var-201503-0206
Vulnerability from variot
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. PHP of phar_object.c of phar_rename_archive Function uses freed memory (Use-after-free) Service disruption (DoS) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A use-after-free vulnerability exists in the 'phar_rename_archive' function in the phar_object.c file of PHP 5.5.21 and prior versions and 5.6.x versions prior to 5.6.6.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. Please note that this package build also moves the configuration files from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz
Slackware 14.1 package: 9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz
Slackware -current package: 30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz
Slackware x86_64 -current package: 1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg php-5.4.40-i486-1_slack14.1.txz
Then, restart Apache httpd:
/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
OS X El Capitan 10.11 is now available and addresses the following:
Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issue existed in Address Book framework's handling of an environment variable. This issue was addressed through improved environment variable handling. CVE-ID CVE-2015-5897 : Dan Bastone of Gotham Digital Science
AirScan Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connection Description: An issue existed in the processing of eSCL packets. This issue was addressed through improved validation checks. CVE-ID CVE-2015-5853 : an anonymous researcher
apache_mod_php Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution. This issue was addressed by updating PHP to version 5.5.27. CVE-ID CVE-2014-9425 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330
Apple Online Store Kit Available for: Mac OS X v10.6.8 and later Impact: A malicious application may gain access to a user's keychain items Description: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University
AppleEvents Available for: Mac OS X v10.6.8 and later Impact: A user connected through screen sharing can send Apple Events to a local user's session Description: An issue existed with Apple Event filtering that allowed some users to send events to other users. This was addressed by improved Apple Event handling. CVE-ID CVE-2015-5849 : Jack Lawrence (@_jackhl)
Audio Available for: Mac OS X v10.6.8 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
bash Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in bash Description: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. These issues were addressed by updating bash version 3.2 to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187
Certificate Trust Policy Available for: Mac OS X v10.6.8 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.
CFNetwork Cookies Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork FTPProtocol Available for: Mac OS X v10.6.8 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in the handling of FTP packets when using the PASV command. This issue was resolved through improved validation. CVE-ID CVE-2015-5912 : Amit Klein
CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A maliciously crafted URL may be able to bypass HSTS and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
CFNetwork Proxies Available for: Mac OS X v10.6.8 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.
CoreCrypto Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.
CoreText Available for: Mac OS X v10.6.8 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Dev Tools Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash
Dev Tools Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam
Disk Images Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco
dyld Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : TaiG Jailbreak Team
EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious application can prevent some systems from booting Description: An issue existed with the addresses covered by the protected range register. This issue was fixed by changing the protected range. CVE-ID CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore
EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashing Description: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare
Finder Available for: Mac OS X v10.6.8 and later Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option. CVE-ID CVE-2015-5901 : Apple
Game Center Available for: Mac OS X v10.6.8 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser
Heimdal Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to replay Kerberos credentials to the SMB server Description: An authentication issue existed in Kerberos credentials. This issue was addressed through additional validation of credentials using a list of recently seen credentials. CVE-ID CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu Fan of Microsoft Corporation, China
ICU Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2014-8147 CVE-2015-5922
Install Framework Legacy Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to gain root privileges Description: A restriction issue existed in the Install private framework containing a privileged executable. This issue was addressed by removing the executable. CVE-ID CVE-2015-5888 : Apple
Intel Graphics Driver Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in the Intel Graphics Driver. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5830 : Yuki MIZUNO (@mzyy94) CVE-2015-5877 : Camillus Gerard Cai
IOAudioFamily Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOAudioFamily that led to the disclosure of kernel memory content. This issue was addressed by permuting kernel pointers. CVE-ID CVE-2015-5864 : Luca Todesco
IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5871 : Ilja van Sprundel of IOActive CVE-2015-5872 : Ilja van Sprundel of IOActive CVE-2015-5873 : Ilja van Sprundel of IOActive CVE-2015-5890 : Ilja van Sprundel of IOActive
IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOGraphics which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-5865 : Luca Todesco
IOHIDFamily Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5866 : Apple CVE-2015-5867 : moony li of Trend Micro
IOStorageFamily Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive
Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the Kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG
Kernel Available for: Mac OS X v10.6.8 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through additional entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel Available for: Mac OS X v10.6.8 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. These issues were addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser
Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issue was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney
Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in the handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory layout. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash
Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in debugging interfaces that led to the disclosure of memory content. This issue was addressed by sanitizing output from debugging interfaces. CVE-ID CVE-2015-5870 : Apple
Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to cause a system denial of service Description: A state management issue existed in debugging functionality. This issue was addressed through improved validation. CVE-ID CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team
libc Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation
libpthread Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
libxpc Available for: Mac OS X v10.6.8 and later Impact: Many SSH connections could cause a denial of service Description: launchd had no limit on the number of processes that could be started by a network connection. This issue was addressed by limiting the number of SSH processes to 40. CVE-ID CVE-2015-5881 : Apple
Login Window Available for: Mac OS X v10.6.8 and later Impact: The screen lock may not engage after the specified time period Description: An issue existed with captured display locking. The issue was addressed through improved lock handling. CVE-ID CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher
lukemftpd Available for: Mac OS X v10.6.8 and later Impact: A remote attacker may be able to deny service to the FTP server Description: A glob-processing issue existed in tnftpd. This issue was addressed through improved glob validation. CVE-ID CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com
Mail Available for: Mac OS X v10.6.8 and later Impact: Printing an email may leak sensitive user information Description: An issue existed in Mail which bypassed user preferences when printing an email. This issue was addressed through improved user preference enforcement. CVE-ID CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners
Mail Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position may be able to intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop Description: An issue existed in handling encryption parameters for large email attachments sent via Mail Drop. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail. CVE-ID CVE-2015-5884 : John McCombs of Integrated Mapping Ltd
Multipeer Connectivity Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
NetworkExtension Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd
Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: An issue existed in parsing links in the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher
Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: A cross-site scripting issue existed in parsing text by the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
OpenSSH Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSH Description: Multiple vulnerabilities existed in OpenSSH versions prior to 6.9. These issues were addressed by updating OpenSSH to version 6.9. CVE-ID CVE-2014-2532
OpenSSL Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287
procmail Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in procmail Description: Multiple vulnerabilities existed in procmail versions prior to 3.22. These issues were addressed by removing procmail. CVE-ID CVE-2014-3618
remote_cmds Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with root privileges Description: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary. CVE-ID CVE-2015-5889 : Philip Pettersson
removefile Available for: Mac OS X v10.6.8 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher
Ruby Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in Ruby Description: Multiple vulnerabilities existed in Ruby versions prior to 2.0.0p645. These were addressed by updating Ruby to version 2.0.0p645. CVE-ID CVE-2014-8080 CVE-2014-8090 CVE-2015-1855
Security Available for: Mac OS X v10.6.8 and later Impact: The lock state of the keychain may be incorrectly displayed to the user Description: A state management issue existed in the way keychain lock status was tracked. This issue was addressed through improved state management. CVE-ID CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple
Security Available for: Mac OS X v10.6.8 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-5894 : Hannes Oud of kWallet GmbH
Security Available for: Mac OS X v10.6.8 and later Impact: A remote server may prompt for a certificate before identifying itself Description: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. This issue was addressed by requiring the ServerKeyExchange first. CVE-ID CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute
SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5891 : Ilja van Sprundel of IOActive
SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in SMBClient that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5893 : Ilja van Sprundel of IOActive
SQLite Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-3414 CVE-2015-3415 CVE-2015-3416
Telephony Available for: Mac OS X v10.6.8 and later Impact: A local attacker can place phone calls without the user's knowledge when using Continuity Description: An issue existed in the authorization checks for placing phone calls. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-3785 : Dan Bastone of Gotham Digital Science
Terminal Available for: Mac OS X v10.6.8 and later Impact: Maliciously crafted text could mislead the user in Terminal Description: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. This issue was addressed by suppressing bidirectional override characters in Terminal. CVE-ID CVE-2015-5883 : an anonymous researcher
tidy Available for: Mac OS X v10.6.8 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in tidy. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com
Time Machine Available for: Mac OS X v10.6.8 and later Impact: A local attacker may gain access to keychain items Description: An issue existed in backups by the Time Machine framework. This issue was addressed through improved coverage of Time Machine backups. CVE-ID CVE-2015-5854 : Jonas Magazinius of Assured AB
Note: OS X El Capitan 10.11 includes the security content of Safari 9: https://support.apple.com/kb/HT205265.
OS X El Capitan 10.11 may be obtained from the Mac App Store: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO /hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6 QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54 YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR 8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1 nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e g6jld/w5tPuCFhGucE7Z =XciV -----END PGP SIGNATURE----- .
Release Date: 2015-06-10 Last Updated: 2015-06-10
Potential Security Impact: Remote denial of service (DoS), man-in-the-middle (MitM) attack, modification of data, local modification of data
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities.
References:
CVE-2013-5704 - Apache: Permissions, Privileges, and Access Control (CWE-264)
CVE-2014-0118 - Apache: Resource Management Errors (CWE-399)
CVE-2014-0226 - Apache: Race Conditions (CWE-362)
CVE-2014-0227 - Tomcat: Data Handling (CWE-19)
CVE-2014-0231 - PHP: Resource Management Errors (CWE-399)
CVE-2014-8142 - PHP: Use After Free (CWE-416)
CVE-2014-9709 - PHP: Buffer Errors (CWE-119)
CVE-2015-0231 - PHP: Use After Free (CWE-416)
CVE-2015-0273 - PHP: Use After Free (CWE-416)
CVE-2015-1352 - PHP: Null Pointer Dereference (CWE-476)
CVE-2015-2301 - PHP: Use After Free (CWE-416)
CVE-2015-2305 - PHP: Numeric Errors (CWE-189)
CVE-2015-2331 - PHP: Numeric Errors (CWE-189)
CVE-2015-2783 - PHP: Buffer Errors (CWE-119)
SSRT102066
SSRT102067
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running HP-UX Apache Web Server Suite v4.04 or earlier
HP-UX B.11.31 running HP-UX Apache Web Server v2.2.15.22 or earlier
HP-UX B.11.31 running Tomcat Servlet Engine v6.0.39.03 or earlier
HP-UX B.11.31 running PHP v5.4.11.04 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-5704 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0227 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9709 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-1352 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2305 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2783 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerabilities.
The updates are available for download from http://software.hp.com
NOTE: HP-UX Web Server Suite v4.05 HPUXWSATW405 contains Apache v2.2.29.01, Tomcat Servlet Engine 6.0.43.01, PHP 5.4.40.01, and Webmin v1.070.13
HP-UX 11i Release Apache Depot name
B.11.31 (11i v3 32-bit) HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot
B.11.31 (11i v3 64-bit) HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot
MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v4.05 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.29.01 or subsequent
hpuxws22TOMCAT.TOMCAT action: install revision C.6.0.43.01 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 10 June 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlV4nnEACgkQ4B86/C0qfVnNlgCg3gDsUsP86K+UwNjIqDPPvzlX ko0An3qKeH/kCmzlb7g2jHIv90x5L9cO =rrIH -----END PGP SIGNATURE----- .
Background
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
References
[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-10
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:079 http://www.mandriva.com/en/support/security/
Package : php Date : March 28, 2015 Affected: Business Server 1.0
Problem Description:
Multiple vulnerabilities has been discovered and corrected in php:
S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding.
Taoguang Chen discovered that PHP incorrectly handled unserializing objects.
It was discovered that PHP incorrectly handled memory in the phar extension. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231).
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code (CVE-2015-2331).
It was discovered that the PHP opcache component incorrectly handled memory.
It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. The libzip packages has been patched to address the CVE-2015-2331 flaw.
Additionally the php-xdebug package has been upgraded to the latest 2.3.2 and the PECL packages which requires so has been rebuilt for php-5.5.23.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://php.net/ChangeLog-5.php#5.5.22 http://php.net/ChangeLog-5.php#5.5.23 http://www.ubuntu.com/usn/usn-2535-1/ http://www.ubuntu.com/usn/usn-2501-1/ https://bugzilla.redhat.com/show_bug.cgi?id=1204676
Updated Packages:
Mandriva Business Server 1/X86_64: 3c1e2ab81c1731c63a99a4a7c66d48d3 mbs1/x86_64/apache-mod_php-5.5.23-1.mbs1.x86_64.rpm 6a12e93ebf52d6cb505652cb919b73c3 mbs1/x86_64/lib64php5_common5-5.5.23-1.mbs1.x86_64.rpm 92ae97e82c0bae091c65847f672f0369 mbs1/x86_64/lib64zip2-0.10.1-2.1.mbs1.x86_64.rpm ac28732246df9bf58921740921560c67 mbs1/x86_64/lib64zip-devel-0.10.1-2.1.mbs1.x86_64.rpm 538fad85574f17991959c00f0b4a43b1 mbs1/x86_64/libzip-0.10.1-2.1.mbs1.x86_64.rpm 70d44c88afb55e2b1519e8d3a71f274c mbs1/x86_64/php-apc-3.1.15-1.17.mbs1.x86_64.rpm 2e2f9c88f1d92bc4f3f0e4df3908fd73 mbs1/x86_64/php-apc-admin-3.1.15-1.17.mbs1.x86_64.rpm e3d5f3fb0fcace77e78209986102b171 mbs1/x86_64/php-bcmath-5.5.23-1.mbs1.x86_64.rpm 1ca44e20629234028499eda497f27059 mbs1/x86_64/php-bz2-5.5.23-1.mbs1.x86_64.rpm 473167211cea7e0b62916e66921ee5a4 mbs1/x86_64/php-calendar-5.5.23-1.mbs1.x86_64.rpm 214618465b0e9b1dac6efb3b4f52b988 mbs1/x86_64/php-cgi-5.5.23-1.mbs1.x86_64.rpm 6b178d78c6dd197b6643e7e493bce359 mbs1/x86_64/php-cli-5.5.23-1.mbs1.x86_64.rpm c1d4dd5178780fc999f449024ebde36e mbs1/x86_64/php-ctype-5.5.23-1.mbs1.x86_64.rpm 152132662ebefb9ade6fa67465b9af2a mbs1/x86_64/php-curl-5.5.23-1.mbs1.x86_64.rpm 01961ff4ec2820dd005d336f0671fe04 mbs1/x86_64/php-dba-5.5.23-1.mbs1.x86_64.rpm 96a7ecb45d71793af39558a1369853e2 mbs1/x86_64/php-devel-5.5.23-1.mbs1.x86_64.rpm 2106bf2eb5a17f18379add6b17408ed3 mbs1/x86_64/php-doc-5.5.23-1.mbs1.noarch.rpm c657e211cc4627a792f67e6c9f5eb06b mbs1/x86_64/php-dom-5.5.23-1.mbs1.x86_64.rpm 675db3e8eb585640b7a04a04e5ffce93 mbs1/x86_64/php-enchant-5.5.23-1.mbs1.x86_64.rpm bf345e51365465268e696684b77c9cc8 mbs1/x86_64/php-exif-5.5.23-1.mbs1.x86_64.rpm 69352287afb24b38ba68f995ddece5ab mbs1/x86_64/php-fileinfo-5.5.23-1.mbs1.x86_64.rpm bbf3d7067c2bbc71a4a9ae5e353c6f8e mbs1/x86_64/php-filter-5.5.23-1.mbs1.x86_64.rpm c6a25a432547a0e8d404dab281963d74 mbs1/x86_64/php-fpm-5.5.23-1.mbs1.x86_64.rpm 889332d46d1d9f1a2cf6421b6a5b5e3f mbs1/x86_64/php-ftp-5.5.23-1.mbs1.x86_64.rpm 86a90c9565562b5b360eb11d431536e7 mbs1/x86_64/php-gd-5.5.23-1.mbs1.x86_64.rpm dba72038f9098f7332e969b19c9d65a8 mbs1/x86_64/php-gettext-5.5.23-1.mbs1.x86_64.rpm b25d3f9ded7322a2b28942648ec74ff4 mbs1/x86_64/php-gmp-5.5.23-1.mbs1.x86_64.rpm 9bf5bfcb843c2d3b71855792e6b2050e mbs1/x86_64/php-hash-5.5.23-1.mbs1.x86_64.rpm 284a394dbe68e756c8813a53c0a89c66 mbs1/x86_64/php-iconv-5.5.23-1.mbs1.x86_64.rpm 9df2ec7f05f9a7955770e3ed4513cbfb mbs1/x86_64/php-imap-5.5.23-1.mbs1.x86_64.rpm e5947618cc905d249191bcc2066ffed1 mbs1/x86_64/php-ini-5.5.23-1.mbs1.x86_64.rpm d4f9e91e2877d6aaff0ee07bc5bdd95b mbs1/x86_64/php-intl-5.5.23-1.mbs1.x86_64.rpm 071ba0290df66c3ac1b0f0fa18ec2195 mbs1/x86_64/php-json-5.5.23-1.mbs1.x86_64.rpm 62146a98a0d24ee66cebd23887fc43fa mbs1/x86_64/php-ldap-5.5.23-1.mbs1.x86_64.rpm 03a94596eaf34eaac0c7e6f88a6aa7cb mbs1/x86_64/php-mbstring-5.5.23-1.mbs1.x86_64.rpm d966c79af040bd5c18dc4a2771bf7184 mbs1/x86_64/php-mcrypt-5.5.23-1.mbs1.x86_64.rpm 9ab71c0a90c649b4c31386a3582a5d26 mbs1/x86_64/php-mssql-5.5.23-1.mbs1.x86_64.rpm 80dd51f72e2cd0d854904dc7595a4bb0 mbs1/x86_64/php-mysql-5.5.23-1.mbs1.x86_64.rpm 88bc7c5a10b7a7f12b71b342afbbd18e mbs1/x86_64/php-mysqli-5.5.23-1.mbs1.x86_64.rpm 231ec6adca00980d04f39ce5fd866a83 mbs1/x86_64/php-mysqlnd-5.5.23-1.mbs1.x86_64.rpm 2c831cf0074977bf76d413c5e9b3f9de mbs1/x86_64/php-odbc-5.5.23-1.mbs1.x86_64.rpm 1a4553dcf596125aab2976b2f8c4792c mbs1/x86_64/php-opcache-5.5.23-1.mbs1.x86_64.rpm 4cb160e28e8899628c6e698376add11f mbs1/x86_64/php-openssl-5.5.23-1.mbs1.x86_64.rpm aa04993c7abe0539302a36527ad4674a mbs1/x86_64/php-pcntl-5.5.23-1.mbs1.x86_64.rpm 57b65d1dec0785825ea2cc8462a2256d mbs1/x86_64/php-pdo-5.5.23-1.mbs1.x86_64.rpm 6d5b8bf803d93067f4bce7daad5379ba mbs1/x86_64/php-pdo_dblib-5.5.23-1.mbs1.x86_64.rpm 3785dea886512d3473b1cda3d762aa9c mbs1/x86_64/php-pdo_mysql-5.5.23-1.mbs1.x86_64.rpm 330c62452427e64106c47fcd1e674ed6 mbs1/x86_64/php-pdo_odbc-5.5.23-1.mbs1.x86_64.rpm a3803c5de5acbb0d3c6a26c42b8ec39b mbs1/x86_64/php-pdo_pgsql-5.5.23-1.mbs1.x86_64.rpm 2f6a19bc0adc914b46fbab06e3dc7ac7 mbs1/x86_64/php-pdo_sqlite-5.5.23-1.mbs1.x86_64.rpm 4d452c2c81e21f9ce1d08afadba60d6a mbs1/x86_64/php-pgsql-5.5.23-1.mbs1.x86_64.rpm 39c301d412cbd28256f141fd409ea561 mbs1/x86_64/php-phar-5.5.23-1.mbs1.x86_64.rpm 9c78e1c9192cd1219f1415424156c491 mbs1/x86_64/php-posix-5.5.23-1.mbs1.x86_64.rpm 5bb762bd20418abbd99c38d0d14127d1 mbs1/x86_64/php-readline-5.5.23-1.mbs1.x86_64.rpm e97eb930df1a35f0646e62f88dd8b1e6 mbs1/x86_64/php-recode-5.5.23-1.mbs1.x86_64.rpm 2b4a91ff5da098a80fa0a74b184f9621 mbs1/x86_64/php-session-5.5.23-1.mbs1.x86_64.rpm 5ecc3ef7dde9a12cc70308c323c650f9 mbs1/x86_64/php-shmop-5.5.23-1.mbs1.x86_64.rpm 7380aeaced54d09831dc4828772a9b4f mbs1/x86_64/php-snmp-5.5.23-1.mbs1.x86_64.rpm 030ca0276e74f616a1cc8866cc4a3149 mbs1/x86_64/php-soap-5.5.23-1.mbs1.x86_64.rpm ba8b4a7dafc450564d41bf54de7b2ea2 mbs1/x86_64/php-sockets-5.5.23-1.mbs1.x86_64.rpm 61859f052b4a89c1d4ea9bff4251041f mbs1/x86_64/php-sqlite3-5.5.23-1.mbs1.x86_64.rpm 81639f4e567c6358f8d1b22c9e2acf98 mbs1/x86_64/php-sybase_ct-5.5.23-1.mbs1.x86_64.rpm 2f4a24db6aedc32c32f8a1d202a798e2 mbs1/x86_64/php-sysvmsg-5.5.23-1.mbs1.x86_64.rpm aab6b3451a848ebf916418e28303fb23 mbs1/x86_64/php-sysvsem-5.5.23-1.mbs1.x86_64.rpm 6820a01599b0e7d543cd6faa5adf1aee mbs1/x86_64/php-sysvshm-5.5.23-1.mbs1.x86_64.rpm ed7aa5fc5226ede2325b64f862ba121b mbs1/x86_64/php-tidy-5.5.23-1.mbs1.x86_64.rpm 6fd07a6cfcff5b6f5791b3c173d6de3f mbs1/x86_64/php-tokenizer-5.5.23-1.mbs1.x86_64.rpm 7130ab17ba8d88e08abbff8cc5ce9406 mbs1/x86_64/php-wddx-5.5.23-1.mbs1.x86_64.rpm bb977de60a780898623b458e8be594fc mbs1/x86_64/php-xdebug-2.3.2-1.mbs1.x86_64.rpm f66d72fa26d7c2ddf28cbd9834f50981 mbs1/x86_64/php-xml-5.5.23-1.mbs1.x86_64.rpm 52b65a29cce730602f7788545d8c68eb mbs1/x86_64/php-xmlreader-5.5.23-1.mbs1.x86_64.rpm 8e7ce89111d36fa56003a7b2cfb5ca17 mbs1/x86_64/php-xmlrpc-5.5.23-1.mbs1.x86_64.rpm 64a27f8e54344c459ffa5a2bb1c33521 mbs1/x86_64/php-xmlwriter-5.5.23-1.mbs1.x86_64.rpm 506d5cd854c2d3140f38b67137fe4f16 mbs1/x86_64/php-xsl-5.5.23-1.mbs1.x86_64.rpm 3e74425e2868a46bf8db184feaeac041 mbs1/x86_64/php-zip-5.5.23-1.mbs1.x86_64.rpm fa27aa395c0d87bf832471e3f6f06c68 mbs1/x86_64/php-zlib-5.5.23-1.mbs1.x86_64.rpm 5be5023a4703f52af150c7fbcb2c4e5a mbs1/SRPMS/libzip-0.10.1-2.1.mbs1.src.rpm bdf35808447e6b0224eb958adf086dc5 mbs1/SRPMS/php-5.5.23-1.mbs1.src.rpm a5047c3b6e20db0167f65ff6ad667e99 mbs1/SRPMS/php-apc-3.1.15-1.17.mbs1.src.rpm 2eb2949f57a66f2eed5110181ce7f8ce mbs1/SRPMS/php-xdebug-2.3.2-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. ============================================================================ Ubuntu Security Notice USN-2535-1 March 18, 2015
php5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in PHP. (CVE-2014-8117)
S. (CVE-2015-2301)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3 php5-cgi 5.5.12+dfsg-2ubuntu4.3 php5-cli 5.5.12+dfsg-2ubuntu4.3 php5-enchant 5.5.12+dfsg-2ubuntu4.3 php5-fpm 5.5.12+dfsg-2ubuntu4.3
Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.7 php5-cgi 5.5.9+dfsg-1ubuntu4.7 php5-cli 5.5.9+dfsg-1ubuntu4.7 php5-enchant 5.5.9+dfsg-1ubuntu4.7 php5-fpm 5.5.9+dfsg-1ubuntu4.7
Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.17 php5-cgi 5.3.10-1ubuntu3.17 php5-cli 5.3.10-1ubuntu3.17 php5-enchant 5.3.10-1ubuntu3.17 php5-fpm 5.3.10-1ubuntu3.17
Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.29 php5-cgi 5.3.2-1ubuntu4.29 php5-cli 5.3.2-1ubuntu4.29 php5-enchant 5.3.2-1ubuntu4.29
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2535-1 CVE-2014-8117, CVE-2014-9705, CVE-2015-0273, CVE-2015-2301
Package Information: https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.3 https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.7 https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.17 https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.29
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0206", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.10.4" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "php", "scope": "lt", "trust": 1.0, "vendor": "php", "version": "5.6.6" }, { "model": "php", "scope": "lt", "trust": 1.0, "vendor": "php", "version": "5.5.22" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.10" }, { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.2" }, { "model": "php", "scope": "gte", "trust": 1.0, "vendor": "php", "version": "5.4.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "php", "scope": "gte", "trust": 1.0, "vendor": "php", "version": "5.5.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "php", "scope": "gte", "trust": 1.0, "vendor": "php", "version": "5.6.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "php", "scope": "lt", "trust": 1.0, "vendor": "php", "version": "5.4.40" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.04" }, { "model": "php", "scope": "eq", "trust": 0.8, "vendor": "the php group", "version": "5.6.6" }, { "model": "php", "scope": "lt", "trust": 0.8, "vendor": "the php group", "version": "5.6.x" }, { "model": "php", "scope": "eq", "trust": 0.6, "vendor": "php", "version": "5.5.18" }, { "model": "php", "scope": "eq", "trust": 0.6, "vendor": "php", "version": "5.5.13" }, { "model": "php", "scope": "eq", "trust": 0.6, "vendor": "php", "version": "5.5.20" }, { "model": "php", "scope": "eq", "trust": 0.6, "vendor": "php", "version": "5.5.15" }, { "model": "php", "scope": "eq", "trust": 0.6, "vendor": "php", "version": "5.5.16" }, { "model": "php", "scope": "eq", "trust": 0.6, "vendor": "php", "version": "5.5.21" }, { "model": "php", "scope": "eq", "trust": 0.6, "vendor": "php", "version": "5.5.19" }, { "model": "php", "scope": "eq", "trust": 0.6, "vendor": "php", "version": "5.5.17" }, { "model": "php", "scope": "eq", "trust": 0.6, "vendor": "php", "version": "5.5.14" }, { "model": "php", "scope": "eq", "trust": 0.6, "vendor": "php", "version": "5.6.0" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "hat enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" } ], "sources": [ { "db": "BID", "id": "73037" }, { "db": "JVNDB", "id": "JVNDB-2015-002002" }, { "db": "CNNVD", "id": "CNNVD-201503-624" }, { "db": "NVD", "id": "CVE-2015-2301" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.5.22", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.6.6", "versionStartIncluding": "5.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.4.40", "versionStartIncluding": "5.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.10.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-2301" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Xinchen Hui", "sources": [ { "db": "BID", "id": "73037" } ], "trust": 0.3 }, "cve": "CVE-2015-2301", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2015-2301", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-80262", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-2301", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201503-624", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-80262", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2015-2301", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-80262" }, { "db": "VULMON", "id": "CVE-2015-2301" }, { "db": "JVNDB", "id": "JVNDB-2015-002002" }, { "db": "CNNVD", "id": "CNNVD-201503-624" }, { "db": "NVD", "id": "CVE-2015-2301" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. PHP of phar_object.c of phar_rename_archive Function uses freed memory (Use-after-free) Service disruption (DoS) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. PHP is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A use-after-free vulnerability exists in the \u0027phar_rename_archive\u0027 function in the phar_object.c file of PHP 5.5.21 and prior versions and 5.6.x versions prior to 5.6.6. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. \n Please note that this package build also moves the configuration files\n from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz\n\nSlackware x86_64 -current package:\n1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.40-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-30-3 OS X El Capitan 10.11\n\nOS X El Capitan 10.11 is now available and addresses the following:\n\nAddress Book\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local attacker may be able to inject arbitrary code to\nprocesses loading the Address Book framework\nDescription: An issue existed in Address Book framework\u0027s handling\nof an environment variable. This issue was addressed through improved\nenvironment variable handling. \nCVE-ID\nCVE-2015-5897 : Dan Bastone of Gotham Digital Science\n\nAirScan\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An attacker with a privileged network position may be able\nto extract payload from eSCL packets sent over a secure connection\nDescription: An issue existed in the processing of eSCL packets. \nThis issue was addressed through improved validation checks. \nCVE-ID\nCVE-2015-5853 : an anonymous researcher\n\napache_mod_php\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.5.27, including one which may have led to remote code execution. \nThis issue was addressed by updating PHP to version 5.5.27. \nCVE-ID\nCVE-2014-9425\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9705\nCVE-2014-9709\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0235\nCVE-2015-0273\nCVE-2015-1351\nCVE-2015-1352\nCVE-2015-2301\nCVE-2015-2305\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2783\nCVE-2015-2787\nCVE-2015-3329\nCVE-2015-3330\n\nApple Online Store Kit\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A malicious application may gain access to a user\u0027s keychain\nitems\nDescription: An issue existed in validation of access control lists\nfor iCloud keychain items. This issue was addressed through improved\naccess control list checks. \nCVE-ID\nCVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of\nIndiana University, Tongxin Li of Peking University, Tongxin Li of\nPeking University, Xiaolong Bai of Tsinghua University\n\nAppleEvents\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A user connected through screen sharing can send Apple\nEvents to a local user\u0027s session\nDescription: An issue existed with Apple Event filtering that\nallowed some users to send events to other users. This was addressed\nby improved Apple Event handling. \nCVE-ID\nCVE-2015-5849 : Jack Lawrence (@_jackhl)\n\nAudio\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription: A memory corruption issue existed in the handling of\naudio files. This issue issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\n\nbash\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Multiple vulnerabilities in bash\nDescription: Multiple vulnerabilities existed in bash versions prior\nto 3.2 patch level 57. These issues were addressed by updating bash\nversion 3.2 to patch level 57. \nCVE-ID\nCVE-2014-6277\nCVE-2014-7186\nCVE-2014-7187\n\nCertificate Trust Policy\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork Cookies\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription: A cross-domain cookie issue existed in the handling of\ntop level domains. The issue was address through improved\nrestrictions of cookie creation. \nCVE-ID\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork FTPProtocol\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Malicious FTP servers may be able to cause the client to\nperform reconnaissance on other hosts\nDescription: An issue existed in the handling of FTP packets when\nusing the PASV command. This issue was resolved through improved\nvalidation. \nCVE-ID\nCVE-2015-5912 : Amit Klein\n\nCFNetwork HTTPProtocol\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A maliciously crafted URL may be able to bypass HSTS and\nleak sensitive data\nDescription: A URL parsing vulnerability existed in HSTS handling. \nThis issue was addressed through improved URL parsing. \nCVE-ID\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork HTTPProtocol\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: An issue existed in the handling of HSTS state in\nSafari private browsing mode. This issue was addressed through\nimproved state handling. \nCVE-ID\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\n\nCFNetwork Proxies\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Connecting to a malicious web proxy may set malicious\ncookies for a website\nDescription: An issue existed in the handling of proxy connect\nresponses. This issue was addressed by removing the set-cookie header\nwhile parsing the connect response. \nCVE-ID\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork SSL\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription: A certificate validation issue existed in NSURL when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-ID\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\n\nCFNetwork SSL\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of RC4. \nAn attacker could force the use of RC4, even if the server preferred\nbetter ciphers, by blocking TLS 1.0 and higher connections until\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\naddressed by removing the fallback to SSL 3.0. \n\nCoreCrypto\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An attacker may be able to determine a private key\nDescription: By observing many signing or decryption attempts, an\nattacker may have been able to determine the RSA private key. This\nissue was addressed using improved encryption algorithms. \n\nCoreText\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\nDev Tools\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in dyld. This was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-5876 : beist of grayhash\n\nDev Tools\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An application may be able to bypass code signing\nDescription: An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : @PanguTeam\n\nDisk Images\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in DiskImages. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\n\ndyld\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An application may be able to bypass code signing\nDescription: An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : TaiG Jailbreak Team\n\nEFI\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A malicious application can prevent some systems from\nbooting\nDescription: An issue existed with the addresses covered by the\nprotected range register. This issue was fixed by changing the\nprotected range. \nCVE-ID\nCVE-2015-5900 : Xeno Kovah \u0026 Corey Kallenberg from LegbaCore\n\nEFI\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A malicious Apple Ethernet Thunderbolt adapter may be able\nto affect firmware flashing\nDescription: Apple Ethernet Thunderbolt adapters could modify the\nhost firmware if connected during an EFI update. This issue was\naddressed by not loading option ROMs during updates. \nCVE-ID\nCVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare\n\nFinder\nAvailable for: Mac OS X v10.6.8 and later\nImpact: The \"Secure Empty Trash\" feature may not securely delete\nfiles placed in the Trash\nDescription: An issue existed in guaranteeing secure deletion of\nTrash files on some systems, such as those with flash storage. This\nissue was addressed by removing the \"Secure Empty Trash\" option. \nCVE-ID\nCVE-2015-5901 : Apple\n\nGame Center\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A malicious Game Center application may be able to access a\nplayer\u0027s email address\nDescription: An issue existed in Game Center in the handling of a\nplayer\u0027s email. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2015-5855 : Nasser Alnasser\n\nHeimdal\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An attacker may be able to replay Kerberos credentials to\nthe SMB server\nDescription: An authentication issue existed in Kerberos\ncredentials. This issue was addressed through additional validation\nof credentials using a list of recently seen credentials. \nCVE-ID\nCVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu\nFan of Microsoft Corporation, China\n\nICU\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Multiple vulnerabilities in ICU\nDescription: Multiple vulnerabilities existed in ICU versions prior\nto 53.1.0. These issues were addressed by updating ICU to version\n55.1. \nCVE-ID\nCVE-2014-8146\nCVE-2014-8147\nCVE-2015-5922\n\nInstall Framework Legacy\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to gain root privileges\nDescription: A restriction issue existed in the Install private\nframework containing a privileged executable. This issue was\naddressed by removing the executable. \nCVE-ID\nCVE-2015-5888 : Apple\n\nIntel Graphics Driver\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple memory corruption issues existed in the Intel\nGraphics Driver. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5830 : Yuki MIZUNO (@mzyy94)\nCVE-2015-5877 : Camillus Gerard Cai\n\nIOAudioFamily\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in IOAudioFamily that led to the\ndisclosure of kernel memory content. This issue was addressed by\npermuting kernel pointers. \nCVE-ID\nCVE-2015-5864 : Luca Todesco\n\nIOGraphics\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues existed in the\nkernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5871 : Ilja van Sprundel of IOActive\nCVE-2015-5872 : Ilja van Sprundel of IOActive\nCVE-2015-5873 : Ilja van Sprundel of IOActive\nCVE-2015-5890 : Ilja van Sprundel of IOActive\n\nIOGraphics\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in IOGraphics which could have led to\nthe disclosure of kernel memory layout. This issue was addressed\nthrough improved memory management. \nCVE-ID\nCVE-2015-5865 : Luca Todesco\n\nIOHIDFamily\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple memory corruption issues existed in\nIOHIDFamily. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5866 : Apple\nCVE-2015-5867 : moony li of Trend Micro\n\nIOStorageFamily\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local attacker may be able to read kernel memory\nDescription: A memory initialization issue existed in the kernel. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5863 : Ilja van Sprundel of IOActive\n\nKernel\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues existed in the\nKernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\nCVE-2015-5896 : Maxime Villard of m00nbsd\nCVE-2015-5903 : CESG\n\nKernel\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local process can modify other processes without\nentitlement checks\nDescription: An issue existed where root processes using the\nprocessor_set_tasks API were allowed to retrieve the task ports of\nother processes. This issue was addressed through additional\nentitlement checks. \nCVE-ID\nCVE-2015-5882 : Pedro Vilaca, working from original research by\nMing-chieh Pan and Sung-ting Tsai; Jonathan Levin\n\nKernel\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local attacker may control the value of stack cookies\nDescription: Multiple weaknesses existed in the generation of user\nspace stack cookies. These issues were addressed through improved\ngeneration of stack cookies. \nCVE-ID\nCVE-2013-3951 : Stefan Esser\n\nKernel\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An attacker may be able to launch denial of service attacks\non targeted TCP connections without knowing the correct sequence\nnumber\nDescription: An issue existed in xnu\u0027s validation of TCP packet\nheaders. This issue was addressed through improved TCP packet header\nvalidation. \nCVE-ID\nCVE-2015-5879 : Jonathan Looney\n\nKernel\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An attacker in a local LAN segment may disable IPv6 routing\nDescription: An insufficient validation issue existed in the\nhandling of IPv6 router advertisements that allowed an attacker to\nset the hop limit to an arbitrary value. This issue was addressed by\nenforcing a minimum hop limit. \nCVE-ID\nCVE-2015-5869 : Dennis Spindel Ljungmark\n\nKernel\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed that led to the disclosure of kernel\nmemory layout. This was addressed through improved initialization of\nkernel memory structures. \nCVE-ID\nCVE-2015-5842 : beist of grayhash\n\nKernel\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in debugging interfaces that led to\nthe disclosure of memory content. This issue was addressed by\nsanitizing output from debugging interfaces. \nCVE-ID\nCVE-2015-5870 : Apple\n\nKernel\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A state management issue existed in debugging\nfunctionality. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team\n\nlibc\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\nCorporation\n\nlibpthread\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\n\nlibxpc\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Many SSH connections could cause a denial of service\nDescription: launchd had no limit on the number of processes that\ncould be started by a network connection. This issue was addressed by\nlimiting the number of SSH processes to 40. \nCVE-ID\nCVE-2015-5881 : Apple\n\nLogin Window\nAvailable for: Mac OS X v10.6.8 and later\nImpact: The screen lock may not engage after the specified time\nperiod\nDescription: An issue existed with captured display locking. The\nissue was addressed through improved lock handling. \nCVE-ID\nCVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau\ninformationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni\nVaahtera, and an anonymous researcher\n\nlukemftpd\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A remote attacker may be able to deny service to the FTP\nserver\nDescription: A glob-processing issue existed in tnftpd. This issue\nwas addressed through improved glob validation. \nCVE-ID\nCVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com\n\nMail\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Printing an email may leak sensitive user information\nDescription: An issue existed in Mail which bypassed user\npreferences when printing an email. This issue was addressed through\nimproved user preference enforcement. \nCVE-ID\nCVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,\nDennis Klein from Eschenburg, Germany, Jeff Hammett of Systim\nTechnology Partners\n\nMail\nAvailable for: Mac OS X v10.6.8 and later\nImpact: An attacker in a privileged network position may be able to\nintercept attachments of S/MIME-encrypted e-mail sent via Mail Drop\nDescription: An issue existed in handling encryption parameters for\nlarge email attachments sent via Mail Drop. The issue is addressed by\nno longer offering Mail Drop when sending an encrypted e-mail. \nCVE-ID\nCVE-2015-5884 : John McCombs of Integrated Mapping Ltd\n\nMultipeer Connectivity\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local attacker may be able to observe unprotected\nmultipeer data\nDescription: An issue existed in convenience initializer handling in\nwhich encryption could be actively downgraded to a non-encrypted\nsession. This issue was addressed by changing the convenience\ninitializer to require encryption. \nCVE-ID\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\n\nNetworkExtension\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An uninitialized memory issue in the kernel led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved memory initialization. \nCVE-ID\nCVE-2015-5831 : Maxime Villard of m00nbsd\n\nNotes\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to leak sensitive user information\nDescription: An issue existed in parsing links in the Notes\napplication. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher\n\nNotes\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to leak sensitive user information\nDescription: A cross-site scripting issue existed in parsing text by\nthe Notes application. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2015-5875 : xisigr of Tencent\u0027s Xuanwu LAB (www.tencent.com)\n\nOpenSSH\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Multiple vulnerabilities in OpenSSH\nDescription: Multiple vulnerabilities existed in OpenSSH versions\nprior to 6.9. These issues were addressed by updating OpenSSH to\nversion 6.9. \nCVE-ID\nCVE-2014-2532\n\nOpenSSL\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-0286\nCVE-2015-0287\n\nprocmail\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Multiple vulnerabilities in procmail\nDescription: Multiple vulnerabilities existed in procmail versions\nprior to 3.22. These issues were addressed by removing procmail. \nCVE-ID\nCVE-2014-3618\n\nremote_cmds\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to execute arbitrary code with root\nprivileges\nDescription: An issue existed in the usage of environment variables\nby the rsh binary. This issue was addressed by dropping setuid\nprivileges from the rsh binary. \nCVE-ID\nCVE-2015-5889 : Philip Pettersson\n\nremovefile\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Processing malicious data may lead to unexpected application\ntermination\nDescription: An overflow fault existed in the checkint division\nroutines. This issue was addressed with improved division routines. \nCVE-ID\nCVE-2015-5840 : an anonymous researcher\n\nRuby\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Multiple vulnerabilities in Ruby\nDescription: Multiple vulnerabilities existed in Ruby versions prior\nto 2.0.0p645. These were addressed by updating Ruby to version\n2.0.0p645. \nCVE-ID\nCVE-2014-8080\nCVE-2014-8090\nCVE-2015-1855\n\nSecurity\nAvailable for: Mac OS X v10.6.8 and later\nImpact: The lock state of the keychain may be incorrectly displayed\nto the user\nDescription: A state management issue existed in the way keychain\nlock status was tracked. This issue was addressed through improved\nstate management. \nCVE-ID\nCVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,\nEric E. Lawrence, Apple\n\nSecurity\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A trust evaluation configured to require revocation checking\nmay succeed even if revocation checking fails\nDescription: The kSecRevocationRequirePositiveResponse flag was\nspecified but not implemented. This issue was addressed by\nimplementing the flag. \nCVE-ID\nCVE-2015-5894 : Hannes Oud of kWallet GmbH\n\nSecurity\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A remote server may prompt for a certificate before\nidentifying itself\nDescription: Secure Transport accepted the CertificateRequest\nmessage before the ServerKeyExchange message. This issue was\naddressed by requiring the ServerKeyExchange first. \nCVE-ID\nCVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nINRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of\nMicrosoft Research, Pierre-Yves Strub of IMDEA Software Institute\n\nSMB\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5891 : Ilja van Sprundel of IOActive\n\nSMB\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in SMBClient that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-5893 : Ilja van Sprundel of IOActive\n\nSQLite\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Multiple vulnerabilities in SQLite v3.8.5\nDescription: Multiple vulnerabilities existed in SQLite v3.8.5. \nThese issues were addressed by updating SQLite to version 3.8.10.2. \nCVE-ID\nCVE-2015-3414\nCVE-2015-3415\nCVE-2015-3416\n\nTelephony\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local attacker can place phone calls without the user\u0027s\nknowledge when using Continuity\nDescription: An issue existed in the authorization checks for\nplacing phone calls. This issue was addressed through improved\nauthorization checks. \nCVE-ID\nCVE-2015-3785 : Dan Bastone of Gotham Digital Science\n\nTerminal\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Maliciously crafted text could mislead the user in Terminal\nDescription: Terminal did not handle bidirectional override\ncharacters in the same way when displaying text and when selecting\ntext. This issue was addressed by suppressing bidirectional override\ncharacters in Terminal. \nCVE-ID\nCVE-2015-5883 : an anonymous researcher\n\ntidy\nAvailable for: Mac OS X v10.6.8 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in tidy. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\n\nTime Machine\nAvailable for: Mac OS X v10.6.8 and later\nImpact: A local attacker may gain access to keychain items\nDescription: An issue existed in backups by the Time Machine\nframework. This issue was addressed through improved coverage of Time\nMachine backups. \nCVE-ID\nCVE-2015-5854 : Jonas Magazinius of Assured AB\n\nNote: OS X El Capitan 10.11 includes the security content of\nSafari 9: https://support.apple.com/kb/HT205265. \n\nOS X El Capitan 10.11 may be obtained from the Mac App Store:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw\nS5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO\n/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6\nQhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54\nYJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop\nhpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O\nc3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR\n8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r\nN1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT\nfJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1\nnJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e\ng6jld/w5tPuCFhGucE7Z\n=XciV\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-06-10\nLast Updated: 2015-06-10\n\nPotential Security Impact: Remote denial of service (DoS), man-in-the-middle\n(MitM) attack, modification of data, local modification of data\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the HP-UX Apache\nWeb Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited\nremotely to create a Denial of Service (DoS) and other vulnerabilities. \n\nReferences:\n\nCVE-2013-5704 - Apache: Permissions, Privileges, and Access Control (CWE-264)\n\nCVE-2014-0118 - Apache: Resource Management Errors (CWE-399)\n\nCVE-2014-0226 - Apache: Race Conditions (CWE-362)\n\nCVE-2014-0227 - Tomcat: Data Handling (CWE-19)\n\nCVE-2014-0231 - PHP: Resource Management Errors (CWE-399)\n\nCVE-2014-8142 - PHP: Use After Free (CWE-416)\n\nCVE-2014-9709 - PHP: Buffer Errors (CWE-119)\n\nCVE-2015-0231 - PHP: Use After Free (CWE-416)\n\nCVE-2015-0273 - PHP: Use After Free (CWE-416)\n\nCVE-2015-1352 - PHP: Null Pointer Dereference (CWE-476)\n\nCVE-2015-2301 - PHP: Use After Free (CWE-416)\n\nCVE-2015-2305 - PHP: Numeric Errors (CWE-189)\n\nCVE-2015-2331 - PHP: Numeric Errors (CWE-189)\n\nCVE-2015-2783 - PHP: Buffer Errors (CWE-119)\n\nSSRT102066\n\nSSRT102067\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.31 running HP-UX Apache Web Server Suite v4.04 or earlier\n\nHP-UX B.11.31 running HP-UX Apache Web Server v2.2.15.22 or earlier\n\nHP-UX B.11.31 running Tomcat Servlet Engine v6.0.39.03 or earlier\n\nHP-UX B.11.31 running PHP v5.4.11.04 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-5704 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0227 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9709 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-1352 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2305 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2783 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the\nvulnerabilities. \n\nThe updates are available for download from http://software.hp.com\n\nNOTE: HP-UX Web Server Suite v4.05 HPUXWSATW405 contains Apache v2.2.29.01,\nTomcat Servlet Engine 6.0.43.01, PHP 5.4.40.01, and Webmin v1.070.13\n\nHP-UX 11i Release\n Apache Depot name\n\nB.11.31 (11i v3 32-bit)\n HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot\n\nB.11.31 (11i v3 64-bit)\n HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v4.05 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.29.01 or subsequent\n\nhpuxws22TOMCAT.TOMCAT\naction: install revision C.6.0.43.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 10 June 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niEYEARECAAYFAlV4nnEACgkQ4B86/C0qfVnNlgCg3gDsUsP86K+UwNjIqDPPvzlX\nko0An3qKeH/kCmzlb7g2jHIv90x5L9cO\n=rrIH\n-----END PGP SIGNATURE-----\n. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-6501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[ 2 ] CVE-2014-9705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[ 3 ] CVE-2014-9709\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[ 4 ] CVE-2015-0231\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[ 5 ] CVE-2015-0273\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[ 6 ] CVE-2015-1351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[ 7 ] CVE-2015-1352\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[ 8 ] CVE-2015-2301\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[ 9 ] CVE-2015-2348\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:079\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : php\n Date : March 28, 2015\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in php:\n \n S. Paraschoudis discovered that PHP incorrectly handled memory in\n the enchant binding. \n \n Taoguang Chen discovered that PHP incorrectly handled unserializing\n objects. \n \n It was discovered that PHP incorrectly handled memory in the phar\n extension. NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2014-8142 (CVE-2015-0231). \n \n An integer overflow flaw, leading to a heap-based buffer overflow,\n was found in the way libzip, which is embedded in PHP, processed\n certain ZIP archives. If an attacker were able to supply a specially\n crafted ZIP archive to an application using libzip, it could cause\n the application to crash or, possibly, execute arbitrary code\n (CVE-2015-2331). \n \n It was discovered that the PHP opcache component incorrectly handled\n memory. \n \n It was discovered that the PHP PostgreSQL database extension\n incorrectly handled certain pointers. The libzip packages\n has been patched to address the CVE-2015-2331 flaw. \n \n Additionally the php-xdebug package has been upgraded to the latest\n 2.3.2 and the PECL packages which requires so has been rebuilt for\n php-5.5.23. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n http://php.net/ChangeLog-5.php#5.5.22\n http://php.net/ChangeLog-5.php#5.5.23\n http://www.ubuntu.com/usn/usn-2535-1/\n http://www.ubuntu.com/usn/usn-2501-1/\n https://bugzilla.redhat.com/show_bug.cgi?id=1204676\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 3c1e2ab81c1731c63a99a4a7c66d48d3 mbs1/x86_64/apache-mod_php-5.5.23-1.mbs1.x86_64.rpm\n 6a12e93ebf52d6cb505652cb919b73c3 mbs1/x86_64/lib64php5_common5-5.5.23-1.mbs1.x86_64.rpm\n 92ae97e82c0bae091c65847f672f0369 mbs1/x86_64/lib64zip2-0.10.1-2.1.mbs1.x86_64.rpm\n ac28732246df9bf58921740921560c67 mbs1/x86_64/lib64zip-devel-0.10.1-2.1.mbs1.x86_64.rpm\n 538fad85574f17991959c00f0b4a43b1 mbs1/x86_64/libzip-0.10.1-2.1.mbs1.x86_64.rpm\n 70d44c88afb55e2b1519e8d3a71f274c mbs1/x86_64/php-apc-3.1.15-1.17.mbs1.x86_64.rpm\n 2e2f9c88f1d92bc4f3f0e4df3908fd73 mbs1/x86_64/php-apc-admin-3.1.15-1.17.mbs1.x86_64.rpm\n e3d5f3fb0fcace77e78209986102b171 mbs1/x86_64/php-bcmath-5.5.23-1.mbs1.x86_64.rpm\n 1ca44e20629234028499eda497f27059 mbs1/x86_64/php-bz2-5.5.23-1.mbs1.x86_64.rpm\n 473167211cea7e0b62916e66921ee5a4 mbs1/x86_64/php-calendar-5.5.23-1.mbs1.x86_64.rpm\n 214618465b0e9b1dac6efb3b4f52b988 mbs1/x86_64/php-cgi-5.5.23-1.mbs1.x86_64.rpm\n 6b178d78c6dd197b6643e7e493bce359 mbs1/x86_64/php-cli-5.5.23-1.mbs1.x86_64.rpm\n c1d4dd5178780fc999f449024ebde36e mbs1/x86_64/php-ctype-5.5.23-1.mbs1.x86_64.rpm\n 152132662ebefb9ade6fa67465b9af2a mbs1/x86_64/php-curl-5.5.23-1.mbs1.x86_64.rpm\n 01961ff4ec2820dd005d336f0671fe04 mbs1/x86_64/php-dba-5.5.23-1.mbs1.x86_64.rpm\n 96a7ecb45d71793af39558a1369853e2 mbs1/x86_64/php-devel-5.5.23-1.mbs1.x86_64.rpm\n 2106bf2eb5a17f18379add6b17408ed3 mbs1/x86_64/php-doc-5.5.23-1.mbs1.noarch.rpm\n c657e211cc4627a792f67e6c9f5eb06b mbs1/x86_64/php-dom-5.5.23-1.mbs1.x86_64.rpm\n 675db3e8eb585640b7a04a04e5ffce93 mbs1/x86_64/php-enchant-5.5.23-1.mbs1.x86_64.rpm\n bf345e51365465268e696684b77c9cc8 mbs1/x86_64/php-exif-5.5.23-1.mbs1.x86_64.rpm\n 69352287afb24b38ba68f995ddece5ab mbs1/x86_64/php-fileinfo-5.5.23-1.mbs1.x86_64.rpm\n bbf3d7067c2bbc71a4a9ae5e353c6f8e mbs1/x86_64/php-filter-5.5.23-1.mbs1.x86_64.rpm\n c6a25a432547a0e8d404dab281963d74 mbs1/x86_64/php-fpm-5.5.23-1.mbs1.x86_64.rpm\n 889332d46d1d9f1a2cf6421b6a5b5e3f mbs1/x86_64/php-ftp-5.5.23-1.mbs1.x86_64.rpm\n 86a90c9565562b5b360eb11d431536e7 mbs1/x86_64/php-gd-5.5.23-1.mbs1.x86_64.rpm\n dba72038f9098f7332e969b19c9d65a8 mbs1/x86_64/php-gettext-5.5.23-1.mbs1.x86_64.rpm\n b25d3f9ded7322a2b28942648ec74ff4 mbs1/x86_64/php-gmp-5.5.23-1.mbs1.x86_64.rpm\n 9bf5bfcb843c2d3b71855792e6b2050e mbs1/x86_64/php-hash-5.5.23-1.mbs1.x86_64.rpm\n 284a394dbe68e756c8813a53c0a89c66 mbs1/x86_64/php-iconv-5.5.23-1.mbs1.x86_64.rpm\n 9df2ec7f05f9a7955770e3ed4513cbfb mbs1/x86_64/php-imap-5.5.23-1.mbs1.x86_64.rpm\n e5947618cc905d249191bcc2066ffed1 mbs1/x86_64/php-ini-5.5.23-1.mbs1.x86_64.rpm\n d4f9e91e2877d6aaff0ee07bc5bdd95b mbs1/x86_64/php-intl-5.5.23-1.mbs1.x86_64.rpm\n 071ba0290df66c3ac1b0f0fa18ec2195 mbs1/x86_64/php-json-5.5.23-1.mbs1.x86_64.rpm\n 62146a98a0d24ee66cebd23887fc43fa mbs1/x86_64/php-ldap-5.5.23-1.mbs1.x86_64.rpm\n 03a94596eaf34eaac0c7e6f88a6aa7cb mbs1/x86_64/php-mbstring-5.5.23-1.mbs1.x86_64.rpm\n d966c79af040bd5c18dc4a2771bf7184 mbs1/x86_64/php-mcrypt-5.5.23-1.mbs1.x86_64.rpm\n 9ab71c0a90c649b4c31386a3582a5d26 mbs1/x86_64/php-mssql-5.5.23-1.mbs1.x86_64.rpm\n 80dd51f72e2cd0d854904dc7595a4bb0 mbs1/x86_64/php-mysql-5.5.23-1.mbs1.x86_64.rpm\n 88bc7c5a10b7a7f12b71b342afbbd18e mbs1/x86_64/php-mysqli-5.5.23-1.mbs1.x86_64.rpm\n 231ec6adca00980d04f39ce5fd866a83 mbs1/x86_64/php-mysqlnd-5.5.23-1.mbs1.x86_64.rpm\n 2c831cf0074977bf76d413c5e9b3f9de mbs1/x86_64/php-odbc-5.5.23-1.mbs1.x86_64.rpm\n 1a4553dcf596125aab2976b2f8c4792c mbs1/x86_64/php-opcache-5.5.23-1.mbs1.x86_64.rpm\n 4cb160e28e8899628c6e698376add11f mbs1/x86_64/php-openssl-5.5.23-1.mbs1.x86_64.rpm\n aa04993c7abe0539302a36527ad4674a mbs1/x86_64/php-pcntl-5.5.23-1.mbs1.x86_64.rpm\n 57b65d1dec0785825ea2cc8462a2256d mbs1/x86_64/php-pdo-5.5.23-1.mbs1.x86_64.rpm\n 6d5b8bf803d93067f4bce7daad5379ba mbs1/x86_64/php-pdo_dblib-5.5.23-1.mbs1.x86_64.rpm\n 3785dea886512d3473b1cda3d762aa9c mbs1/x86_64/php-pdo_mysql-5.5.23-1.mbs1.x86_64.rpm\n 330c62452427e64106c47fcd1e674ed6 mbs1/x86_64/php-pdo_odbc-5.5.23-1.mbs1.x86_64.rpm\n a3803c5de5acbb0d3c6a26c42b8ec39b mbs1/x86_64/php-pdo_pgsql-5.5.23-1.mbs1.x86_64.rpm\n 2f6a19bc0adc914b46fbab06e3dc7ac7 mbs1/x86_64/php-pdo_sqlite-5.5.23-1.mbs1.x86_64.rpm\n 4d452c2c81e21f9ce1d08afadba60d6a mbs1/x86_64/php-pgsql-5.5.23-1.mbs1.x86_64.rpm\n 39c301d412cbd28256f141fd409ea561 mbs1/x86_64/php-phar-5.5.23-1.mbs1.x86_64.rpm\n 9c78e1c9192cd1219f1415424156c491 mbs1/x86_64/php-posix-5.5.23-1.mbs1.x86_64.rpm\n 5bb762bd20418abbd99c38d0d14127d1 mbs1/x86_64/php-readline-5.5.23-1.mbs1.x86_64.rpm\n e97eb930df1a35f0646e62f88dd8b1e6 mbs1/x86_64/php-recode-5.5.23-1.mbs1.x86_64.rpm\n 2b4a91ff5da098a80fa0a74b184f9621 mbs1/x86_64/php-session-5.5.23-1.mbs1.x86_64.rpm\n 5ecc3ef7dde9a12cc70308c323c650f9 mbs1/x86_64/php-shmop-5.5.23-1.mbs1.x86_64.rpm\n 7380aeaced54d09831dc4828772a9b4f mbs1/x86_64/php-snmp-5.5.23-1.mbs1.x86_64.rpm\n 030ca0276e74f616a1cc8866cc4a3149 mbs1/x86_64/php-soap-5.5.23-1.mbs1.x86_64.rpm\n ba8b4a7dafc450564d41bf54de7b2ea2 mbs1/x86_64/php-sockets-5.5.23-1.mbs1.x86_64.rpm\n 61859f052b4a89c1d4ea9bff4251041f mbs1/x86_64/php-sqlite3-5.5.23-1.mbs1.x86_64.rpm\n 81639f4e567c6358f8d1b22c9e2acf98 mbs1/x86_64/php-sybase_ct-5.5.23-1.mbs1.x86_64.rpm\n 2f4a24db6aedc32c32f8a1d202a798e2 mbs1/x86_64/php-sysvmsg-5.5.23-1.mbs1.x86_64.rpm\n aab6b3451a848ebf916418e28303fb23 mbs1/x86_64/php-sysvsem-5.5.23-1.mbs1.x86_64.rpm\n 6820a01599b0e7d543cd6faa5adf1aee mbs1/x86_64/php-sysvshm-5.5.23-1.mbs1.x86_64.rpm\n ed7aa5fc5226ede2325b64f862ba121b mbs1/x86_64/php-tidy-5.5.23-1.mbs1.x86_64.rpm\n 6fd07a6cfcff5b6f5791b3c173d6de3f mbs1/x86_64/php-tokenizer-5.5.23-1.mbs1.x86_64.rpm\n 7130ab17ba8d88e08abbff8cc5ce9406 mbs1/x86_64/php-wddx-5.5.23-1.mbs1.x86_64.rpm\n bb977de60a780898623b458e8be594fc mbs1/x86_64/php-xdebug-2.3.2-1.mbs1.x86_64.rpm\n f66d72fa26d7c2ddf28cbd9834f50981 mbs1/x86_64/php-xml-5.5.23-1.mbs1.x86_64.rpm\n 52b65a29cce730602f7788545d8c68eb mbs1/x86_64/php-xmlreader-5.5.23-1.mbs1.x86_64.rpm\n 8e7ce89111d36fa56003a7b2cfb5ca17 mbs1/x86_64/php-xmlrpc-5.5.23-1.mbs1.x86_64.rpm\n 64a27f8e54344c459ffa5a2bb1c33521 mbs1/x86_64/php-xmlwriter-5.5.23-1.mbs1.x86_64.rpm\n 506d5cd854c2d3140f38b67137fe4f16 mbs1/x86_64/php-xsl-5.5.23-1.mbs1.x86_64.rpm\n 3e74425e2868a46bf8db184feaeac041 mbs1/x86_64/php-zip-5.5.23-1.mbs1.x86_64.rpm\n fa27aa395c0d87bf832471e3f6f06c68 mbs1/x86_64/php-zlib-5.5.23-1.mbs1.x86_64.rpm \n 5be5023a4703f52af150c7fbcb2c4e5a mbs1/SRPMS/libzip-0.10.1-2.1.mbs1.src.rpm\n bdf35808447e6b0224eb958adf086dc5 mbs1/SRPMS/php-5.5.23-1.mbs1.src.rpm\n a5047c3b6e20db0167f65ff6ad667e99 mbs1/SRPMS/php-apc-3.1.15-1.17.mbs1.src.rpm\n 2eb2949f57a66f2eed5110181ce7f8ce mbs1/SRPMS/php-xdebug-2.3.2-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. ============================================================================\nUbuntu Security Notice USN-2535-1\nMarch 18, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n(CVE-2014-8117)\n\nS. \n(CVE-2015-2301)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3\n php5-cgi 5.5.12+dfsg-2ubuntu4.3\n php5-cli 5.5.12+dfsg-2ubuntu4.3\n php5-enchant 5.5.12+dfsg-2ubuntu4.3\n php5-fpm 5.5.12+dfsg-2ubuntu4.3\n\nUbuntu 14.04 LTS:\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.7\n php5-cgi 5.5.9+dfsg-1ubuntu4.7\n php5-cli 5.5.9+dfsg-1ubuntu4.7\n php5-enchant 5.5.9+dfsg-1ubuntu4.7\n php5-fpm 5.5.9+dfsg-1ubuntu4.7\n\nUbuntu 12.04 LTS:\n libapache2-mod-php5 5.3.10-1ubuntu3.17\n php5-cgi 5.3.10-1ubuntu3.17\n php5-cli 5.3.10-1ubuntu3.17\n php5-enchant 5.3.10-1ubuntu3.17\n php5-fpm 5.3.10-1ubuntu3.17\n\nUbuntu 10.04 LTS:\n libapache2-mod-php5 5.3.2-1ubuntu4.29\n php5-cgi 5.3.2-1ubuntu4.29\n php5-cli 5.3.2-1ubuntu4.29\n php5-enchant 5.3.2-1ubuntu4.29\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2535-1\n CVE-2014-8117, CVE-2014-9705, CVE-2015-0273, CVE-2015-2301\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.3\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.7\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.17\n https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.29\n", "sources": [ { "db": "NVD", "id": "CVE-2015-2301" }, { "db": "JVNDB", "id": "JVNDB-2015-002002" }, { "db": "BID", "id": "73037" }, { "db": "VULHUB", "id": "VHN-80262" }, { "db": "VULMON", "id": "CVE-2015-2301" }, { "db": "PACKETSTORM", "id": "131577" }, { "db": "PACKETSTORM", "id": "133803" }, { "db": "PACKETSTORM", "id": "132263" }, { "db": "PACKETSTORM", "id": "137539" }, { "db": "PACKETSTORM", "id": "131081" }, { "db": "PACKETSTORM", "id": "130885" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-2301", "trust": 3.5 }, { "db": "BID", "id": "73037", "trust": 2.1 }, { "db": "SECTRACK", "id": "1031949", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2015/03/15/6", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU97220341", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-002002", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201503-624", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "130940", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-80262", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-2301", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131577", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132263", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137539", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131081", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130885", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-80262" }, { "db": "VULMON", "id": "CVE-2015-2301" }, { "db": "BID", "id": "73037" }, { "db": "JVNDB", "id": "JVNDB-2015-002002" }, { "db": "PACKETSTORM", "id": "131577" }, { "db": "PACKETSTORM", "id": "133803" }, { "db": "PACKETSTORM", "id": "132263" }, { "db": "PACKETSTORM", "id": "137539" }, { "db": "PACKETSTORM", "id": "131081" }, { "db": "PACKETSTORM", "id": "130885" }, { "db": "CNNVD", "id": "CNNVD-201503-624" }, { "db": "NVD", "id": "CVE-2015-2301" } ] }, "id": "VAR-201503-0206", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-80262" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:31:57.226000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html" }, { "title": "HT205267", "trust": 0.8, "url": "https://support.apple.com/en-us/ht205267" }, { "title": "HT205267", "trust": 0.8, "url": "http://support.apple.com/ja-jp/ht205267" }, { "title": "Sec Bug #68901", "trust": 0.8, "url": "https://bugs.php.net/bug.php?id=68901" }, { "title": "Fixed bug #68901 (use after free)", "trust": 0.8, "url": "http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b" }, { "title": "Bug 1194747", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194747" }, { "title": "PHP 5 ChangeLog", "trust": 0.8, "url": "http://php.net/changelog-5.php" }, { "title": "php-src-php-5.6.6", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54699" }, { "title": "php-src-php-5.6.6", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54698" }, { "title": "php-src-php-5.5.22", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54697" }, { "title": "php-src-php-5.5.22", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54696" }, { "title": "php-src-php-5.4.38", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54695" }, { "title": "php-src-php-5.4.38", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54694" }, { "title": "Ubuntu Security Notice: php5 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2535-1" }, { "title": "Red Hat: CVE-2015-2301", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-2301" }, { "title": "Debian Security Advisories: DSA-3198-1 php5 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c4d31fb1a942bdc1ee4d9ee7c751940" }, { "title": "Debian CVElist Bug Report Logs: php5: CVE-2015-2331", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ba7729d0dba9bfe30fe987c59a0c7f95" }, { "title": "Amazon Linux AMI: ALAS-2015-509", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-509" }, { "title": "Apple: OS X El Capitan v10.11", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-2301" }, { "db": "JVNDB", "id": "JVNDB-2015-002002" }, { "db": "CNNVD", "id": "CNNVD-201503-624" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002002" }, { "db": "NVD", "id": "CVE-2015-2301" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "trust": 2.1, "url": "https://bugs.php.net/bug.php?id=68901" }, { "trust": 2.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/73037" }, { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201606-10" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2535-1" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html" }, { "trust": 1.8, "url": "http://php.net/changelog-5.php" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194747" }, { "trust": 1.8, "url": "https://support.apple.com/ht205267" }, { "trust": 1.8, "url": "http://www.debian.org/security/2015/dsa-3198" }, { "trust": 1.8, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:079" }, { "trust": 1.8, "url": "http://openwall.com/lists/oss-security/2015/03/15/6" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2015-1053.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1031949" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2301" }, { "trust": 1.0, "url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=b2cf3f064b8f5efef89bb084521b61318c71781b" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97220341/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2301" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.4, "url": "http://php.net/changelog-5.php#5.5.22" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2331" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.3, "url": "http://php.net/changelog-5.php#5.6.6" }, { "trust": 0.3, "url": "http://www.php.net/" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/apr/151" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/aug/135" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04686230" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2331" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1351" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0231" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1352" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143748090628601\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144050155601375\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143403519711434\u0026amp;w=2" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2535-1/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-2301" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41307" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2305" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3330" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9709" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2783" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8080" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8090" }, { "trust": 0.1, "url": "https://support.apple.com/en-" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3951" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8147" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht205265." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8611" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2532" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://www.tencent.com)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://software.hp.com" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2535-1/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9705" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2501-1/" }, { "trust": 0.1, "url": "http://php.net/changelog-5.php#5.5.23" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204676" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0273" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.17" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8117" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.29" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.7" } ], "sources": [ { "db": "VULHUB", "id": "VHN-80262" }, { "db": "VULMON", "id": "CVE-2015-2301" }, { "db": "BID", "id": "73037" }, { "db": "JVNDB", "id": "JVNDB-2015-002002" }, { "db": "PACKETSTORM", "id": "131577" }, { "db": "PACKETSTORM", "id": "133803" }, { "db": "PACKETSTORM", "id": "132263" }, { "db": "PACKETSTORM", "id": "137539" }, { "db": "PACKETSTORM", "id": "131081" }, { "db": "PACKETSTORM", "id": "130885" }, { "db": "CNNVD", "id": "CNNVD-201503-624" }, { "db": "NVD", "id": "CVE-2015-2301" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-80262" }, { "db": "VULMON", "id": "CVE-2015-2301" }, { "db": "BID", "id": "73037" }, { "db": "JVNDB", "id": "JVNDB-2015-002002" }, { "db": "PACKETSTORM", "id": "131577" }, { "db": "PACKETSTORM", "id": "133803" }, { "db": "PACKETSTORM", "id": "132263" }, { "db": "PACKETSTORM", "id": "137539" }, { "db": "PACKETSTORM", "id": "131081" }, { "db": "PACKETSTORM", "id": "130885" }, { "db": "CNNVD", "id": "CNNVD-201503-624" }, { "db": "NVD", "id": "CVE-2015-2301" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-03-30T00:00:00", "db": "VULHUB", "id": "VHN-80262" }, { "date": "2015-03-30T00:00:00", "db": "VULMON", "id": "CVE-2015-2301" }, { "date": "2015-02-20T00:00:00", "db": "BID", "id": "73037" }, { "date": "2015-04-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002002" }, { "date": "2015-04-22T20:14:00", "db": "PACKETSTORM", "id": "131577" }, { "date": "2015-10-01T16:33:47", "db": "PACKETSTORM", "id": "133803" }, { "date": "2015-06-11T23:41:13", "db": "PACKETSTORM", "id": "132263" }, { "date": "2016-06-19T15:55:00", "db": "PACKETSTORM", "id": "137539" }, { "date": "2015-03-30T21:16:25", "db": "PACKETSTORM", "id": "131081" }, { "date": "2015-03-19T00:38:57", "db": "PACKETSTORM", "id": "130885" }, { "date": "2015-03-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201503-624" }, { "date": "2015-03-30T10:59:10.630000", "db": "NVD", "id": "CVE-2015-2301" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-80262" }, { "date": "2019-10-09T00:00:00", "db": "VULMON", "id": "CVE-2015-2301" }, { "date": "2016-07-05T21:28:00", "db": "BID", "id": "73037" }, { "date": "2015-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002002" }, { "date": "2022-08-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201503-624" }, { "date": "2023-11-07T02:25:12.740000", "db": "NVD", "id": "CVE-2015-2301" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "131081" }, { "db": "PACKETSTORM", "id": "130885" }, { "db": "CNNVD", "id": "CNNVD-201503-624" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "PHP of phar_object.c of phar_rename_archive Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002002" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201503-624" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.