppc64.rpm php-pdo-5.3.3-46.el6_6.ppc64.rpm php-pgsql-5.3.3-46.el6_6.ppc64.rpm php-soap-5.3.3-46.el6_6.ppc64.rpm php-xml-5.3.3-46.el6_6.ppc64.rpm php-xmlrpc-5.3.3-46.el6_6.ppc64.rpm

s390x: php-5.3.3-46.el6_6.s390x.rpm php-cli-5.3.3-46.el6_6.s390x.rpm php-common-5.3.3-46.el6_6.s390x.rpm php-debuginfo-5.3.3-46.el6_6.s390x.rpm php-gd-5.3.3-46.el6_6.s390x.rpm php-ldap-5.3.3-46.el6_6.s390x.rpm php-mysql-5.3.3-46.el6_6.s390x.rpm php-odbc-5.3.3-46.el6_6.s390x.rpm php-pdo-5.3.3-46.el6_6.s390x.rpm php-pgsql-5.3.3-46.el6_6.s390x.rpm php-soap-5.3.3-46.el6_6.s390x.rpm php-xml-5.3.3-46.el6_6.s390x.rpm php-xmlrpc-5.3.3-46.el6_6.s390x.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: php-bcmath-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

ppc64: php-bcmath-5.3.3-46.el6_6.ppc64.rpm php-dba-5.3.3-46.el6_6.ppc64.rpm php-debuginfo-5.3.3-46.el6_6.ppc64.rpm php-devel-5.3.3-46.el6_6.ppc64.rpm php-embedded-5.3.3-46.el6_6.ppc64.rpm php-enchant-5.3.3-46.el6_6.ppc64.rpm php-fpm-5.3.3-46.el6_6.ppc64.rpm php-imap-5.3.3-46.el6_6.ppc64.rpm php-intl-5.3.3-46.el6_6.ppc64.rpm php-mbstring-5.3.3-46.el6_6.ppc64.rpm php-process-5.3.3-46.el6_6.ppc64.rpm php-pspell-5.3.3-46.el6_6.ppc64.rpm php-recode-5.3.3-46.el6_6.ppc64.rpm php-snmp-5.3.3-46.el6_6.ppc64.rpm php-tidy-5.3.3-46.el6_6.ppc64.rpm php-zts-5.3.3-46.el6_6.ppc64.rpm

s390x: php-bcmath-5.3.3-46.el6_6.s390x.rpm php-dba-5.3.3-46.el6_6.s390x.rpm php-debuginfo-5.3.3-46.el6_6.s390x.rpm php-devel-5.3.3-46.el6_6.s390x.rpm php-embedded-5.3.3-46.el6_6.s390x.rpm php-enchant-5.3.3-46.el6_6.s390x.rpm php-fpm-5.3.3-46.el6_6.s390x.rpm php-imap-5.3.3-46.el6_6.s390x.rpm php-intl-5.3.3-46.el6_6.s390x.rpm php-mbstring-5.3.3-46.el6_6.s390x.rpm php-process-5.3.3-46.el6_6.s390x.rpm php-pspell-5.3.3-46.el6_6.s390x.rpm php-recode-5.3.3-46.el6_6.s390x.rpm php-snmp-5.3.3-46.el6_6.s390x.rpm php-tidy-5.3.3-46.el6_6.s390x.rpm php-zts-5.3.3-46.el6_6.s390x.rpm

x86_64: php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: php-bcmath-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

x86_64: php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-9425 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVnsPKXlSAg2UNWIIRAtXEAKC6gknTJ+I/czViSyE71AjUZ1pWSQCgo6ip /jsvmaEr/ag17pZ7M9fXiz4= =vWCv -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2658-1 July 06, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description: - php5: HTML-embedded scripting language interpreter

Details:

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)

Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. (CVE-2015-4022, CVE-2015-4643)

Shusheng Liu discovered that PHP incorrectly handled certain malformed form data. (CVE-2015-4024)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. (CVE-2015-4147)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4644)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.2 php5-cgi 5.6.4+dfsg-4ubuntu6.2 php5-cli 5.6.4+dfsg-4ubuntu6.2 php5-fpm 5.6.4+dfsg-4ubuntu6.2

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.6 php5-cgi 5.5.12+dfsg-2ubuntu4.6 php5-cli 5.5.12+dfsg-2ubuntu4.6 php5-fpm 5.5.12+dfsg-2ubuntu4.6

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.11 php5-cgi 5.5.9+dfsg-1ubuntu4.11 php5-cli 5.5.9+dfsg-1ubuntu4.11 php5-fpm 5.5.9+dfsg-1ubuntu4.11

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.19 php5-cgi 5.3.10-1ubuntu3.19 php5-cli 5.3.10-1ubuntu3.19 php5-fpm 5.3.10-1ubuntu3.19

In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.41-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 5e8d107dba11f8c87693edfdc32f56b7 php-5.4.41-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 24d6895fe6b0e9c88b04ceaccc35383d php-5.4.41-x86_64-1_slack14.0.txz

Slackware 14.1 package: 52011eec3a256a365789562b63e8ba84 php-5.4.41-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 82b75af6253121cab6cc84dd714f554c php-5.4.41-x86_64-1_slack14.1.txz

Slackware -current package: e1c64f133f44b0abac21e0846e39d3c8 n/php-5.6.9-i586-1.txz

Slackware x86_64 -current package: ae51c99af34a4bd8721e7140c38a8c1a n/php-5.6.9-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.4.41-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.

CVE-2015-4024

Denial of service when processing multipart/form-data requests.

For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.41-0+deb7u1.

For the stable distribution (jessie), these problems have been fixed in version 5.6.9+dfsg-0+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 5.6.9+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in version 5.6.9+dfsg-1.

We recommend that you upgrade your php5 packages

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0265",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.37"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.30"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.29"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.17"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.15"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.41"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.40"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.36"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.35"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.34"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.33"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.32"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.31"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.28"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.24"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.23"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.22"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.18"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.16"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.16"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.15"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.14"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.13"
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.10"
      },
      {
        "model": "5.4.0rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "php",
        "version": null
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.27"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.26"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.25"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.19"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.15"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "flex system chassis management module 2pet",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.2"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "model": "php",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.6.9"
      },
      {
        "model": "flex system chassis management module 2pet14c-2.5.5c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74902"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-130"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4022"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.40",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4022"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "maxgeorgspelsberg",
    "sources": [
      {
        "db": "BID",
        "id": "74902"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4022",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-4022",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81983",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4022",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-130",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81983",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-4022",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81983"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-130"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4022"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. PHP is prone to an integer-overflow vulnerability because it fails to adequately  bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP prior to 5.4.41, 5.5.x prior to 5.5.25, and 5.6.x prior to 5.6.9. 7) - x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: php security update\nAdvisory ID:       RHSA-2015:1218-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1218.html\nIssue date:        2015-07-09\nCVE Names:         CVE-2014-9425 CVE-2014-9705 CVE-2014-9709 \n                   CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 \n                   CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 \n                   CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 \n                   CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 \n                   CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1177734 - CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy()\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\nx86_64:\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\n\nppc64:\nphp-5.3.3-46.el6_6.ppc64.rpm\nphp-cli-5.3.3-46.el6_6.ppc64.rpm\nphp-common-5.3.3-46.el6_6.ppc64.rpm\nphp-debuginfo-5.3.3-46.el6_6.ppc64.rpm\nphp-gd-5.3.3-46.el6_6.ppc64.rpm\nphp-ldap-5.3.3-46.el6_6.ppc64.rpm\nphp-mysql-5.3.3-46.el6_6.ppc64.rpm\nphp-odbc-5.3.3-46.el6_6.ppc64.rpm\nphp-pdo-5.3.3-46.el6_6.ppc64.rpm\nphp-pgsql-5.3.3-46.el6_6.ppc64.rpm\nphp-soap-5.3.3-46.el6_6.ppc64.rpm\nphp-xml-5.3.3-46.el6_6.ppc64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.ppc64.rpm\n\ns390x:\nphp-5.3.3-46.el6_6.s390x.rpm\nphp-cli-5.3.3-46.el6_6.s390x.rpm\nphp-common-5.3.3-46.el6_6.s390x.rpm\nphp-debuginfo-5.3.3-46.el6_6.s390x.rpm\nphp-gd-5.3.3-46.el6_6.s390x.rpm\nphp-ldap-5.3.3-46.el6_6.s390x.rpm\nphp-mysql-5.3.3-46.el6_6.s390x.rpm\nphp-odbc-5.3.3-46.el6_6.s390x.rpm\nphp-pdo-5.3.3-46.el6_6.s390x.rpm\nphp-pgsql-5.3.3-46.el6_6.s390x.rpm\nphp-soap-5.3.3-46.el6_6.s390x.rpm\nphp-xml-5.3.3-46.el6_6.s390x.rpm\nphp-xmlrpc-5.3.3-46.el6_6.s390x.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nppc64:\nphp-bcmath-5.3.3-46.el6_6.ppc64.rpm\nphp-dba-5.3.3-46.el6_6.ppc64.rpm\nphp-debuginfo-5.3.3-46.el6_6.ppc64.rpm\nphp-devel-5.3.3-46.el6_6.ppc64.rpm\nphp-embedded-5.3.3-46.el6_6.ppc64.rpm\nphp-enchant-5.3.3-46.el6_6.ppc64.rpm\nphp-fpm-5.3.3-46.el6_6.ppc64.rpm\nphp-imap-5.3.3-46.el6_6.ppc64.rpm\nphp-intl-5.3.3-46.el6_6.ppc64.rpm\nphp-mbstring-5.3.3-46.el6_6.ppc64.rpm\nphp-process-5.3.3-46.el6_6.ppc64.rpm\nphp-pspell-5.3.3-46.el6_6.ppc64.rpm\nphp-recode-5.3.3-46.el6_6.ppc64.rpm\nphp-snmp-5.3.3-46.el6_6.ppc64.rpm\nphp-tidy-5.3.3-46.el6_6.ppc64.rpm\nphp-zts-5.3.3-46.el6_6.ppc64.rpm\n\ns390x:\nphp-bcmath-5.3.3-46.el6_6.s390x.rpm\nphp-dba-5.3.3-46.el6_6.s390x.rpm\nphp-debuginfo-5.3.3-46.el6_6.s390x.rpm\nphp-devel-5.3.3-46.el6_6.s390x.rpm\nphp-embedded-5.3.3-46.el6_6.s390x.rpm\nphp-enchant-5.3.3-46.el6_6.s390x.rpm\nphp-fpm-5.3.3-46.el6_6.s390x.rpm\nphp-imap-5.3.3-46.el6_6.s390x.rpm\nphp-intl-5.3.3-46.el6_6.s390x.rpm\nphp-mbstring-5.3.3-46.el6_6.s390x.rpm\nphp-process-5.3.3-46.el6_6.s390x.rpm\nphp-pspell-5.3.3-46.el6_6.s390x.rpm\nphp-recode-5.3.3-46.el6_6.s390x.rpm\nphp-snmp-5.3.3-46.el6_6.s390x.rpm\nphp-tidy-5.3.3-46.el6_6.s390x.rpm\nphp-zts-5.3.3-46.el6_6.s390x.rpm\n\nx86_64:\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9425\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVnsPKXlSAg2UNWIIRAtXEAKC6gknTJ+I/czViSyE71AjUZ1pWSQCgo6ip\n/jsvmaEr/ag17pZ7M9fXiz4=\n=vWCv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ============================================================================\nUbuntu Security Notice USN-2658-1\nJuly 06, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n\nSoftware Description:\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nNeal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL\nbytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled\nfilenames starting with a NULL byte. (CVE-2015-4022,\nCVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed form\ndata. (CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\ndata types. (CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\nthat the uri property is a string. A remote attacker could possibly use these issues to\nobtain sensitive information or cause a denial of service. This issue only affected Ubuntu\n15.04. (CVE-2015-4644)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libapache2-mod-php5             5.6.4+dfsg-4ubuntu6.2\n  php5-cgi                        5.6.4+dfsg-4ubuntu6.2\n  php5-cli                        5.6.4+dfsg-4ubuntu6.2\n  php5-fpm                        5.6.4+dfsg-4ubuntu6.2\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.6\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.6\n  php5-cli                        5.5.12+dfsg-2ubuntu4.6\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.6\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.11\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.11\n  php5-cli                        5.5.9+dfsg-1ubuntu4.11\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.11\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.19\n  php5-cgi                        5.3.10-1ubuntu3.19\n  php5-cli                        5.3.10-1ubuntu3.19\n  php5-fpm                        5.3.10-1ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.41-i486-1_slack14.1.txz:  Upgraded. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n5e8d107dba11f8c87693edfdc32f56b7  php-5.4.41-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n24d6895fe6b0e9c88b04ceaccc35383d  php-5.4.41-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n52011eec3a256a365789562b63e8ba84  php-5.4.41-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n82b75af6253121cab6cc84dd714f554c  php-5.4.41-x86_64-1_slack14.1.txz\n\nSlackware -current package:\ne1c64f133f44b0abac21e0846e39d3c8  n/php-5.6.9-i586-1.txz\n\nSlackware x86_64 -current package:\nae51c99af34a4bd8721e7140c38a8c1a  n/php-5.6.9-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.41-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n\nCVE-2015-4024\n\n    Denial of service when processing multipart/form-data requests. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1. \n\nWe recommend that you upgrade your php5 packages",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      },
      {
        "db": "BID",
        "id": "74902"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81983"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4022"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4022",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "74902",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032433",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003049",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-130",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-81983",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4022",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132440",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132531",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132442",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132284",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132198",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81983"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4022"
      },
      {
        "db": "BID",
        "id": "74902"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-130"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4022"
      }
    ]
  },
  "id": "VAR-201506-0265",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81983"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:46:59.847000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "Sec Bug #69545",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69545"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "TLSA-2015-15",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-15j.html"
      },
      {
        "title": "php-src-php-5.5.25",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56181"
      },
      {
        "title": "php-src-php-5.5.25",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56180"
      },
      {
        "title": "php-src-php-5.6.9",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56183"
      },
      {
        "title": "php-src-php-5.6.9",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56182"
      },
      {
        "title": "php-src-php-5.4.41",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56179"
      },
      {
        "title": "Debian Security Advisories: DSA-3280-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=46f85ac4e3abfa7a18e115fb47892db6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-535",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-535"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-534",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-534"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-536",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-536"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2658-1"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-4022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-130"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4022"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=69545"
      },
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1186.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/74902"
      },
      {
        "trust": 1.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "http://www.debian.org/security/2015/dsa-3280"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158616.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/159031.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158915.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1219.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1032433"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4022"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4022"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.oracle.com/technetwork/topics/security/bulletinjul2017-3814622.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/6075/security-advisory-alienvault-v5-2-addresses-55-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098669"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4605"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4604"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4604"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3330"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4605"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4025"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/189.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39498"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2658-1/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.11"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2658-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.19"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4024"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2325"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7243"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-7243"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2326"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81983"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4022"
      },
      {
        "db": "BID",
        "id": "74902"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-130"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4022"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81983"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4022"
      },
      {
        "db": "BID",
        "id": "74902"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      },
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-130"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4022"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81983"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4022"
      },
      {
        "date": "2015-05-14T00:00:00",
        "db": "BID",
        "id": "74902"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      },
      {
        "date": "2015-06-25T14:18:12",
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "date": "2015-07-09T23:16:17",
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "date": "2015-07-07T00:23:34",
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "date": "2015-06-25T14:18:25",
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-06-12T13:17:49",
        "db": "PACKETSTORM",
        "id": "132284"
      },
      {
        "date": "2015-06-10T01:21:58",
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "date": "2015-06-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-130"
      },
      {
        "date": "2015-06-09T18:59:05.833000",
        "db": "NVD",
        "id": "CVE-2015-4022"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81983"
      },
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4022"
      },
      {
        "date": "2017-07-21T13:07:00",
        "db": "BID",
        "id": "74902"
      },
      {
        "date": "2015-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-130"
      },
      {
        "date": "2019-04-22T17:48:00.643000",
        "db": "NVD",
        "id": "CVE-2015-4022"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132440"
      },
      {
        "db": "PACKETSTORM",
        "id": "132531"
      },
      {
        "db": "PACKETSTORM",
        "id": "132442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-130"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/ftp/ftp.c of  ftp_genlist Integer overflow vulnerability in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003049"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-130"
      }
    ],
    "trust": 0.6
  }
}

var-202102-1477
Vulnerability from variot

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. PHP Has NULL A pointer dereference vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A security issue was found in PHP prior to 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV whenever an XML is provided to the SoapClient query() function without an existing field. The issue is fixed in versions 8.0.2, 7.4.15 and 7.3.27. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-23


                                        https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: May 26, 2021 Bugs: #764314, #768756, #788892 ID: 202105-23


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition.

Background

PHP is an open source general-purpose scripting language that is especially suited for web development.

Affected packages

 -------------------------------------------------------------------
  Package              /     Vulnerable     /            Unaffected
 -------------------------------------------------------------------

1 dev-lang/php < 8.0.6 >= 7.3.28:7.3 >= 7.4.19:7.4 >= 8.0.6:8.0

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers and bugs referenced below for details.

Impact

Please review the referenced CVE identifiers and bugs for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 7.3.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.28:7.3"

All PHP 7.4.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.19:7.4"

All PHP 8.0.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-8.0.6:8.0"

References

[ 1 ] CVE-2020-7071 https://nvd.nist.gov/vuln/detail/CVE-2020-7071 [ 2 ] CVE-2021-21702 https://nvd.nist.gov/vuln/detail/CVE-2021-21702

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202105-23

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5006-1 July 07, 2021

php7.2, php7.4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 21.04
  • Ubuntu 20.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in PHP. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7068)

It was discovered that PHP incorrectly handled parsing URLs with passwords. A remote attacker could possibly use this issue to cause PHP to mis-parse the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-21702)

It was discovered that PHP incorrectly handled the pdo_firebase module. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2021-21704)

It was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL check. A remote attacker could possibly use this issue to perform a server- side request forgery attack. (CVE-2021-21705)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04: libapache2-mod-php7.4 7.4.16-1ubuntu2.1 php7.4-cgi 7.4.16-1ubuntu2.1 php7.4-cli 7.4.16-1ubuntu2.1 php7.4-fpm 7.4.16-1ubuntu2.1

Ubuntu 20.10: libapache2-mod-php7.4 7.4.9-1ubuntu1.2 php7.4-cgi 7.4.9-1ubuntu1.2 php7.4-cli 7.4.9-1ubuntu1.2 php7.4-fpm 7.4.9-1ubuntu1.2

Ubuntu 20.04 LTS: libapache2-mod-php7.4 7.4.3-4ubuntu2.5 php7.4-cgi 7.4.3-4ubuntu2.5 php7.4-cli 7.4.3-4ubuntu2.5 php7.4-fpm 7.4.3-4ubuntu2.5

Ubuntu 18.04 LTS: libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.8 php7.2-cgi 7.2.24-0ubuntu0.18.04.8 php7.2-cli 7.2.24-0ubuntu0.18.04.8 php7.2-fpm 7.2.24-0ubuntu0.18.04.8

In general, a standard system update will make all the necessary changes. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2021:2992-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2992 Issue date: 2021-08-03 CVE Names: CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21705 ==================================================================== 1. Summary:

An update for rh-php73-php is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.29). (BZ#1977764)

Security Fix(es):

  • php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069)

  • php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071)

  • php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)

  • php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068)

  • php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070)

  • php: NULL pointer dereference in SoapClient (CVE-2021-21702)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function 1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV 1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server 1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo 1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient 1977764 - PDO ODBC truncates BLOB records at every 256th byte [rhscl-3.7.z] 1978755 - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-php73-php-7.3.29-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source: rh-php73-php-7.3.29-1.el7.src.rpm

ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm

s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm

x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-php73-php-7.3.29-1.el7.src.rpm

x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-7068 https://access.redhat.com/security/cve/CVE-2020-7069 https://access.redhat.com/security/cve/CVE-2020-7070 https://access.redhat.com/security/cve/CVE-2020-7071 https://access.redhat.com/security/cve/CVE-2021-21702 https://access.redhat.com/security/cve/CVE-2021-21705 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYQkJj9zjgjWX9erEAQgi0w/9HBV5SuB3M7vK1ssSWffk2HuyWHLVm+wV Wy96rIvzD1KrNeLTn3HAByHCIgHew6KD1mnoEawc5DItVY6oRlfW8ldX2P8fsk0C 2xzmNy8jAzA0BjYZeYXfMQROpqiqCQVkPhAfeeWaVxn6jRH28oSwmF2U60HOoqLW tWsNmX+kyzWdUhvDSJ2Z/pmftpvWgR8m2hbQDiNF6j7VTUcBB5Ft1CZ5AH5TFkO2 T/35iXqS3imgf6MVfS4fIZHmK7j59B93xv4XCLbsoFJ+YLrzESu1xouZOsU0REdw AGHnGQX/37DcBm3qdMH3DE0aBltk2AgzKdhwxG+gAREVVA2seeJSS9u6N368FSIW 4Q1mLY0bQtdXc9XjmbTnA5sorQoeMdoM8P5DRxvGPG7armFisdhqqNuymcVTmwvz obgIIpuhM1ZOWrMZ5MyWTMKM1/5YdZk1F5wUgto1/DdTfeBOy/grNR1FKSiFcWYH x85ziJdRZK4nQmTeMIXLQvv9ZsDS4k1eRfil9Sq7WQdPjlm1mwYyhdAay/dNSdtd WCruH54kv/dZlv52jZqC1Fr7IzQY48Y2pvknRmCJgitHum6WaKkjaQC+iKR/N0wq ZzINH2j1osQ381u+uJc4wYPHIFw/oWOosDWiuUYX+4oO7+0lAuEYQltmN5qF3z25 OwqKXJAGJYo=waMi -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

For the stable distribution (buster), these problems have been fixed in version 7.3.27-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8 TjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef PCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH DAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3 AWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl 8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv /lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY YDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En vzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR 0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd 622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX lbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ= =9Q7e -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-1477",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.15"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.5.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.27"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "8.0.2"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "8.0.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "clustered data ontap",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "php",
        "scope": null,
        "trust": 0.8,
        "vendor": "the php group",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21702"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.27",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.15",
                "versionStartIncluding": "7.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.2",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.0",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-21702"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163491"
      },
      {
        "db": "PACKETSTORM",
        "id": "163432"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2021-21702",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-21702",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-380106",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security@php.net",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-21702",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-21702",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security@php.net",
            "id": "CVE-2021-21702",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-409",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-380106",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-21702",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-380106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21702"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21702"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-409"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. PHP Has NULL A pointer dereference vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A security issue was found in PHP prior to 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV whenever an XML is provided to the SoapClient query() function without an existing field. The issue is fixed in versions 8.0.2, 7.4.15 and 7.3.27. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202105-23\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Normal\n     Title: PHP: Multiple vulnerabilities\n      Date: May 26, 2021\n      Bugs: #764314, #768756, #788892\n        ID: 202105-23\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nPHP is an open source general-purpose scripting language that is\nespecially suited for web development. \n\nAffected packages\n=================\n\n     -------------------------------------------------------------------\n      Package              /     Vulnerable     /            Unaffected\n     -------------------------------------------------------------------\n   1  dev-lang/php                 \u003c 8.0.6               \u003e= 7.3.28:7.3\n                                                         \u003e= 7.4.19:7.4\n                                                          \u003e= 8.0.6:8.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers and bugs referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers and bugs for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 7.3.x users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.3.28:7.3\"\n\nAll PHP 7.4.x users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.4.19:7.4\"\n\nAll PHP 8.0.x users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-8.0.6:8.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-7071\n       https://nvd.nist.gov/vuln/detail/CVE-2020-7071\n[ 2 ] CVE-2021-21702\n       https://nvd.nist.gov/vuln/detail/CVE-2021-21702\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  https://security.gentoo.org/glsa/202105-23\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5006-1\nJuly 07, 2021\n\nphp7.2, php7.4 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. A remote\nattacker could possibly use this issue to cause PHP to crash, resulting in\na denial of service, or possibly obtain sensitive information. This issue\nonly affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7068)\n\nIt was discovered that PHP incorrectly handled parsing URLs with passwords. \nA remote attacker could possibly use this issue to cause PHP to mis-parse\nthe URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS, and Ubuntu 20.10. A remote attacker could possibly\nuse this issue to cause PHP to crash, resulting in a denial of service. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu\n20.10. (CVE-2021-21702)\n\nIt was discovered that PHP incorrectly handled the pdo_firebase module. A\nremote attacker could possibly use this issue to cause PHP to crash,\nresulting in a denial of service. (CVE-2021-21704)\n\nIt was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL\ncheck. A remote attacker could possibly use this issue to perform a server-\nside request forgery attack. (CVE-2021-21705)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n  libapache2-mod-php7.4           7.4.16-1ubuntu2.1\n  php7.4-cgi                      7.4.16-1ubuntu2.1\n  php7.4-cli                      7.4.16-1ubuntu2.1\n  php7.4-fpm                      7.4.16-1ubuntu2.1\n\nUbuntu 20.10:\n  libapache2-mod-php7.4           7.4.9-1ubuntu1.2\n  php7.4-cgi                      7.4.9-1ubuntu1.2\n  php7.4-cli                      7.4.9-1ubuntu1.2\n  php7.4-fpm                      7.4.9-1ubuntu1.2\n\nUbuntu 20.04 LTS:\n  libapache2-mod-php7.4           7.4.3-4ubuntu2.5\n  php7.4-cgi                      7.4.3-4ubuntu2.5\n  php7.4-cli                      7.4.3-4ubuntu2.5\n  php7.4-fpm                      7.4.3-4ubuntu2.5\n\nUbuntu 18.04 LTS:\n  libapache2-mod-php7.2           7.2.24-0ubuntu0.18.04.8\n  php7.2-cgi                      7.2.24-0ubuntu0.18.04.8\n  php7.2-cli                      7.2.24-0ubuntu0.18.04.8\n  php7.2-fpm                      7.2.24-0ubuntu0.18.04.8\n\nIn general, a standard system update will make all the necessary changes. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: rh-php73-php security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2021:2992-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2992\nIssue date:        2021-08-03\nCVE Names:         CVE-2020-7068 CVE-2020-7069 CVE-2020-7070\n                   CVE-2020-7071 CVE-2021-21702 CVE-2021-21705\n====================================================================\n1. Summary:\n\nAn update for rh-php73-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nThe following packages have been upgraded to a later upstream version:\nrh-php73-php (7.3.29). (BZ#1977764)\n\nSecurity Fix(es):\n\n* php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV\n(CVE-2020-7069)\n\n* php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo\n(CVE-2020-7071)\n\n* php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)\n\n* php: Use of freed hash key in the phar_parse_zipfile function\n(CVE-2020-7068)\n\n* php: URL decoding of cookie names can lead to different interpretation of\ncookies between browser and server (CVE-2020-7070)\n\n* php: NULL pointer dereference in SoapClient (CVE-2021-21702)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function\n1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV\n1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server\n1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo\n1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient\n1977764 - PDO ODBC truncates BLOB records at every 256th byte [rhscl-3.7.z]\n1978755 - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.29-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.29-1.el7.s390x.rpm\nrh-php73-php-common-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.29-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.29-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.29-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.29-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.29-1.el7.s390x.rpm\nrh-php73-php-json-7.3.29-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm\nrh-php73-php-process-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.29-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.29-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.29-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.29-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.29-1.el7.s390x.rpm\nrh-php73-php-common-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.29-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.29-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.29-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.29-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.29-1.el7.s390x.rpm\nrh-php73-php-json-7.3.29-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm\nrh-php73-php-process-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.29-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.29-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.29-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-7068\nhttps://access.redhat.com/security/cve/CVE-2020-7069\nhttps://access.redhat.com/security/cve/CVE-2020-7070\nhttps://access.redhat.com/security/cve/CVE-2020-7071\nhttps://access.redhat.com/security/cve/CVE-2021-21702\nhttps://access.redhat.com/security/cve/CVE-2021-21705\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYQkJj9zjgjWX9erEAQgi0w/9HBV5SuB3M7vK1ssSWffk2HuyWHLVm+wV\nWy96rIvzD1KrNeLTn3HAByHCIgHew6KD1mnoEawc5DItVY6oRlfW8ldX2P8fsk0C\n2xzmNy8jAzA0BjYZeYXfMQROpqiqCQVkPhAfeeWaVxn6jRH28oSwmF2U60HOoqLW\ntWsNmX+kyzWdUhvDSJ2Z/pmftpvWgR8m2hbQDiNF6j7VTUcBB5Ft1CZ5AH5TFkO2\nT/35iXqS3imgf6MVfS4fIZHmK7j59B93xv4XCLbsoFJ+YLrzESu1xouZOsU0REdw\nAGHnGQX/37DcBm3qdMH3DE0aBltk2AgzKdhwxG+gAREVVA2seeJSS9u6N368FSIW\n4Q1mLY0bQtdXc9XjmbTnA5sorQoeMdoM8P5DRxvGPG7armFisdhqqNuymcVTmwvz\nobgIIpuhM1ZOWrMZ5MyWTMKM1/5YdZk1F5wUgto1/DdTfeBOy/grNR1FKSiFcWYH\nx85ziJdRZK4nQmTeMIXLQvv9ZsDS4k1eRfil9Sq7WQdPjlm1mwYyhdAay/dNSdtd\nWCruH54kv/dZlv52jZqC1Fr7IzQY48Y2pvknRmCJgitHum6WaKkjaQC+iKR/N0wq\nZzINH2j1osQ381u+uJc4wYPHIFw/oWOosDWiuUYX+4oO7+0lAuEYQltmN5qF3z25\nOwqKXJAGJYo=waMi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.27-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8\nTjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef\nPCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH\nDAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3\nAWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl\n8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv\n/lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY\nYDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En\nvzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR\n0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd\n622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX\nlbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ=\n=9Q7e\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-21702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-380106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21702"
      },
      {
        "db": "PACKETSTORM",
        "id": "162799"
      },
      {
        "db": "PACKETSTORM",
        "id": "163491"
      },
      {
        "db": "PACKETSTORM",
        "id": "163432"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-21702",
        "trust": 3.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-14",
        "trust": 2.5
      },
      {
        "db": "PACKETSTORM",
        "id": "164839",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162799",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "163432",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "163491",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003789",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-409",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "163727",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0704",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2366",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3787",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0956",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2608",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0651",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6055",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2410",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2515",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0608",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0619",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080321",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052618",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072292",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-380106",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21702",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168990",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-380106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      },
      {
        "db": "PACKETSTORM",
        "id": "162799"
      },
      {
        "db": "PACKETSTORM",
        "id": "163491"
      },
      {
        "db": "PACKETSTORM",
        "id": "163432"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21702"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-409"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "id": "VAR-202102-1477",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-380106"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:06:24.020000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NTAP-20210312-0005 The\u00a0PHP\u00a0GroupPHP\u00a0Bugs",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202102-14] php7: denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202102-14"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202102-15] php: denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202102-15"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202102-16] php: denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202102-16"
      },
      {
        "title": "Debian Security Advisories: DSA-4856-1 php7.3 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=02a4cb271948bb2c8ad70e07948c2253"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-21702 log"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-14"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-21702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.1
      },
      {
        "problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-380106"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21702"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.tenable.com/security/tns-2021-14"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21702"
      },
      {
        "trust": 1.9,
        "url": "https://www.debian.org/security/2021/dsa-4856"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202105-23"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=80672"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7071"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-null-pointer-dereference-via-soapclient-34488"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0608"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0619"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2608"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164839/red-hat-security-advisory-2021-4213-03.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163727/red-hat-security-advisory-2021-2992-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0956"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0704"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162799/gentoo-linux-security-advisory-202105-23.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0651"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3787"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2366"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2410"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6055"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052618"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080321"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163432/ubuntu-security-notice-usn-5006-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163491/ubuntu-security-notice-usn-5006-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7068"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21705"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7069"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7070"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-5006-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21704"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7070"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7069"
      },
      {
        "trust": 0.2,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21702"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7071"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7068"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/476.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/asa-202102-14"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2021-21702"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5006-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.16-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.9-1ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4213"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2992"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.3"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-380106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      },
      {
        "db": "PACKETSTORM",
        "id": "162799"
      },
      {
        "db": "PACKETSTORM",
        "id": "163491"
      },
      {
        "db": "PACKETSTORM",
        "id": "163432"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21702"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-409"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-380106"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      },
      {
        "db": "PACKETSTORM",
        "id": "162799"
      },
      {
        "db": "PACKETSTORM",
        "id": "163491"
      },
      {
        "db": "PACKETSTORM",
        "id": "163432"
      },
      {
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21702"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-409"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-380106"
      },
      {
        "date": "2021-02-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-21702"
      },
      {
        "date": "2021-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      },
      {
        "date": "2021-05-26T17:27:04",
        "db": "PACKETSTORM",
        "id": "162799"
      },
      {
        "date": "2021-07-14T14:58:12",
        "db": "PACKETSTORM",
        "id": "163491"
      },
      {
        "date": "2021-07-07T16:15:26",
        "db": "PACKETSTORM",
        "id": "163432"
      },
      {
        "date": "2021-11-10T17:05:06",
        "db": "PACKETSTORM",
        "id": "164839"
      },
      {
        "date": "2021-08-03T14:47:43",
        "db": "PACKETSTORM",
        "id": "163727"
      },
      {
        "date": "2021-02-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "168990"
      },
      {
        "date": "2021-02-15T04:15:12.673000",
        "db": "NVD",
        "id": "CVE-2021-21702"
      },
      {
        "date": "2021-02-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-409"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-380106"
      },
      {
        "date": "2021-07-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-21702"
      },
      {
        "date": "2021-11-04T08:52:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      },
      {
        "date": "2021-12-10T17:58:26.910000",
        "db": "NVD",
        "id": "CVE-2021-21702"
      },
      {
        "date": "2022-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-409"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163491"
      },
      {
        "db": "PACKETSTORM",
        "id": "163432"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-409"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003789"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-409"
      }
    ],
    "trust": 0.6
  }
}

jvndb-2008-000084
Vulnerability from jvndb
Published
2008-12-19 15:37
Modified
2010-10-19 17:40
Severity ?
() - -
Summary
PHP vulnerable to cross-site scripting
Details
PHP contains a cross-site scripting vulnerability. PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors. Tomoki Sanaki of International Network Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html",
  "dc:date": "2010-10-19T17:40+09:00",
  "dcterms:issued": "2008-12-19T15:37+09:00",
  "dcterms:modified": "2010-10-19T17:40+09:00",
  "description": "PHP contains a cross-site scripting vulnerability.\r\n\r\nPHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors.\r\n\r\nTomoki Sanaki of International Network Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:php:php",
      "@product": "PHP",
      "@vendor": "The PHP Group",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
      "@product": "Turbolinux Appliance Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_client",
      "@product": "Turbolinux Client",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000084",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN50327700/index.html",
      "@id": "JVN#50327700",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5814",
      "@id": "CVE-2008-5814",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5814",
      "@id": "CVE-2008-5814",
      "@source": "NVD"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000084.html",
      "@id": "JVNDB-2008-000084 ",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "PHP vulnerable to cross-site scripting"
}

jvndb-2015-000101
Vulnerability from jvndb
Published
2015-07-17 14:44
Modified
2016-05-19 17:43
Severity ?
() - -
Summary
PHP for Windows vulnerable to OS command injection
Details
PHP for Windows contains an OS command injection due to a processing flaw in the escapeshellarg function. Masahiro Yamada reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
The PHP GroupPHP
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000101.html",
  "dc:date": "2016-05-19T17:43+09:00",
  "dcterms:issued": "2015-07-17T14:44+09:00",
  "dcterms:modified": "2016-05-19T17:43+09:00",
  "description": "PHP for Windows contains an OS command injection due to a processing flaw in the escapeshellarg function.\r\n\r\nMasahiro Yamada reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000101.html",
  "sec:cpe": {
    "#text": "cpe:/a:php:php",
    "@product": "PHP",
    "@vendor": "The PHP Group",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000101",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN73568461/index.html",
      "@id": "JVN#73568461",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642",
      "@id": "CVE-2015-4642",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4642",
      "@id": "CVE-2015-4642",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/ciadr/vul/20150717-jvn.html",
      "@id": "Security Alert for Vulnerability in PHP for Windows (JVN#73568461)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "PHP for Windows vulnerable to OS command injection"
}