var-201506-0117
Vulnerability from variot

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. PHP is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to obtain sensitive information or crash the application resulting in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. ========================================================================== Ubuntu Security Notice USN-2572-1 April 20, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)

It was discovered that PHP incorrectly handled unserializing PHAR files. (CVE-2015-2787)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.4 php5-cgi 5.5.12+dfsg-2ubuntu4.4 php5-cli 5.5.12+dfsg-2ubuntu4.4 php5-fpm 5.5.12+dfsg-2ubuntu4.4

Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 php5-cgi 5.5.9+dfsg-1ubuntu4.9 php5-cli 5.5.9+dfsg-1ubuntu4.9 php5-fpm 5.5.9+dfsg-1ubuntu4.9

Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.18 php5-cgi 5.3.10-1ubuntu3.18 php5-cli 5.3.10-1ubuntu3.18 php5-fpm 5.3.10-1ubuntu3.18

Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.30 php5-cgi 5.3.2-1ubuntu4.30 php5-cli 5.3.2-1ubuntu4.30

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: php security update Advisory ID: RHSA-2015:1218-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1218.html Issue date: 2015-07-09 CVE Names: CVE-2014-9425 CVE-2014-9705 CVE-2014-9709 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 =====================================================================

  1. Summary:

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash. (CVE-2014-9425)

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1177734 - CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy() 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion

  1. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-bcmath-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

x86_64: php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm

ppc64: php-5.3.3-46.el6_6.ppc64.rpm php-cli-5.3.3-46.el6_6.ppc64.rpm php-common-5.3.3-46.el6_6.ppc64.rpm php-debuginfo-5.3.3-46.el6_6.ppc64.rpm php-gd-5.3.3-46.el6_6.ppc64.rpm php-ldap-5.3.3-46.el6_6.ppc64.rpm php-mysql-5.3.3-46.el6_6.ppc64.rpm php-odbc-5.3.3-46.el6_6.ppc64.rpm php-pdo-5.3.3-46.el6_6.ppc64.rpm php-pgsql-5.3.3-46.el6_6.ppc64.rpm php-soap-5.3.3-46.el6_6.ppc64.rpm php-xml-5.3.3-46.el6_6.ppc64.rpm php-xmlrpc-5.3.3-46.el6_6.ppc64.rpm

s390x: php-5.3.3-46.el6_6.s390x.rpm php-cli-5.3.3-46.el6_6.s390x.rpm php-common-5.3.3-46.el6_6.s390x.rpm php-debuginfo-5.3.3-46.el6_6.s390x.rpm php-gd-5.3.3-46.el6_6.s390x.rpm php-ldap-5.3.3-46.el6_6.s390x.rpm php-mysql-5.3.3-46.el6_6.s390x.rpm php-odbc-5.3.3-46.el6_6.s390x.rpm php-pdo-5.3.3-46.el6_6.s390x.rpm php-pgsql-5.3.3-46.el6_6.s390x.rpm php-soap-5.3.3-46.el6_6.s390x.rpm php-xml-5.3.3-46.el6_6.s390x.rpm php-xmlrpc-5.3.3-46.el6_6.s390x.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: php-bcmath-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

ppc64: php-bcmath-5.3.3-46.el6_6.ppc64.rpm php-dba-5.3.3-46.el6_6.ppc64.rpm php-debuginfo-5.3.3-46.el6_6.ppc64.rpm php-devel-5.3.3-46.el6_6.ppc64.rpm php-embedded-5.3.3-46.el6_6.ppc64.rpm php-enchant-5.3.3-46.el6_6.ppc64.rpm php-fpm-5.3.3-46.el6_6.ppc64.rpm php-imap-5.3.3-46.el6_6.ppc64.rpm php-intl-5.3.3-46.el6_6.ppc64.rpm php-mbstring-5.3.3-46.el6_6.ppc64.rpm php-process-5.3.3-46.el6_6.ppc64.rpm php-pspell-5.3.3-46.el6_6.ppc64.rpm php-recode-5.3.3-46.el6_6.ppc64.rpm php-snmp-5.3.3-46.el6_6.ppc64.rpm php-tidy-5.3.3-46.el6_6.ppc64.rpm php-zts-5.3.3-46.el6_6.ppc64.rpm

s390x: php-bcmath-5.3.3-46.el6_6.s390x.rpm php-dba-5.3.3-46.el6_6.s390x.rpm php-debuginfo-5.3.3-46.el6_6.s390x.rpm php-devel-5.3.3-46.el6_6.s390x.rpm php-embedded-5.3.3-46.el6_6.s390x.rpm php-enchant-5.3.3-46.el6_6.s390x.rpm php-fpm-5.3.3-46.el6_6.s390x.rpm php-imap-5.3.3-46.el6_6.s390x.rpm php-intl-5.3.3-46.el6_6.s390x.rpm php-mbstring-5.3.3-46.el6_6.s390x.rpm php-process-5.3.3-46.el6_6.s390x.rpm php-pspell-5.3.3-46.el6_6.s390x.rpm php-recode-5.3.3-46.el6_6.s390x.rpm php-snmp-5.3.3-46.el6_6.s390x.rpm php-tidy-5.3.3-46.el6_6.s390x.rpm php-zts-5.3.3-46.el6_6.s390x.rpm

x86_64: php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: php-5.3.3-46.el6_6.src.rpm

i386: php-5.3.3-46.el6_6.i686.rpm php-cli-5.3.3-46.el6_6.i686.rpm php-common-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-gd-5.3.3-46.el6_6.i686.rpm php-ldap-5.3.3-46.el6_6.i686.rpm php-mysql-5.3.3-46.el6_6.i686.rpm php-odbc-5.3.3-46.el6_6.i686.rpm php-pdo-5.3.3-46.el6_6.i686.rpm php-pgsql-5.3.3-46.el6_6.i686.rpm php-soap-5.3.3-46.el6_6.i686.rpm php-xml-5.3.3-46.el6_6.i686.rpm php-xmlrpc-5.3.3-46.el6_6.i686.rpm

x86_64: php-5.3.3-46.el6_6.x86_64.rpm php-cli-5.3.3-46.el6_6.x86_64.rpm php-common-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-gd-5.3.3-46.el6_6.x86_64.rpm php-ldap-5.3.3-46.el6_6.x86_64.rpm php-mysql-5.3.3-46.el6_6.x86_64.rpm php-odbc-5.3.3-46.el6_6.x86_64.rpm php-pdo-5.3.3-46.el6_6.x86_64.rpm php-pgsql-5.3.3-46.el6_6.x86_64.rpm php-soap-5.3.3-46.el6_6.x86_64.rpm php-xml-5.3.3-46.el6_6.x86_64.rpm php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: php-bcmath-5.3.3-46.el6_6.i686.rpm php-dba-5.3.3-46.el6_6.i686.rpm php-debuginfo-5.3.3-46.el6_6.i686.rpm php-devel-5.3.3-46.el6_6.i686.rpm php-embedded-5.3.3-46.el6_6.i686.rpm php-enchant-5.3.3-46.el6_6.i686.rpm php-fpm-5.3.3-46.el6_6.i686.rpm php-imap-5.3.3-46.el6_6.i686.rpm php-intl-5.3.3-46.el6_6.i686.rpm php-mbstring-5.3.3-46.el6_6.i686.rpm php-process-5.3.3-46.el6_6.i686.rpm php-pspell-5.3.3-46.el6_6.i686.rpm php-recode-5.3.3-46.el6_6.i686.rpm php-snmp-5.3.3-46.el6_6.i686.rpm php-tidy-5.3.3-46.el6_6.i686.rpm php-zts-5.3.3-46.el6_6.i686.rpm

x86_64: php-bcmath-5.3.3-46.el6_6.x86_64.rpm php-dba-5.3.3-46.el6_6.x86_64.rpm php-debuginfo-5.3.3-46.el6_6.x86_64.rpm php-devel-5.3.3-46.el6_6.x86_64.rpm php-embedded-5.3.3-46.el6_6.x86_64.rpm php-enchant-5.3.3-46.el6_6.x86_64.rpm php-fpm-5.3.3-46.el6_6.x86_64.rpm php-imap-5.3.3-46.el6_6.x86_64.rpm php-intl-5.3.3-46.el6_6.x86_64.rpm php-mbstring-5.3.3-46.el6_6.x86_64.rpm php-process-5.3.3-46.el6_6.x86_64.rpm php-pspell-5.3.3-46.el6_6.x86_64.rpm php-recode-5.3.3-46.el6_6.x86_64.rpm php-snmp-5.3.3-46.el6_6.x86_64.rpm php-tidy-5.3.3-46.el6_6.x86_64.rpm php-zts-5.3.3-46.el6_6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-9425 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVnsPKXlSAg2UNWIIRAtXEAKC6gknTJ+I/czViSyE71AjUZ1pWSQCgo6ip /jsvmaEr/ag17pZ7M9fXiz4= =vWCv -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. Please note that this package build also moves the configuration files from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: 2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz

Slackware 14.1 package: 9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz

Slackware -current package: 30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz

Slackware x86_64 -current package: 1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg php-5.4.40-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10


                                       https://security.gentoo.org/

Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10


Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.5 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"

All PHP 5.6 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"

References

[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

.

Buffer Overflow when parsing tar/zip/phar in phar_set_inode (CVE-2015-3329).

Potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330).

PHP has been updated to version 5.5.24, which fixes these issues and other bugs.

Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 http://advisories.mageia.org/MGASA-2015-0169.html


Updated Packages:

Mandriva Business Server 1/X86_64: fb5b4628263a821fb3e4075a5fb4e5b4 mbs1/x86_64/apache-mod_php-5.5.24-1.mbs1.x86_64.rpm 3c7f76ada5ccad65c212ee350fdffe87 mbs1/x86_64/lib64php5_common5-5.5.24-1.mbs1.x86_64.rpm 5400e21c3eaecc346e1eb8c712e9478f mbs1/x86_64/php-apc-3.1.15-1.18.mbs1.x86_64.rpm 90ae23234441a8de169207ff7f045684 mbs1/x86_64/php-apc-admin-3.1.15-1.18.mbs1.x86_64.rpm a39b53bcacc941035d830ce1052540b3 mbs1/x86_64/php-bcmath-5.5.24-1.mbs1.x86_64.rpm ada97c19882cf313e4d7ebba0909f6d8 mbs1/x86_64/php-bz2-5.5.24-1.mbs1.x86_64.rpm c6e5c880827c6bc76dfb1c15460637b4 mbs1/x86_64/php-calendar-5.5.24-1.mbs1.x86_64.rpm 6535a7223184cec5ac17edb9e1d31388 mbs1/x86_64/php-cgi-5.5.24-1.mbs1.x86_64.rpm 16aa52d7dd47cc27cb5d7aec420944eb mbs1/x86_64/php-cli-5.5.24-1.mbs1.x86_64.rpm 7983f9d1bf3039b5efdb0ed70329cccd mbs1/x86_64/php-ctype-5.5.24-1.mbs1.x86_64.rpm 3cbc805a1610b54d191e2e3ca99c3ae4 mbs1/x86_64/php-curl-5.5.24-1.mbs1.x86_64.rpm f53dd6f08013c00ae1c95df14671624e mbs1/x86_64/php-dba-5.5.24-1.mbs1.x86_64.rpm e2a5d632a8581e27a366191c9fd86424 mbs1/x86_64/php-devel-5.5.24-1.mbs1.x86_64.rpm 37bb13541a04b935c93600dc63e98047 mbs1/x86_64/php-doc-5.5.24-1.mbs1.noarch.rpm fad46645f9afb86eedf094cbe82eaebe mbs1/x86_64/php-dom-5.5.24-1.mbs1.x86_64.rpm 22141396e7bccb2aac8a2e7c0d0f02aa mbs1/x86_64/php-enchant-5.5.24-1.mbs1.x86_64.rpm e3f7bc72aad9e3fb7b9f25f64d9ca95c mbs1/x86_64/php-exif-5.5.24-1.mbs1.x86_64.rpm 53a76b203f90a9008eb35cdf93aac246 mbs1/x86_64/php-fileinfo-5.5.24-1.mbs1.x86_64.rpm 7cb8c9592f48413f3783f49947563a8f mbs1/x86_64/php-filter-5.5.24-1.mbs1.x86_64.rpm 3d34478d09bbf6848c8c2eaea0156feb mbs1/x86_64/php-fpm-5.5.24-1.mbs1.x86_64.rpm fc47e9e9b740e94e5210854b7872af8f mbs1/x86_64/php-ftp-5.5.24-1.mbs1.x86_64.rpm e22e5cf59f7d0c361b41e220fd0ebbde mbs1/x86_64/php-gd-5.5.24-1.mbs1.x86_64.rpm cd5fef5777b58e0562ddeb3ca4b4e1dd mbs1/x86_64/php-gettext-5.5.24-1.mbs1.x86_64.rpm aba136588f2c77f2cca4bcc300e7f0b5 mbs1/x86_64/php-gmp-5.5.24-1.mbs1.x86_64.rpm 8752b1e4f863b2cdadf08cfdcaf462f7 mbs1/x86_64/php-hash-5.5.24-1.mbs1.x86_64.rpm 36bef8c7e03cdffd66a4553266e1a13d mbs1/x86_64/php-iconv-5.5.24-1.mbs1.x86_64.rpm 0b405f5f49d174745a4135e033fbe234 mbs1/x86_64/php-imap-5.5.24-1.mbs1.x86_64.rpm fc25a10fb623016b5e95595aa114274a mbs1/x86_64/php-ini-5.5.24-1.mbs1.x86_64.rpm c4435a44b199cd4fadca0cac247aca06 mbs1/x86_64/php-intl-5.5.24-1.mbs1.x86_64.rpm ec611fd14d6b502990fe0a3ab243211a mbs1/x86_64/php-json-5.5.24-1.mbs1.x86_64.rpm 519c8ae2df9aeca23d15953470c3a485 mbs1/x86_64/php-ldap-5.5.24-1.mbs1.x86_64.rpm f52168266f3d1df5a333f2acb83c7739 mbs1/x86_64/php-mbstring-5.5.24-1.mbs1.x86_64.rpm 8fed199f0b2be5b2d1780bed11c5c5d6 mbs1/x86_64/php-mcrypt-5.5.24-1.mbs1.x86_64.rpm e5d5276bcfaa7d951b4b543e76949a2f mbs1/x86_64/php-mssql-5.5.24-1.mbs1.x86_64.rpm 0a34a8334cd8a3e4d7867a962df62f15 mbs1/x86_64/php-mysql-5.5.24-1.mbs1.x86_64.rpm 3fd0dcc4cb8c4ef136c68e243788aa85 mbs1/x86_64/php-mysqli-5.5.24-1.mbs1.x86_64.rpm d9db3dd5963888f69b11cdaa1d1c97e4 mbs1/x86_64/php-mysqlnd-5.5.24-1.mbs1.x86_64.rpm f27cbd0c9f968bfa7d6f10d8040a1f4f mbs1/x86_64/php-odbc-5.5.24-1.mbs1.x86_64.rpm db18ba83bd3e8f82f189c4e93799de9a mbs1/x86_64/php-opcache-5.5.24-1.mbs1.x86_64.rpm 7e02eaad2751f993fcd7af5a649b4707 mbs1/x86_64/php-openssl-5.5.24-1.mbs1.x86_64.rpm be43bdb8b4c0ea65901bb7ab4a12e1be mbs1/x86_64/php-pcntl-5.5.24-1.mbs1.x86_64.rpm 57ba222e0921de0efcad052a1ed359cc mbs1/x86_64/php-pdo-5.5.24-1.mbs1.x86_64.rpm 3ba50d22dead03f756136363e1e2ce27 mbs1/x86_64/php-pdo_dblib-5.5.24-1.mbs1.x86_64.rpm fe6858486fc7a42f7099f103fec8e0c9 mbs1/x86_64/php-pdo_mysql-5.5.24-1.mbs1.x86_64.rpm 407570e83b281be3515970aa6e24a773 mbs1/x86_64/php-pdo_odbc-5.5.24-1.mbs1.x86_64.rpm e5c66883133694a146b0f4840749a7d7 mbs1/x86_64/php-pdo_pgsql-5.5.24-1.mbs1.x86_64.rpm d41508abccb63d3b0c0d44a82596f1d6 mbs1/x86_64/php-pdo_sqlite-5.5.24-1.mbs1.x86_64.rpm 3f7dd514cca5b5259854043194099c4c mbs1/x86_64/php-pgsql-5.5.24-1.mbs1.x86_64.rpm 1b6b8a0d2e033b35697757a49329d51e mbs1/x86_64/php-phar-5.5.24-1.mbs1.x86_64.rpm 30e86f3079cd49241d680f46542b16b8 mbs1/x86_64/php-posix-5.5.24-1.mbs1.x86_64.rpm b065951f2e32008908857708ae2f1539 mbs1/x86_64/php-readline-5.5.24-1.mbs1.x86_64.rpm 13886e31952529313c505acbc7ebbbc6 mbs1/x86_64/php-recode-5.5.24-1.mbs1.x86_64.rpm 95ca2a29237d6f3e6f852431626be072 mbs1/x86_64/php-session-5.5.24-1.mbs1.x86_64.rpm f5f33541bc2a3b3f0b456989e20aa45c mbs1/x86_64/php-shmop-5.5.24-1.mbs1.x86_64.rpm c5414a148aa0e25b03b9faf79c50693a mbs1/x86_64/php-snmp-5.5.24-1.mbs1.x86_64.rpm d02afd660db7544b09328445c2f99ec6 mbs1/x86_64/php-soap-5.5.24-1.mbs1.x86_64.rpm 239a1c675cf3a4f853cc94cfc188e60e mbs1/x86_64/php-sockets-5.5.24-1.mbs1.x86_64.rpm 04e689ed1f9163a149f3448cfe4bd218 mbs1/x86_64/php-sqlite3-5.5.24-1.mbs1.x86_64.rpm a39905d2eae282b1d06db94afbf51255 mbs1/x86_64/php-sybase_ct-5.5.24-1.mbs1.x86_64.rpm a7fd332d4fea37c9f3335a0d8921f228 mbs1/x86_64/php-sysvmsg-5.5.24-1.mbs1.x86_64.rpm b9fdd882caee7f469d3c285082e8f717 mbs1/x86_64/php-sysvsem-5.5.24-1.mbs1.x86_64.rpm 79ede61a89fae9e6fab33f1a99b3ded7 mbs1/x86_64/php-sysvshm-5.5.24-1.mbs1.x86_64.rpm 5f0b1072e400ccc886979e7647c160f2 mbs1/x86_64/php-tidy-5.5.24-1.mbs1.x86_64.rpm 1df6d933d3f5c14bb334b8e49df50901 mbs1/x86_64/php-timezonedb-2015.4-1.mbs1.x86_64.rpm e03d364e8d94dc5e509f89ad06b1ceec mbs1/x86_64/php-tokenizer-5.5.24-1.mbs1.x86_64.rpm 4eb33980b578bc3f7c8436993e401a6b mbs1/x86_64/php-wddx-5.5.24-1.mbs1.x86_64.rpm cfb0b798a98736cebe6d2854610e5c88 mbs1/x86_64/php-xml-5.5.24-1.mbs1.x86_64.rpm 2d05b6ecae1866827a732b19bdea2682 mbs1/x86_64/php-xmlreader-5.5.24-1.mbs1.x86_64.rpm bab20d281d211f8202d881723f0091f1 mbs1/x86_64/php-xmlrpc-5.5.24-1.mbs1.x86_64.rpm d213f4b86b0532049556a37958d12570 mbs1/x86_64/php-xmlwriter-5.5.24-1.mbs1.x86_64.rpm a43e88b8cb0cf9a46d63f318d63853c7 mbs1/x86_64/php-xsl-5.5.24-1.mbs1.x86_64.rpm 3150b97e91d4363c5b79b6e67cf4febe mbs1/x86_64/php-zip-5.5.24-1.mbs1.x86_64.rpm 962d3621008091b8186481e521296d29 mbs1/x86_64/php-zlib-5.5.24-1.mbs1.x86_64.rpm 52139e1dbd986bf5b685ee0f92e67da2 mbs1/SRPMS/php-5.5.24-1.mbs1.src.rpm 854f5600d70006910d80643b638289d4 mbs1/SRPMS/php-apc-3.1.15-1.18.mbs1.src.rpm 77e0fad280231397615e51f099b33f1c mbs1/SRPMS/php-timezonedb-2015.4-1.mbs1.src.rpm

Mandriva Business Server 2/X86_64: 2a2dcd3f73583e81c1d4ca142814ed6a mbs2/x86_64/apache-mod_php-5.5.24-1.mbs2.x86_64.rpm a7964f16c85b0772835366fa821f7dd1 mbs2/x86_64/lib64php5_common5-5.5.24-1.mbs2.x86_64.rpm 624d6512573e4ccc202f9ea08433727e mbs2/x86_64/php-bcmath-5.5.24-1.mbs2.x86_64.rpm dd817015c54820a9fc967da7db4b1461 mbs2/x86_64/php-bz2-5.5.24-1.mbs2.x86_64.rpm 1c022b50d3f12d3e8e358fca3afe6f0f mbs2/x86_64/php-calendar-5.5.24-1.mbs2.x86_64.rpm 52159b3e747e424b1fe40944f404b45d mbs2/x86_64/php-cgi-5.5.24-1.mbs2.x86_64.rpm 5ac82cf4acc95e8d8a80537173a1dc98 mbs2/x86_64/php-cli-5.5.24-1.mbs2.x86_64.rpm e7271551aa14e6931b0ba22ee33d3712 mbs2/x86_64/php-ctype-5.5.24-1.mbs2.x86_64.rpm 7293fa4917183914c356cc2376a5e1ab mbs2/x86_64/php-curl-5.5.24-1.mbs2.x86_64.rpm 258058f8e1cda5be8a9444964a553691 mbs2/x86_64/php-dba-5.5.24-1.mbs2.x86_64.rpm c0a6fa757e9ffda700f65a93442564d4 mbs2/x86_64/php-devel-5.5.24-1.mbs2.x86_64.rpm c06bc210915a004b2b9fcd084f853e20 mbs2/x86_64/php-doc-5.5.24-1.mbs2.noarch.rpm 049a5952ec9f5af423d4ecc78ff80f60 mbs2/x86_64/php-dom-5.5.24-1.mbs2.x86_64.rpm c09f88b638281bb87aea12ef38455f36 mbs2/x86_64/php-enchant-5.5.24-1.mbs2.x86_64.rpm 54d1dc9b189dfb87de442ba2c765deef mbs2/x86_64/php-exif-5.5.24-1.mbs2.x86_64.rpm ee6d0aa018912da413a14365a41cc1a2 mbs2/x86_64/php-fileinfo-5.5.24-1.mbs2.x86_64.rpm 0f216dc10bb650bdf29c01d9905ca4f2 mbs2/x86_64/php-filter-5.5.24-1.mbs2.x86_64.rpm 4bf7b3c69724d769e10f8341c95d6004 mbs2/x86_64/php-fpm-5.5.24-1.mbs2.x86_64.rpm aeb60443860bbb7e88a0288fb3e2f6cd mbs2/x86_64/php-ftp-5.5.24-1.mbs2.x86_64.rpm 226a551699749179b94570dfa3c50986 mbs2/x86_64/php-gd-5.5.24-1.mbs2.x86_64.rpm 5e29df38df1b862e4ba3b5486cdbcc47 mbs2/x86_64/php-gettext-5.5.24-1.mbs2.x86_64.rpm ead9effbca236c6c2902955935c28225 mbs2/x86_64/php-gmp-5.5.24-1.mbs2.x86_64.rpm c8f01d16bb8cbbd1d891c68c54d2dd16 mbs2/x86_64/php-hash-5.5.24-1.mbs2.x86_64.rpm c1c7332cf8dc2c0d21cb57bf4d7f81dd mbs2/x86_64/php-iconv-5.5.24-1.mbs2.x86_64.rpm 7f86a963f8cf5e6351acd1fdf995b7a1 mbs2/x86_64/php-imap-5.5.24-1.mbs2.x86_64.rpm 215c060793b574a36c28131dca9bf9c7 mbs2/x86_64/php-ini-5.5.24-1.mbs2.x86_64.rpm 7f07f161b4e1885aa807d3753d948e10 mbs2/x86_64/php-interbase-5.5.24-1.mbs2.x86_64.rpm 8171c9830749db254898f80f8ecbdd04 mbs2/x86_64/php-intl-5.5.24-1.mbs2.x86_64.rpm 1fa26b49fa8e0b776d484b4fcc0d4bf3 mbs2/x86_64/php-json-5.5.24-1.mbs2.x86_64.rpm 29051ac44b6e2068a71c026e9d458536 mbs2/x86_64/php-ldap-5.5.24-1.mbs2.x86_64.rpm 3d97347fe4b9589ae80b7fd16c281dcd mbs2/x86_64/php-mbstring-5.5.24-1.mbs2.x86_64.rpm 1a5a41400380b4bcde25d2b693e1dab0 mbs2/x86_64/php-mcrypt-5.5.24-1.mbs2.x86_64.rpm a79635ca99cd7ae80d1661373161da1f mbs2/x86_64/php-mssql-5.5.24-1.mbs2.x86_64.rpm cdc3bde549c9ae73915db8a0e0919ce5 mbs2/x86_64/php-mysql-5.5.24-1.mbs2.x86_64.rpm 7a72c1ab11020a2c52aa3a74636d5342 mbs2/x86_64/php-mysqli-5.5.24-1.mbs2.x86_64.rpm 93fb357f9dbf32887a98a5409b3b8a16 mbs2/x86_64/php-mysqlnd-5.5.24-1.mbs2.x86_64.rpm caf79717e1ca56ec3e53fdaa25e734aa mbs2/x86_64/php-odbc-5.5.24-1.mbs2.x86_64.rpm eb293f64d2bd635c70d36274275e60bb mbs2/x86_64/php-opcache-5.5.24-1.mbs2.x86_64.rpm 91847d268cb8a62eb0e89fc95a9c51e6 mbs2/x86_64/php-openssl-5.5.24-1.mbs2.x86_64.rpm 35e065d8684684e3e304bafbb309c895 mbs2/x86_64/php-pcntl-5.5.24-1.mbs2.x86_64.rpm d65e05e7edf7480ed362783dc75609be mbs2/x86_64/php-pdo-5.5.24-1.mbs2.x86_64.rpm 8657b2e1171497ff9ae5864ecccfeb23 mbs2/x86_64/php-pdo_dblib-5.5.24-1.mbs2.x86_64.rpm 19c9414ced1e0806b77347f9427d6653 mbs2/x86_64/php-pdo_firebird-5.5.24-1.mbs2.x86_64.rpm 28b09335667ac3993f1aca5da234df8a mbs2/x86_64/php-pdo_mysql-5.5.24-1.mbs2.x86_64.rpm b928f58777cfbd848985606bd680bf8f mbs2/x86_64/php-pdo_odbc-5.5.24-1.mbs2.x86_64.rpm ba6bf3afe9d497b9f1d99cb467b13ca5 mbs2/x86_64/php-pdo_pgsql-5.5.24-1.mbs2.x86_64.rpm 21823497094c28ce7bf74f052122fe99 mbs2/x86_64/php-pdo_sqlite-5.5.24-1.mbs2.x86_64.rpm 4a6a259c16ca5bad2b466f29acad4985 mbs2/x86_64/php-pgsql-5.5.24-1.mbs2.x86_64.rpm 7c9c9f9555a74f3257c6e8f16222d21f mbs2/x86_64/php-phar-5.5.24-1.mbs2.x86_64.rpm db4254db501a4fca54fa367b20f068f4 mbs2/x86_64/php-posix-5.5.24-1.mbs2.x86_64.rpm 10fb26df5f5a5d3b1988c40678b56fb6 mbs2/x86_64/php-readline-5.5.24-1.mbs2.x86_64.rpm c20ddec24b84440146734feb639b0f00 mbs2/x86_64/php-recode-5.5.24-1.mbs2.x86_64.rpm 68a49598e99391f37342a3d23a1414e7 mbs2/x86_64/php-session-5.5.24-1.mbs2.x86_64.rpm a26563d738120cba5f81ddda143ca55f mbs2/x86_64/php-shmop-5.5.24-1.mbs2.x86_64.rpm d69120a1ed4aeb3fe229cc83120d8c78 mbs2/x86_64/php-snmp-5.5.24-1.mbs2.x86_64.rpm 4596e3f325f70a29bf12d76793984b20 mbs2/x86_64/php-soap-5.5.24-1.mbs2.x86_64.rpm 7deda5cc9443b117fad82352943353ff mbs2/x86_64/php-sockets-5.5.24-1.mbs2.x86_64.rpm bc3f0ad45bb5bf488c73a5933a70d2c0 mbs2/x86_64/php-sqlite3-5.5.24-1.mbs2.x86_64.rpm 295fa388d26e62dcb0faf23c6e690ffa mbs2/x86_64/php-sybase_ct-5.5.24-1.mbs2.x86_64.rpm 88367608d60aac24ca0b0d0d92187b0e mbs2/x86_64/php-sysvmsg-5.5.24-1.mbs2.x86_64.rpm 36eac7d0e9a1f148e8954912db56dc13 mbs2/x86_64/php-sysvsem-5.5.24-1.mbs2.x86_64.rpm 74e6909f0c7a516bd99625c649bed33c mbs2/x86_64/php-sysvshm-5.5.24-1.mbs2.x86_64.rpm 9142ae8fb4665580503bc0520d3aaf89 mbs2/x86_64/php-tidy-5.5.24-1.mbs2.x86_64.rpm 4ee29061197f48af9c987d31abdec823 mbs2/x86_64/php-timezonedb-2015.4-1.mbs2.x86_64.rpm eafea4beda5144dd3adac0afce3f2258 mbs2/x86_64/php-tokenizer-5.5.24-1.mbs2.x86_64.rpm 505c78284f22f95d8a574c13ea043bc4 mbs2/x86_64/php-wddx-5.5.24-1.mbs2.x86_64.rpm e7e4fe996d11553ebd80ad4392caae2e mbs2/x86_64/php-xml-5.5.24-1.mbs2.x86_64.rpm 7a1c383a450c6a80f95255434e5390fd mbs2/x86_64/php-xmlreader-5.5.24-1.mbs2.x86_64.rpm 2af0b36e46ba236da59a98631c664bd9 mbs2/x86_64/php-xmlrpc-5.5.24-1.mbs2.x86_64.rpm a3f77553286094ecd60e174cfdb0e6dc mbs2/x86_64/php-xmlwriter-5.5.24-1.mbs2.x86_64.rpm b3bb2d250c73f7c355394353b4c0599d mbs2/x86_64/php-xsl-5.5.24-1.mbs2.x86_64.rpm a8f9476cba7a6aaab6eee8da66fd8fea mbs2/x86_64/php-zip-5.5.24-1.mbs2.x86_64.rpm 43d4282dddd18c07b87774cf704ce5be mbs2/x86_64/php-zlib-5.5.24-1.mbs2.x86_64.rpm 8cdfdd3582b44c38d735c58aea9e45f7 mbs2/SRPMS/php-5.5.24-1.mbs2.src.rpm 09afb4a05a8a1add563f2cb348fb2b0d mbs2/SRPMS/php-timezonedb-2015.4-1.mbs2.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

CVE-2015-4024

Denial of service when processing multipart/form-data requests.

For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.41-0+deb7u1.

For the stable distribution (jessie), these problems have been fixed in version 5.6.9+dfsg-0+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 5.6.9+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in version 5.6.9+dfsg-1.

We recommend that you upgrade your php5 packages

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0117",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.14"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.20"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.19"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.13"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.6"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.9"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.12"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.18"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.21"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.3"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.5"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.3"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.39"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.23"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5 (ht205031)"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.24"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 thats all  10.11"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.x"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(ht205267)"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.6.8"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "5.5.x"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4 (ht205031)"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.4.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Emmanuel Law",
    "sources": [
      {
        "db": "BID",
        "id": "74239"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-2783",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-2783",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-80744",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-2783",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-040",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80744",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-2783",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. PHP is prone to a remote memory-corruption vulnerability. \nAttackers can exploit this  issue to obtain sensitive information or   crash the application resulting in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. ==========================================================================\nUbuntu Security Notice USN-2572-1\nApril 20, 2015\n\nphp5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. This issue only applied to\nUbuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR files. \n(CVE-2015-2787)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libapache2-mod-php5             5.5.12+dfsg-2ubuntu4.4\n  php5-cgi                        5.5.12+dfsg-2ubuntu4.4\n  php5-cli                        5.5.12+dfsg-2ubuntu4.4\n  php5-fpm                        5.5.12+dfsg-2ubuntu4.4\n\nUbuntu 14.04 LTS:\n  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.9\n  php5-cgi                        5.5.9+dfsg-1ubuntu4.9\n  php5-cli                        5.5.9+dfsg-1ubuntu4.9\n  php5-fpm                        5.5.9+dfsg-1ubuntu4.9\n\nUbuntu 12.04 LTS:\n  libapache2-mod-php5             5.3.10-1ubuntu3.18\n  php5-cgi                        5.3.10-1ubuntu3.18\n  php5-cli                        5.3.10-1ubuntu3.18\n  php5-fpm                        5.3.10-1ubuntu3.18\n\nUbuntu 10.04 LTS:\n  libapache2-mod-php5             5.3.2-1ubuntu4.30\n  php5-cgi                        5.3.2-1ubuntu4.30\n  php5-cli                        5.3.2-1ubuntu4.30\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: php security update\nAdvisory ID:       RHSA-2015:1218-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1218.html\nIssue date:        2015-07-09\nCVE Names:         CVE-2014-9425 CVE-2014-9705 CVE-2014-9709 \n                   CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 \n                   CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 \n                   CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 \n                   CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 \n                   CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 \n                   CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 \n                   CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application. \n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP\u0027s FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP\u0027s enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash. \n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1177734 - CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy()\n1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c\n1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c\n1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone\n1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()\n1194747 - CVE-2015-2301 php: use after free in phar_object.c\n1204868 - CVE-2015-4147 php: SoapClient\u0027s __call() type confusion through unserialize()\n1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re\n1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions\n1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing\n1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()\n1222485 - CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS\n1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods\n1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing\n1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character\n1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name\n1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()\n1226916 - CVE-2015-4148 php: SoapClient\u0027s do_soap_call() type confusion after unserialize()\n1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions\n1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions\n1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize\n1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\nx86_64:\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\n\nppc64:\nphp-5.3.3-46.el6_6.ppc64.rpm\nphp-cli-5.3.3-46.el6_6.ppc64.rpm\nphp-common-5.3.3-46.el6_6.ppc64.rpm\nphp-debuginfo-5.3.3-46.el6_6.ppc64.rpm\nphp-gd-5.3.3-46.el6_6.ppc64.rpm\nphp-ldap-5.3.3-46.el6_6.ppc64.rpm\nphp-mysql-5.3.3-46.el6_6.ppc64.rpm\nphp-odbc-5.3.3-46.el6_6.ppc64.rpm\nphp-pdo-5.3.3-46.el6_6.ppc64.rpm\nphp-pgsql-5.3.3-46.el6_6.ppc64.rpm\nphp-soap-5.3.3-46.el6_6.ppc64.rpm\nphp-xml-5.3.3-46.el6_6.ppc64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.ppc64.rpm\n\ns390x:\nphp-5.3.3-46.el6_6.s390x.rpm\nphp-cli-5.3.3-46.el6_6.s390x.rpm\nphp-common-5.3.3-46.el6_6.s390x.rpm\nphp-debuginfo-5.3.3-46.el6_6.s390x.rpm\nphp-gd-5.3.3-46.el6_6.s390x.rpm\nphp-ldap-5.3.3-46.el6_6.s390x.rpm\nphp-mysql-5.3.3-46.el6_6.s390x.rpm\nphp-odbc-5.3.3-46.el6_6.s390x.rpm\nphp-pdo-5.3.3-46.el6_6.s390x.rpm\nphp-pgsql-5.3.3-46.el6_6.s390x.rpm\nphp-soap-5.3.3-46.el6_6.s390x.rpm\nphp-xml-5.3.3-46.el6_6.s390x.rpm\nphp-xmlrpc-5.3.3-46.el6_6.s390x.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nppc64:\nphp-bcmath-5.3.3-46.el6_6.ppc64.rpm\nphp-dba-5.3.3-46.el6_6.ppc64.rpm\nphp-debuginfo-5.3.3-46.el6_6.ppc64.rpm\nphp-devel-5.3.3-46.el6_6.ppc64.rpm\nphp-embedded-5.3.3-46.el6_6.ppc64.rpm\nphp-enchant-5.3.3-46.el6_6.ppc64.rpm\nphp-fpm-5.3.3-46.el6_6.ppc64.rpm\nphp-imap-5.3.3-46.el6_6.ppc64.rpm\nphp-intl-5.3.3-46.el6_6.ppc64.rpm\nphp-mbstring-5.3.3-46.el6_6.ppc64.rpm\nphp-process-5.3.3-46.el6_6.ppc64.rpm\nphp-pspell-5.3.3-46.el6_6.ppc64.rpm\nphp-recode-5.3.3-46.el6_6.ppc64.rpm\nphp-snmp-5.3.3-46.el6_6.ppc64.rpm\nphp-tidy-5.3.3-46.el6_6.ppc64.rpm\nphp-zts-5.3.3-46.el6_6.ppc64.rpm\n\ns390x:\nphp-bcmath-5.3.3-46.el6_6.s390x.rpm\nphp-dba-5.3.3-46.el6_6.s390x.rpm\nphp-debuginfo-5.3.3-46.el6_6.s390x.rpm\nphp-devel-5.3.3-46.el6_6.s390x.rpm\nphp-embedded-5.3.3-46.el6_6.s390x.rpm\nphp-enchant-5.3.3-46.el6_6.s390x.rpm\nphp-fpm-5.3.3-46.el6_6.s390x.rpm\nphp-imap-5.3.3-46.el6_6.s390x.rpm\nphp-intl-5.3.3-46.el6_6.s390x.rpm\nphp-mbstring-5.3.3-46.el6_6.s390x.rpm\nphp-process-5.3.3-46.el6_6.s390x.rpm\nphp-pspell-5.3.3-46.el6_6.s390x.rpm\nphp-recode-5.3.3-46.el6_6.s390x.rpm\nphp-snmp-5.3.3-46.el6_6.s390x.rpm\nphp-tidy-5.3.3-46.el6_6.s390x.rpm\nphp-zts-5.3.3-46.el6_6.s390x.rpm\n\nx86_64:\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp-5.3.3-46.el6_6.src.rpm\n\ni386:\nphp-5.3.3-46.el6_6.i686.rpm\nphp-cli-5.3.3-46.el6_6.i686.rpm\nphp-common-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-gd-5.3.3-46.el6_6.i686.rpm\nphp-ldap-5.3.3-46.el6_6.i686.rpm\nphp-mysql-5.3.3-46.el6_6.i686.rpm\nphp-odbc-5.3.3-46.el6_6.i686.rpm\nphp-pdo-5.3.3-46.el6_6.i686.rpm\nphp-pgsql-5.3.3-46.el6_6.i686.rpm\nphp-soap-5.3.3-46.el6_6.i686.rpm\nphp-xml-5.3.3-46.el6_6.i686.rpm\nphp-xmlrpc-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-5.3.3-46.el6_6.x86_64.rpm\nphp-cli-5.3.3-46.el6_6.x86_64.rpm\nphp-common-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-gd-5.3.3-46.el6_6.x86_64.rpm\nphp-ldap-5.3.3-46.el6_6.x86_64.rpm\nphp-mysql-5.3.3-46.el6_6.x86_64.rpm\nphp-odbc-5.3.3-46.el6_6.x86_64.rpm\nphp-pdo-5.3.3-46.el6_6.x86_64.rpm\nphp-pgsql-5.3.3-46.el6_6.x86_64.rpm\nphp-soap-5.3.3-46.el6_6.x86_64.rpm\nphp-xml-5.3.3-46.el6_6.x86_64.rpm\nphp-xmlrpc-5.3.3-46.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nphp-bcmath-5.3.3-46.el6_6.i686.rpm\nphp-dba-5.3.3-46.el6_6.i686.rpm\nphp-debuginfo-5.3.3-46.el6_6.i686.rpm\nphp-devel-5.3.3-46.el6_6.i686.rpm\nphp-embedded-5.3.3-46.el6_6.i686.rpm\nphp-enchant-5.3.3-46.el6_6.i686.rpm\nphp-fpm-5.3.3-46.el6_6.i686.rpm\nphp-imap-5.3.3-46.el6_6.i686.rpm\nphp-intl-5.3.3-46.el6_6.i686.rpm\nphp-mbstring-5.3.3-46.el6_6.i686.rpm\nphp-process-5.3.3-46.el6_6.i686.rpm\nphp-pspell-5.3.3-46.el6_6.i686.rpm\nphp-recode-5.3.3-46.el6_6.i686.rpm\nphp-snmp-5.3.3-46.el6_6.i686.rpm\nphp-tidy-5.3.3-46.el6_6.i686.rpm\nphp-zts-5.3.3-46.el6_6.i686.rpm\n\nx86_64:\nphp-bcmath-5.3.3-46.el6_6.x86_64.rpm\nphp-dba-5.3.3-46.el6_6.x86_64.rpm\nphp-debuginfo-5.3.3-46.el6_6.x86_64.rpm\nphp-devel-5.3.3-46.el6_6.x86_64.rpm\nphp-embedded-5.3.3-46.el6_6.x86_64.rpm\nphp-enchant-5.3.3-46.el6_6.x86_64.rpm\nphp-fpm-5.3.3-46.el6_6.x86_64.rpm\nphp-imap-5.3.3-46.el6_6.x86_64.rpm\nphp-intl-5.3.3-46.el6_6.x86_64.rpm\nphp-mbstring-5.3.3-46.el6_6.x86_64.rpm\nphp-process-5.3.3-46.el6_6.x86_64.rpm\nphp-pspell-5.3.3-46.el6_6.x86_64.rpm\nphp-recode-5.3.3-46.el6_6.x86_64.rpm\nphp-snmp-5.3.3-46.el6_6.x86_64.rpm\nphp-tidy-5.3.3-46.el6_6.x86_64.rpm\nphp-zts-5.3.3-46.el6_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9425\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2783\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-3307\nhttps://access.redhat.com/security/cve/CVE-2015-3329\nhttps://access.redhat.com/security/cve/CVE-2015-3411\nhttps://access.redhat.com/security/cve/CVE-2015-3412\nhttps://access.redhat.com/security/cve/CVE-2015-4021\nhttps://access.redhat.com/security/cve/CVE-2015-4022\nhttps://access.redhat.com/security/cve/CVE-2015-4024\nhttps://access.redhat.com/security/cve/CVE-2015-4026\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/cve/CVE-2015-4598\nhttps://access.redhat.com/security/cve/CVE-2015-4599\nhttps://access.redhat.com/security/cve/CVE-2015-4600\nhttps://access.redhat.com/security/cve/CVE-2015-4601\nhttps://access.redhat.com/security/cve/CVE-2015-4602\nhttps://access.redhat.com/security/cve/CVE-2015-4603\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVnsPKXlSAg2UNWIIRAtXEAKC6gknTJ+I/czViSyE71AjUZ1pWSQCgo6ip\n/jsvmaEr/ag17pZ7M9fXiz4=\n=vWCv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.40-i486-1_slack14.1.txz:  Upgraded. \n  Please note that this package build also moves the configuration files\n  from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n2666059d6540b1b4385d25dfc5ebbe99  php-5.4.40-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc146f500912ba9c7e5d652e5e3643c04  php-5.4.40-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9efc8a96f9a3f3261e5f640292b1b781  php-5.4.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c95e077f314f1cfa3ee83b9aba90b91  php-5.4.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n30d14f237c71fada0d594c2360a58016  n/php-5.6.8-i486-1.txz\n\nSlackware x86_64 -current package:\n1a0fcc590aa4dff5de5f08293936d0d9  n/php-5.6.8-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.40-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PHP: Multiple vulnerabilities\n     Date: June 19, 2016\n     Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n           #552408, #555576, #555830, #556952, #559612, #562882,\n           #571254, #573892, #577376\n       ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-6501\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[  2 ] CVE-2014-9705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[  3 ] CVE-2014-9709\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[  4 ] CVE-2015-0231\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[  5 ] CVE-2015-0273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[  6 ] CVE-2015-1351\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[  7 ] CVE-2015-1352\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[  8 ] CVE-2015-2301\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[  9 ] CVE-2015-2348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n \n Buffer Overflow when parsing tar/zip/phar in phar_set_inode\n (CVE-2015-3329). \n \n Potential remote code execution with apache 2.4 apache2handler\n (CVE-2015-3330). \n \n PHP has been updated to version 5.5.24, which fixes these issues and\n other bugs. \n \n Additionally the timezonedb packages has been upgraded to the latest\n version and the PECL packages which requires so has been rebuilt\n for php-5.5.24. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\n http://advisories.mageia.org/MGASA-2015-0169.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n fb5b4628263a821fb3e4075a5fb4e5b4  mbs1/x86_64/apache-mod_php-5.5.24-1.mbs1.x86_64.rpm\n 3c7f76ada5ccad65c212ee350fdffe87  mbs1/x86_64/lib64php5_common5-5.5.24-1.mbs1.x86_64.rpm\n 5400e21c3eaecc346e1eb8c712e9478f  mbs1/x86_64/php-apc-3.1.15-1.18.mbs1.x86_64.rpm\n 90ae23234441a8de169207ff7f045684  mbs1/x86_64/php-apc-admin-3.1.15-1.18.mbs1.x86_64.rpm\n a39b53bcacc941035d830ce1052540b3  mbs1/x86_64/php-bcmath-5.5.24-1.mbs1.x86_64.rpm\n ada97c19882cf313e4d7ebba0909f6d8  mbs1/x86_64/php-bz2-5.5.24-1.mbs1.x86_64.rpm\n c6e5c880827c6bc76dfb1c15460637b4  mbs1/x86_64/php-calendar-5.5.24-1.mbs1.x86_64.rpm\n 6535a7223184cec5ac17edb9e1d31388  mbs1/x86_64/php-cgi-5.5.24-1.mbs1.x86_64.rpm\n 16aa52d7dd47cc27cb5d7aec420944eb  mbs1/x86_64/php-cli-5.5.24-1.mbs1.x86_64.rpm\n 7983f9d1bf3039b5efdb0ed70329cccd  mbs1/x86_64/php-ctype-5.5.24-1.mbs1.x86_64.rpm\n 3cbc805a1610b54d191e2e3ca99c3ae4  mbs1/x86_64/php-curl-5.5.24-1.mbs1.x86_64.rpm\n f53dd6f08013c00ae1c95df14671624e  mbs1/x86_64/php-dba-5.5.24-1.mbs1.x86_64.rpm\n e2a5d632a8581e27a366191c9fd86424  mbs1/x86_64/php-devel-5.5.24-1.mbs1.x86_64.rpm\n 37bb13541a04b935c93600dc63e98047  mbs1/x86_64/php-doc-5.5.24-1.mbs1.noarch.rpm\n fad46645f9afb86eedf094cbe82eaebe  mbs1/x86_64/php-dom-5.5.24-1.mbs1.x86_64.rpm\n 22141396e7bccb2aac8a2e7c0d0f02aa  mbs1/x86_64/php-enchant-5.5.24-1.mbs1.x86_64.rpm\n e3f7bc72aad9e3fb7b9f25f64d9ca95c  mbs1/x86_64/php-exif-5.5.24-1.mbs1.x86_64.rpm\n 53a76b203f90a9008eb35cdf93aac246  mbs1/x86_64/php-fileinfo-5.5.24-1.mbs1.x86_64.rpm\n 7cb8c9592f48413f3783f49947563a8f  mbs1/x86_64/php-filter-5.5.24-1.mbs1.x86_64.rpm\n 3d34478d09bbf6848c8c2eaea0156feb  mbs1/x86_64/php-fpm-5.5.24-1.mbs1.x86_64.rpm\n fc47e9e9b740e94e5210854b7872af8f  mbs1/x86_64/php-ftp-5.5.24-1.mbs1.x86_64.rpm\n e22e5cf59f7d0c361b41e220fd0ebbde  mbs1/x86_64/php-gd-5.5.24-1.mbs1.x86_64.rpm\n cd5fef5777b58e0562ddeb3ca4b4e1dd  mbs1/x86_64/php-gettext-5.5.24-1.mbs1.x86_64.rpm\n aba136588f2c77f2cca4bcc300e7f0b5  mbs1/x86_64/php-gmp-5.5.24-1.mbs1.x86_64.rpm\n 8752b1e4f863b2cdadf08cfdcaf462f7  mbs1/x86_64/php-hash-5.5.24-1.mbs1.x86_64.rpm\n 36bef8c7e03cdffd66a4553266e1a13d  mbs1/x86_64/php-iconv-5.5.24-1.mbs1.x86_64.rpm\n 0b405f5f49d174745a4135e033fbe234  mbs1/x86_64/php-imap-5.5.24-1.mbs1.x86_64.rpm\n fc25a10fb623016b5e95595aa114274a  mbs1/x86_64/php-ini-5.5.24-1.mbs1.x86_64.rpm\n c4435a44b199cd4fadca0cac247aca06  mbs1/x86_64/php-intl-5.5.24-1.mbs1.x86_64.rpm\n ec611fd14d6b502990fe0a3ab243211a  mbs1/x86_64/php-json-5.5.24-1.mbs1.x86_64.rpm\n 519c8ae2df9aeca23d15953470c3a485  mbs1/x86_64/php-ldap-5.5.24-1.mbs1.x86_64.rpm\n f52168266f3d1df5a333f2acb83c7739  mbs1/x86_64/php-mbstring-5.5.24-1.mbs1.x86_64.rpm\n 8fed199f0b2be5b2d1780bed11c5c5d6  mbs1/x86_64/php-mcrypt-5.5.24-1.mbs1.x86_64.rpm\n e5d5276bcfaa7d951b4b543e76949a2f  mbs1/x86_64/php-mssql-5.5.24-1.mbs1.x86_64.rpm\n 0a34a8334cd8a3e4d7867a962df62f15  mbs1/x86_64/php-mysql-5.5.24-1.mbs1.x86_64.rpm\n 3fd0dcc4cb8c4ef136c68e243788aa85  mbs1/x86_64/php-mysqli-5.5.24-1.mbs1.x86_64.rpm\n d9db3dd5963888f69b11cdaa1d1c97e4  mbs1/x86_64/php-mysqlnd-5.5.24-1.mbs1.x86_64.rpm\n f27cbd0c9f968bfa7d6f10d8040a1f4f  mbs1/x86_64/php-odbc-5.5.24-1.mbs1.x86_64.rpm\n db18ba83bd3e8f82f189c4e93799de9a  mbs1/x86_64/php-opcache-5.5.24-1.mbs1.x86_64.rpm\n 7e02eaad2751f993fcd7af5a649b4707  mbs1/x86_64/php-openssl-5.5.24-1.mbs1.x86_64.rpm\n be43bdb8b4c0ea65901bb7ab4a12e1be  mbs1/x86_64/php-pcntl-5.5.24-1.mbs1.x86_64.rpm\n 57ba222e0921de0efcad052a1ed359cc  mbs1/x86_64/php-pdo-5.5.24-1.mbs1.x86_64.rpm\n 3ba50d22dead03f756136363e1e2ce27  mbs1/x86_64/php-pdo_dblib-5.5.24-1.mbs1.x86_64.rpm\n fe6858486fc7a42f7099f103fec8e0c9  mbs1/x86_64/php-pdo_mysql-5.5.24-1.mbs1.x86_64.rpm\n 407570e83b281be3515970aa6e24a773  mbs1/x86_64/php-pdo_odbc-5.5.24-1.mbs1.x86_64.rpm\n e5c66883133694a146b0f4840749a7d7  mbs1/x86_64/php-pdo_pgsql-5.5.24-1.mbs1.x86_64.rpm\n d41508abccb63d3b0c0d44a82596f1d6  mbs1/x86_64/php-pdo_sqlite-5.5.24-1.mbs1.x86_64.rpm\n 3f7dd514cca5b5259854043194099c4c  mbs1/x86_64/php-pgsql-5.5.24-1.mbs1.x86_64.rpm\n 1b6b8a0d2e033b35697757a49329d51e  mbs1/x86_64/php-phar-5.5.24-1.mbs1.x86_64.rpm\n 30e86f3079cd49241d680f46542b16b8  mbs1/x86_64/php-posix-5.5.24-1.mbs1.x86_64.rpm\n b065951f2e32008908857708ae2f1539  mbs1/x86_64/php-readline-5.5.24-1.mbs1.x86_64.rpm\n 13886e31952529313c505acbc7ebbbc6  mbs1/x86_64/php-recode-5.5.24-1.mbs1.x86_64.rpm\n 95ca2a29237d6f3e6f852431626be072  mbs1/x86_64/php-session-5.5.24-1.mbs1.x86_64.rpm\n f5f33541bc2a3b3f0b456989e20aa45c  mbs1/x86_64/php-shmop-5.5.24-1.mbs1.x86_64.rpm\n c5414a148aa0e25b03b9faf79c50693a  mbs1/x86_64/php-snmp-5.5.24-1.mbs1.x86_64.rpm\n d02afd660db7544b09328445c2f99ec6  mbs1/x86_64/php-soap-5.5.24-1.mbs1.x86_64.rpm\n 239a1c675cf3a4f853cc94cfc188e60e  mbs1/x86_64/php-sockets-5.5.24-1.mbs1.x86_64.rpm\n 04e689ed1f9163a149f3448cfe4bd218  mbs1/x86_64/php-sqlite3-5.5.24-1.mbs1.x86_64.rpm\n a39905d2eae282b1d06db94afbf51255  mbs1/x86_64/php-sybase_ct-5.5.24-1.mbs1.x86_64.rpm\n a7fd332d4fea37c9f3335a0d8921f228  mbs1/x86_64/php-sysvmsg-5.5.24-1.mbs1.x86_64.rpm\n b9fdd882caee7f469d3c285082e8f717  mbs1/x86_64/php-sysvsem-5.5.24-1.mbs1.x86_64.rpm\n 79ede61a89fae9e6fab33f1a99b3ded7  mbs1/x86_64/php-sysvshm-5.5.24-1.mbs1.x86_64.rpm\n 5f0b1072e400ccc886979e7647c160f2  mbs1/x86_64/php-tidy-5.5.24-1.mbs1.x86_64.rpm\n 1df6d933d3f5c14bb334b8e49df50901  mbs1/x86_64/php-timezonedb-2015.4-1.mbs1.x86_64.rpm\n e03d364e8d94dc5e509f89ad06b1ceec  mbs1/x86_64/php-tokenizer-5.5.24-1.mbs1.x86_64.rpm\n 4eb33980b578bc3f7c8436993e401a6b  mbs1/x86_64/php-wddx-5.5.24-1.mbs1.x86_64.rpm\n cfb0b798a98736cebe6d2854610e5c88  mbs1/x86_64/php-xml-5.5.24-1.mbs1.x86_64.rpm\n 2d05b6ecae1866827a732b19bdea2682  mbs1/x86_64/php-xmlreader-5.5.24-1.mbs1.x86_64.rpm\n bab20d281d211f8202d881723f0091f1  mbs1/x86_64/php-xmlrpc-5.5.24-1.mbs1.x86_64.rpm\n d213f4b86b0532049556a37958d12570  mbs1/x86_64/php-xmlwriter-5.5.24-1.mbs1.x86_64.rpm\n a43e88b8cb0cf9a46d63f318d63853c7  mbs1/x86_64/php-xsl-5.5.24-1.mbs1.x86_64.rpm\n 3150b97e91d4363c5b79b6e67cf4febe  mbs1/x86_64/php-zip-5.5.24-1.mbs1.x86_64.rpm\n 962d3621008091b8186481e521296d29  mbs1/x86_64/php-zlib-5.5.24-1.mbs1.x86_64.rpm \n 52139e1dbd986bf5b685ee0f92e67da2  mbs1/SRPMS/php-5.5.24-1.mbs1.src.rpm\n 854f5600d70006910d80643b638289d4  mbs1/SRPMS/php-apc-3.1.15-1.18.mbs1.src.rpm\n 77e0fad280231397615e51f099b33f1c  mbs1/SRPMS/php-timezonedb-2015.4-1.mbs1.src.rpm\n\n Mandriva Business Server 2/X86_64:\n 2a2dcd3f73583e81c1d4ca142814ed6a  mbs2/x86_64/apache-mod_php-5.5.24-1.mbs2.x86_64.rpm\n a7964f16c85b0772835366fa821f7dd1  mbs2/x86_64/lib64php5_common5-5.5.24-1.mbs2.x86_64.rpm\n 624d6512573e4ccc202f9ea08433727e  mbs2/x86_64/php-bcmath-5.5.24-1.mbs2.x86_64.rpm\n dd817015c54820a9fc967da7db4b1461  mbs2/x86_64/php-bz2-5.5.24-1.mbs2.x86_64.rpm\n 1c022b50d3f12d3e8e358fca3afe6f0f  mbs2/x86_64/php-calendar-5.5.24-1.mbs2.x86_64.rpm\n 52159b3e747e424b1fe40944f404b45d  mbs2/x86_64/php-cgi-5.5.24-1.mbs2.x86_64.rpm\n 5ac82cf4acc95e8d8a80537173a1dc98  mbs2/x86_64/php-cli-5.5.24-1.mbs2.x86_64.rpm\n e7271551aa14e6931b0ba22ee33d3712  mbs2/x86_64/php-ctype-5.5.24-1.mbs2.x86_64.rpm\n 7293fa4917183914c356cc2376a5e1ab  mbs2/x86_64/php-curl-5.5.24-1.mbs2.x86_64.rpm\n 258058f8e1cda5be8a9444964a553691  mbs2/x86_64/php-dba-5.5.24-1.mbs2.x86_64.rpm\n c0a6fa757e9ffda700f65a93442564d4  mbs2/x86_64/php-devel-5.5.24-1.mbs2.x86_64.rpm\n c06bc210915a004b2b9fcd084f853e20  mbs2/x86_64/php-doc-5.5.24-1.mbs2.noarch.rpm\n 049a5952ec9f5af423d4ecc78ff80f60  mbs2/x86_64/php-dom-5.5.24-1.mbs2.x86_64.rpm\n c09f88b638281bb87aea12ef38455f36  mbs2/x86_64/php-enchant-5.5.24-1.mbs2.x86_64.rpm\n 54d1dc9b189dfb87de442ba2c765deef  mbs2/x86_64/php-exif-5.5.24-1.mbs2.x86_64.rpm\n ee6d0aa018912da413a14365a41cc1a2  mbs2/x86_64/php-fileinfo-5.5.24-1.mbs2.x86_64.rpm\n 0f216dc10bb650bdf29c01d9905ca4f2  mbs2/x86_64/php-filter-5.5.24-1.mbs2.x86_64.rpm\n 4bf7b3c69724d769e10f8341c95d6004  mbs2/x86_64/php-fpm-5.5.24-1.mbs2.x86_64.rpm\n aeb60443860bbb7e88a0288fb3e2f6cd  mbs2/x86_64/php-ftp-5.5.24-1.mbs2.x86_64.rpm\n 226a551699749179b94570dfa3c50986  mbs2/x86_64/php-gd-5.5.24-1.mbs2.x86_64.rpm\n 5e29df38df1b862e4ba3b5486cdbcc47  mbs2/x86_64/php-gettext-5.5.24-1.mbs2.x86_64.rpm\n ead9effbca236c6c2902955935c28225  mbs2/x86_64/php-gmp-5.5.24-1.mbs2.x86_64.rpm\n c8f01d16bb8cbbd1d891c68c54d2dd16  mbs2/x86_64/php-hash-5.5.24-1.mbs2.x86_64.rpm\n c1c7332cf8dc2c0d21cb57bf4d7f81dd  mbs2/x86_64/php-iconv-5.5.24-1.mbs2.x86_64.rpm\n 7f86a963f8cf5e6351acd1fdf995b7a1  mbs2/x86_64/php-imap-5.5.24-1.mbs2.x86_64.rpm\n 215c060793b574a36c28131dca9bf9c7  mbs2/x86_64/php-ini-5.5.24-1.mbs2.x86_64.rpm\n 7f07f161b4e1885aa807d3753d948e10  mbs2/x86_64/php-interbase-5.5.24-1.mbs2.x86_64.rpm\n 8171c9830749db254898f80f8ecbdd04  mbs2/x86_64/php-intl-5.5.24-1.mbs2.x86_64.rpm\n 1fa26b49fa8e0b776d484b4fcc0d4bf3  mbs2/x86_64/php-json-5.5.24-1.mbs2.x86_64.rpm\n 29051ac44b6e2068a71c026e9d458536  mbs2/x86_64/php-ldap-5.5.24-1.mbs2.x86_64.rpm\n 3d97347fe4b9589ae80b7fd16c281dcd  mbs2/x86_64/php-mbstring-5.5.24-1.mbs2.x86_64.rpm\n 1a5a41400380b4bcde25d2b693e1dab0  mbs2/x86_64/php-mcrypt-5.5.24-1.mbs2.x86_64.rpm\n a79635ca99cd7ae80d1661373161da1f  mbs2/x86_64/php-mssql-5.5.24-1.mbs2.x86_64.rpm\n cdc3bde549c9ae73915db8a0e0919ce5  mbs2/x86_64/php-mysql-5.5.24-1.mbs2.x86_64.rpm\n 7a72c1ab11020a2c52aa3a74636d5342  mbs2/x86_64/php-mysqli-5.5.24-1.mbs2.x86_64.rpm\n 93fb357f9dbf32887a98a5409b3b8a16  mbs2/x86_64/php-mysqlnd-5.5.24-1.mbs2.x86_64.rpm\n caf79717e1ca56ec3e53fdaa25e734aa  mbs2/x86_64/php-odbc-5.5.24-1.mbs2.x86_64.rpm\n eb293f64d2bd635c70d36274275e60bb  mbs2/x86_64/php-opcache-5.5.24-1.mbs2.x86_64.rpm\n 91847d268cb8a62eb0e89fc95a9c51e6  mbs2/x86_64/php-openssl-5.5.24-1.mbs2.x86_64.rpm\n 35e065d8684684e3e304bafbb309c895  mbs2/x86_64/php-pcntl-5.5.24-1.mbs2.x86_64.rpm\n d65e05e7edf7480ed362783dc75609be  mbs2/x86_64/php-pdo-5.5.24-1.mbs2.x86_64.rpm\n 8657b2e1171497ff9ae5864ecccfeb23  mbs2/x86_64/php-pdo_dblib-5.5.24-1.mbs2.x86_64.rpm\n 19c9414ced1e0806b77347f9427d6653  mbs2/x86_64/php-pdo_firebird-5.5.24-1.mbs2.x86_64.rpm\n 28b09335667ac3993f1aca5da234df8a  mbs2/x86_64/php-pdo_mysql-5.5.24-1.mbs2.x86_64.rpm\n b928f58777cfbd848985606bd680bf8f  mbs2/x86_64/php-pdo_odbc-5.5.24-1.mbs2.x86_64.rpm\n ba6bf3afe9d497b9f1d99cb467b13ca5  mbs2/x86_64/php-pdo_pgsql-5.5.24-1.mbs2.x86_64.rpm\n 21823497094c28ce7bf74f052122fe99  mbs2/x86_64/php-pdo_sqlite-5.5.24-1.mbs2.x86_64.rpm\n 4a6a259c16ca5bad2b466f29acad4985  mbs2/x86_64/php-pgsql-5.5.24-1.mbs2.x86_64.rpm\n 7c9c9f9555a74f3257c6e8f16222d21f  mbs2/x86_64/php-phar-5.5.24-1.mbs2.x86_64.rpm\n db4254db501a4fca54fa367b20f068f4  mbs2/x86_64/php-posix-5.5.24-1.mbs2.x86_64.rpm\n 10fb26df5f5a5d3b1988c40678b56fb6  mbs2/x86_64/php-readline-5.5.24-1.mbs2.x86_64.rpm\n c20ddec24b84440146734feb639b0f00  mbs2/x86_64/php-recode-5.5.24-1.mbs2.x86_64.rpm\n 68a49598e99391f37342a3d23a1414e7  mbs2/x86_64/php-session-5.5.24-1.mbs2.x86_64.rpm\n a26563d738120cba5f81ddda143ca55f  mbs2/x86_64/php-shmop-5.5.24-1.mbs2.x86_64.rpm\n d69120a1ed4aeb3fe229cc83120d8c78  mbs2/x86_64/php-snmp-5.5.24-1.mbs2.x86_64.rpm\n 4596e3f325f70a29bf12d76793984b20  mbs2/x86_64/php-soap-5.5.24-1.mbs2.x86_64.rpm\n 7deda5cc9443b117fad82352943353ff  mbs2/x86_64/php-sockets-5.5.24-1.mbs2.x86_64.rpm\n bc3f0ad45bb5bf488c73a5933a70d2c0  mbs2/x86_64/php-sqlite3-5.5.24-1.mbs2.x86_64.rpm\n 295fa388d26e62dcb0faf23c6e690ffa  mbs2/x86_64/php-sybase_ct-5.5.24-1.mbs2.x86_64.rpm\n 88367608d60aac24ca0b0d0d92187b0e  mbs2/x86_64/php-sysvmsg-5.5.24-1.mbs2.x86_64.rpm\n 36eac7d0e9a1f148e8954912db56dc13  mbs2/x86_64/php-sysvsem-5.5.24-1.mbs2.x86_64.rpm\n 74e6909f0c7a516bd99625c649bed33c  mbs2/x86_64/php-sysvshm-5.5.24-1.mbs2.x86_64.rpm\n 9142ae8fb4665580503bc0520d3aaf89  mbs2/x86_64/php-tidy-5.5.24-1.mbs2.x86_64.rpm\n 4ee29061197f48af9c987d31abdec823  mbs2/x86_64/php-timezonedb-2015.4-1.mbs2.x86_64.rpm\n eafea4beda5144dd3adac0afce3f2258  mbs2/x86_64/php-tokenizer-5.5.24-1.mbs2.x86_64.rpm\n 505c78284f22f95d8a574c13ea043bc4  mbs2/x86_64/php-wddx-5.5.24-1.mbs2.x86_64.rpm\n e7e4fe996d11553ebd80ad4392caae2e  mbs2/x86_64/php-xml-5.5.24-1.mbs2.x86_64.rpm\n 7a1c383a450c6a80f95255434e5390fd  mbs2/x86_64/php-xmlreader-5.5.24-1.mbs2.x86_64.rpm\n 2af0b36e46ba236da59a98631c664bd9  mbs2/x86_64/php-xmlrpc-5.5.24-1.mbs2.x86_64.rpm\n a3f77553286094ecd60e174cfdb0e6dc  mbs2/x86_64/php-xmlwriter-5.5.24-1.mbs2.x86_64.rpm\n b3bb2d250c73f7c355394353b4c0599d  mbs2/x86_64/php-xsl-5.5.24-1.mbs2.x86_64.rpm\n a8f9476cba7a6aaab6eee8da66fd8fea  mbs2/x86_64/php-zip-5.5.24-1.mbs2.x86_64.rpm\n 43d4282dddd18c07b87774cf704ce5be  mbs2/x86_64/php-zlib-5.5.24-1.mbs2.x86_64.rpm \n 8cdfdd3582b44c38d735c58aea9e45f7  mbs2/SRPMS/php-5.5.24-1.mbs2.src.rpm\n 09afb4a05a8a1add563f2cb348fb2b0d  mbs2/SRPMS/php-timezonedb-2015.4-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\nCVE-2015-4024\n\n    Denial of service when processing multipart/form-data requests. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1. \n\nWe recommend that you upgrade your php5 packages",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "BID",
        "id": "74239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-80744",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-2783",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "74239",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032146",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU94440136",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "132198",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "131640",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "132442",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132440",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-80744",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131528",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131577",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137539",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "BID",
        "id": "74239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "id": "VAR-201506-0117",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:51:09.324000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "Sec Bug #69324",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=69324"
      },
      {
        "title": "PHP 5 ChangeLog",
        "trust": 0.8,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "title": "Red Hat: CVE-2015-2783",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-2783"
      },
      {
        "title": "Ubuntu Security Notice: php5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2572-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-509",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-509"
      },
      {
        "title": "Debian Security Advisories: DSA-3280-1 php5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=46f85ac4e3abfa7a18e115fb47892db6"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://php.net/changelog-5.php"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugs.php.net/bug.php?id=69324"
      },
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201606-10"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-2572-1"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/74239"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "http://www.debian.org/security/2015/dsa-3280"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1186.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1187.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1032146"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2783"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94440136/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2783"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/apr/151"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "http://git.php.net/?p=php-src.git;a=commit;h=9faaee66fa493372c7340b1ab05f8fd115131a42"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04686230"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972384"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-2783"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3330"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143403519711434\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38438"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2572-1/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.30"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.18"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4024"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4600"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3411"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4602"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4599"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4598"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4601"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2305"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2331"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2331"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3329"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2015-0169.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "BID",
        "id": "74239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "db": "BID",
        "id": "74239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "date": "2015-06-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "date": "2015-04-14T00:00:00",
        "db": "BID",
        "id": "74239"
      },
      {
        "date": "2015-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "date": "2015-04-20T19:22:00",
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "date": "2015-07-09T23:16:17",
        "db": "PACKETSTORM",
        "id": "132618"
      },
      {
        "date": "2015-04-22T20:14:00",
        "db": "PACKETSTORM",
        "id": "131577"
      },
      {
        "date": "2016-06-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "137539"
      },
      {
        "date": "2015-04-27T16:21:20",
        "db": "PACKETSTORM",
        "id": "131640"
      },
      {
        "date": "2015-06-10T01:21:58",
        "db": "PACKETSTORM",
        "id": "132198"
      },
      {
        "date": "2015-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "date": "2015-06-09T18:59:00.067000",
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80744"
      },
      {
        "date": "2019-04-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-2783"
      },
      {
        "date": "2016-07-06T13:22:00",
        "db": "BID",
        "id": "74239"
      },
      {
        "date": "2015-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      },
      {
        "date": "2019-04-22T17:48:00.643000",
        "db": "NVD",
        "id": "CVE-2015-2783"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131528"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP of  ext/phar/phar.c Vulnerability in which important information is obtained from process memory",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003044"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-040"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.