var-201512-0520
Vulnerability from variot
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. PHP is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following products and versions are affected: PHP 5.5.29 and prior and 5.6.x prior to 5.6.14, Apple OS X 10.11.1 and prior.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.17-i486-1_slack14.1.txz: Upgraded. This release fixes bugs and security issues.
- IMPORTANT: READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES *
PHP 5.4.x has been declared EOL (end of life) and is no longer receiving upstream support. PHP 5.5.x is also no longer on active support status and security fixes will continue only until 5 months from now. For this reason we have provided PHP 5.6 packages as security updates. Be aware that PHP 5.6 is not 100% compatible with PHP 5.4, and some changes may be required to existing web pages written for PHP 5.4. For information on how to migrate from PHP 5.4, please see: http://php.net/manual/en/migration55.php http://php.net/manual/en/migration56.php The final PHP 5.4 packages may be found in /pasture in case there is a need to revert this update. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.17-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.17-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.17-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.17-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 69eba2b2193b19396987c73ef901a68a php-5.6.17-i486-1_slack14.1.txz
Slackware x86_64 14.0 package: 23d8436b3e90027bb7ffb7b0cf8e918c php-5.6.17-x86_64-1_slack14.1.txz
Slackware 14.1 package: a3958009db7633258fbd7ebaf5952a5c php-5.6.17-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: f1b1cfdf325e66590bdad15170968fee php-5.6.17-x86_64-1_slack14.1.txz
Slackware -current package: 239e452ac1570edfb9a574098c8e6b7b n/php-5.6.17-i586-1.txz
Slackware x86_64 -current package: 02a07c1a33d393bb67b7ade06dc4d237 n/php-5.6.17-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg php-5.6.17-i486-1_slack14.1.txz
Then, restart Apache httpd:
/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
Finally, make sure to make any needed changes for compatibility with PHP 5.6. See the links mentioned above.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-2786-1 October 28, 2015
php5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
PHP could be made to crash if it processed a specially crafted file.
Software Description: - php5: HTML-embedded scripting language interpreter
Details:
It was discovered that the PHP phar extension incorrectly handled certain files. (CVE-2015-7803, CVE-2015-7804)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1 php5-cgi 5.6.11+dfsg-1ubuntu3.1 php5-cli 5.6.11+dfsg-1ubuntu3.1 php5-fpm 5.6.11+dfsg-1ubuntu3.1
Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4 php5-cgi 5.6.4+dfsg-4ubuntu6.4 php5-cli 5.6.4+dfsg-4ubuntu6.4 php5-fpm 5.6.4+dfsg-4ubuntu6.4
Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14 php5-cgi 5.5.9+dfsg-1ubuntu4.14 php5-cli 5.5.9+dfsg-1ubuntu4.14 php5-fpm 5.5.9+dfsg-1ubuntu4.14
Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.21 php5-cgi 5.3.10-1ubuntu3.21 php5-cli 5.3.10-1ubuntu3.21 php5-fpm 5.3.10-1ubuntu3.21
In general, a standard system update will make all the necessary changes. This could lead to a denial of service.
CVE-2015-7804
The phar extension does not correctly process directory entries
found in archive files with the name "/", leading to a denial of
service and, potentially, information disclosure.
The update for Debian stable (jessie) contains additional bug fixes from PHP upstream version 5.6.14, as described in the upstream changelog:
https://php.net/ChangeLog-5.php#5.6.13
Note to users of the the oldstable distribution (wheezy): PHP 5.4 has reached end-of-life on September 14th, 2015. As a result, there will be no more new upstream releases. The security support of PHP 5.4 in Debian oldstable (wheezy) will be best effort only, and you are strongly advised to upgrade to latest Debian stable release (jessie), which includes PHP 5.6.
For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.45-0+deb7u2.
For the stable distribution (jessie), these problems have been fixed in version 5.6.14+dfsg-0+deb8u1.
For the testing distribution (stretch) and the unstable distribution (sid), these problems have been fixed in version 5.6.14+dfsg-1.
We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-php56-php security update Advisory ID: RHSA-2016:0457-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0457.html Issue date: 2016-03-15 CVE Names: CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 =====================================================================
- Summary:
Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836)
Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An attacker could use these flaws to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)
All rh-php56-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file 1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath 1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize() 1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items 1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues 1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer 1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion 1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class 1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset() 1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() 1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-php56-php-5.6.5-8.el6.src.rpm
x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: rh-php56-php-5.6.5-8.el6.src.rpm
x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-php56-php-5.6.5-8.el6.src.rpm
x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-php56-php-5.6.5-8.el6.src.rpm
x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-php56-php-5.6.5-8.el7.src.rpm
x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: rh-php56-php-5.6.5-8.el7.src.rpm
x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: rh-php56-php-5.6.5-8.el7.src.rpm
x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-php56-php-5.6.5-8.el7.src.rpm
x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-5589 https://access.redhat.com/security/cve/CVE-2015-5590 https://access.redhat.com/security/cve/CVE-2015-6831 https://access.redhat.com/security/cve/CVE-2015-6832 https://access.redhat.com/security/cve/CVE-2015-6833 https://access.redhat.com/security/cve/CVE-2015-6834 https://access.redhat.com/security/cve/CVE-2015-6835 https://access.redhat.com/security/cve/CVE-2015-6836 https://access.redhat.com/security/cve/CVE-2015-6837 https://access.redhat.com/security/cve/CVE-2015-6838 https://access.redhat.com/security/cve/CVE-2015-7803 https://access.redhat.com/security/cve/CVE-2015-7804 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch sZ3mH+O8FzxQYqRnfS39Ew8= =8DIR -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10
https://security.gentoo.org/
Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10
Synopsis
Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition.
Background
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
References
[ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-10
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0520",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php",
"scope": "eq",
"trust": 1.6,
"vendor": "php",
"version": "5.6.6"
},
{
"model": "php",
"scope": "eq",
"trust": 1.6,
"vendor": "php",
"version": "5.6.12"
},
{
"model": "php",
"scope": "eq",
"trust": 1.6,
"vendor": "php",
"version": "5.6.11"
},
{
"model": "php",
"scope": "eq",
"trust": 1.6,
"vendor": "php",
"version": "5.6.8"
},
{
"model": "php",
"scope": "eq",
"trust": 1.6,
"vendor": "php",
"version": "5.6.3"
},
{
"model": "php",
"scope": "eq",
"trust": 1.6,
"vendor": "php",
"version": "5.6.5"
},
{
"model": "php",
"scope": "eq",
"trust": 1.6,
"vendor": "php",
"version": "5.6.4"
},
{
"model": "php",
"scope": "eq",
"trust": 1.0,
"vendor": "php",
"version": "5.6.10"
},
{
"model": "php",
"scope": "eq",
"trust": 1.0,
"vendor": "php",
"version": "5.6.13"
},
{
"model": "php",
"scope": "eq",
"trust": 1.0,
"vendor": "php",
"version": "5.6.1"
},
{
"model": "php",
"scope": "eq",
"trust": 1.0,
"vendor": "php",
"version": "5.6.2"
},
{
"model": "php",
"scope": "eq",
"trust": 1.0,
"vendor": "php",
"version": "5.6.9"
},
{
"model": "php",
"scope": "eq",
"trust": 1.0,
"vendor": "php",
"version": "5.6.7"
},
{
"model": "php",
"scope": "lte",
"trust": 1.0,
"vendor": "php",
"version": "5.5.29"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11.1"
},
{
"model": "php",
"scope": "eq",
"trust": 0.8,
"vendor": "the php group",
"version": "5.6.14"
},
{
"model": "php",
"scope": "lt",
"trust": 0.8,
"vendor": "the php group",
"version": "5.6.x"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "76959"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006375"
},
{
"db": "NVD",
"id": "CVE-2015-7803"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-699"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.11.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7803"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "hugh, and emmanuel.",
"sources": [
{
"db": "BID",
"id": "76959"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-699"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7803",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-7803",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85764",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7803",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7803",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-699",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85764",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7803",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85764"
},
{
"db": "VULMON",
"id": "CVE-2015-7803"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006375"
},
{
"db": "NVD",
"id": "CVE-2015-7803"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-699"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. PHP is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following products and versions are affected: PHP 5.5.29 and prior and 5.6.x prior to 5.6.14, Apple OS X 10.11.1 and prior. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.6.17-i486-1_slack14.1.txz: Upgraded. \n This release fixes bugs and security issues. \n *****************************************************************\n * IMPORTANT: READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES *\n *****************************************************************\n PHP 5.4.x has been declared EOL (end of life) and is no longer receiving\n upstream support. PHP 5.5.x is also no longer on active support status and\n security fixes will continue only until 5 months from now. For this reason\n we have provided PHP 5.6 packages as security updates. Be aware that PHP\n 5.6 is not 100% compatible with PHP 5.4, and some changes may be required\n to existing web pages written for PHP 5.4. \n For information on how to migrate from PHP 5.4, please see:\n http://php.net/manual/en/migration55.php\n http://php.net/manual/en/migration56.php\n The final PHP 5.4 packages may be found in /pasture in case there is a need\n to revert this update. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.17-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.17-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.17-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.17-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n69eba2b2193b19396987c73ef901a68a php-5.6.17-i486-1_slack14.1.txz\n\nSlackware x86_64 14.0 package:\n23d8436b3e90027bb7ffb7b0cf8e918c php-5.6.17-x86_64-1_slack14.1.txz\n\nSlackware 14.1 package:\na3958009db7633258fbd7ebaf5952a5c php-5.6.17-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf1b1cfdf325e66590bdad15170968fee php-5.6.17-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n239e452ac1570edfb9a574098c8e6b7b n/php-5.6.17-i586-1.txz\n\nSlackware x86_64 -current package:\n02a07c1a33d393bb67b7ade06dc4d237 n/php-5.6.17-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.6.17-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\nFinally, make sure to make any needed changes for compatibility with PHP 5.6. \nSee the links mentioned above. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. ============================================================================\nUbuntu Security Notice USN-2786-1\nOctober 28, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nPHP could be made to crash if it processed a specially crafted file. \n\nSoftware Description:\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nIt was discovered that the PHP phar extension incorrectly handled certain\nfiles. (CVE-2015-7803, CVE-2015-7804)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\n php5-cli 5.6.11+dfsg-1ubuntu3.1\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\n\nUbuntu 15.04:\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\n php5-cli 5.6.4+dfsg-4ubuntu6.4\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\n\nUbuntu 14.04 LTS:\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\n php5-cli 5.5.9+dfsg-1ubuntu4.14\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\n\nUbuntu 12.04 LTS:\n libapache2-mod-php5 5.3.10-1ubuntu3.21\n php5-cgi 5.3.10-1ubuntu3.21\n php5-cli 5.3.10-1ubuntu3.21\n php5-fpm 5.3.10-1ubuntu3.21\n\nIn general, a standard system update will make all the necessary changes. This could lead to a denial of service. \n\nCVE-2015-7804\n\n The phar extension does not correctly process directory entries\n found in archive files with the name \"/\", leading to a denial of\n service and, potentially, information disclosure. \n\nThe update for Debian stable (jessie) contains additional bug fixes\nfrom PHP upstream version 5.6.14, as described in the upstream\nchangelog:\n\n https://php.net/ChangeLog-5.php#5.6.13\n\nNote to users of the the oldstable distribution (wheezy): PHP 5.4 has\nreached end-of-life on September 14th, 2015. As a result, there will\nbe no more new upstream releases. The security support of PHP 5.4 in\nDebian oldstable (wheezy) will be best effort only, and you are\nstrongly advised to upgrade to latest Debian stable release (jessie),\nwhich includes PHP 5.6. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.45-0+deb7u2. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.14+dfsg-0+deb8u1. \n\nFor the testing distribution (stretch) and the unstable distribution\n(sid), these problems have been fixed in version 5.6.14+dfsg-1. \n\nWe recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-php56-php security update\nAdvisory ID: RHSA-2016:0457-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0457.html\nIssue date: 2016-03-15\nCVE Names: CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 \n CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 \n CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 \n CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 \n=====================================================================\n\n1. Summary:\n\nUpdated rh-php56-php packages that fix multiple security issues are now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834,\nCVE-2015-6835, CVE-2015-6836)\n\nMultiple flaws were found in the way the way PHP\u0027s Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. An attacker could use these flaws to cause a PHP application to crash\nif it performed Extensible Stylesheet Language (XSL) transformations using\nuntrusted XSLT files and allowed the use of PHP functions to be used as\nXSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)\n\nAll rh-php56-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file\n1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath\n1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize()\n1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items\n1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues\n1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer\n1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion\n1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class\n1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset()\n1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream()\n1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-php56-php-5.6.5-8.el6.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-imap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el6.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php56-php-5.6.5-8.el7.src.rpm\n\nx86_64:\nrh-php56-php-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-cli-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-common-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dba-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-devel-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-intl-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-process-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-recode-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-soap-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xml-5.6.5-8.el7.x86_64.rpm\nrh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5589\nhttps://access.redhat.com/security/cve/CVE-2015-5590\nhttps://access.redhat.com/security/cve/CVE-2015-6831\nhttps://access.redhat.com/security/cve/CVE-2015-6832\nhttps://access.redhat.com/security/cve/CVE-2015-6833\nhttps://access.redhat.com/security/cve/CVE-2015-6834\nhttps://access.redhat.com/security/cve/CVE-2015-6835\nhttps://access.redhat.com/security/cve/CVE-2015-6836\nhttps://access.redhat.com/security/cve/CVE-2015-6837\nhttps://access.redhat.com/security/cve/CVE-2015-6838\nhttps://access.redhat.com/security/cve/CVE-2015-7803\nhttps://access.redhat.com/security/cve/CVE-2015-7804\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch\nsZ3mH+O8FzxQYqRnfS39Ew8=\n=8DIR\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201606-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: PHP: Multiple vulnerabilities\n Date: June 19, 2016\n Bugs: #537586, #541098, #544186, #544330, #546872, #549538,\n #552408, #555576, #555830, #556952, #559612, #562882,\n #571254, #573892, #577376\n ID: 201606-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as\nPHP 5.4 is now masked in Portage:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.5.33\"\n\nAll PHP 5.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.19\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-6501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501\n[ 2 ] CVE-2014-9705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705\n[ 3 ] CVE-2014-9709\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709\n[ 4 ] CVE-2015-0231\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231\n[ 5 ] CVE-2015-0273\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273\n[ 6 ] CVE-2015-1351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351\n[ 7 ] CVE-2015-1352\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352\n[ 8 ] CVE-2015-2301\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301\n[ 9 ] CVE-2015-2348\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348\n[ 10 ] CVE-2015-2783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783\n[ 11 ] CVE-2015-2787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787\n[ 12 ] CVE-2015-3329\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329\n[ 13 ] CVE-2015-3330\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330\n[ 14 ] CVE-2015-4021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021\n[ 15 ] CVE-2015-4022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022\n[ 16 ] CVE-2015-4025\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025\n[ 17 ] CVE-2015-4026\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026\n[ 18 ] CVE-2015-4147\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147\n[ 19 ] CVE-2015-4148\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148\n[ 20 ] CVE-2015-4642\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642\n[ 21 ] CVE-2015-4643\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643\n[ 22 ] CVE-2015-4644\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644\n[ 23 ] CVE-2015-6831\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831\n[ 24 ] CVE-2015-6832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832\n[ 25 ] CVE-2015-6833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833\n[ 26 ] CVE-2015-6834\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834\n[ 27 ] CVE-2015-6835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835\n[ 28 ] CVE-2015-6836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836\n[ 29 ] CVE-2015-6837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837\n[ 30 ] CVE-2015-6838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838\n[ 31 ] CVE-2015-7803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803\n[ 32 ] CVE-2015-7804\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201606-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7803"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006375"
},
{
"db": "BID",
"id": "76959"
},
{
"db": "VULHUB",
"id": "VHN-85764"
},
{
"db": "VULMON",
"id": "CVE-2015-7803"
},
{
"db": "PACKETSTORM",
"id": "135595"
},
{
"db": "PACKETSTORM",
"id": "134112"
},
{
"db": "PACKETSTORM",
"id": "134109"
},
{
"db": "PACKETSTORM",
"id": "136246"
},
{
"db": "PACKETSTORM",
"id": "137539"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7803",
"trust": 3.4
},
{
"db": "BID",
"id": "76959",
"trust": 2.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/10/05/8",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU97526033",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006375",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-699",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "134112",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "134109",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135595",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-85764",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7803",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136246",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137539",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85764"
},
{
"db": "VULMON",
"id": "CVE-2015-7803"
},
{
"db": "BID",
"id": "76959"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006375"
},
{
"db": "PACKETSTORM",
"id": "135595"
},
{
"db": "PACKETSTORM",
"id": "134112"
},
{
"db": "PACKETSTORM",
"id": "134109"
},
{
"db": "PACKETSTORM",
"id": "136246"
},
{
"db": "PACKETSTORM",
"id": "137539"
},
{
"db": "NVD",
"id": "CVE-2015-7803"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-699"
}
]
},
"id": "VAR-201512-0520",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85764"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:56:31.210000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
},
{
"title": "HT205637",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205637"
},
{
"title": "HT205637",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205637"
},
{
"title": "Sec Bug #69720",
"trust": 0.8,
"url": "https://bugs.php.net/bug.php?id=69720"
},
{
"title": "Fix bug #69720: Null pointer dereference in phar_get_fp_offset()",
"trust": 0.8,
"url": "http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244"
},
{
"title": "PHP 5 ChangeLog",
"trust": 0.8,
"url": "http://www.php.net/changelog-5.php"
},
{
"title": "Ubuntu Security Notice: php5 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2786-1"
},
{
"title": "Debian Security Advisories: DSA-3380-1 php5 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d50561d10f97424f73a756c92be32e03"
},
{
"title": "Red Hat: CVE-2015-7803",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7803"
},
{
"title": "Amazon Linux AMI: ALAS-2015-601",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-601"
},
{
"title": "Amazon Linux AMI: ALAS-2015-602",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-602"
},
{
"title": "Apple: OS X El Capitan 10.11.2, Security Update\u00a02015-005 Yosemite, and Security Update 2015-008 Mavericks",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b4f5fe7974fd9e73002edba00722e010"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7803"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006375"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006375"
},
{
"db": "NVD",
"id": "CVE-2015-7803"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://bugs.php.net/bug.php?id=69720"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/76959"
},
{
"trust": 1.8,
"url": "http://www.php.net/changelog-5.php"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht205637"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2015/10/05/8"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201606-10"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2786-1"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2015/dsa-3380"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html"
},
{
"trust": 1.1,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.461720"
},
{
"trust": 1.0,
"url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=d698f0ae51f67c9cce870b09c59df3d6ba959244"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7803"
},
{
"trust": 0.8,
"url": "http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97526033/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7803"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7803"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7804"
},
{
"trust": 0.3,
"url": "http://php.net/changelog-5.php"
},
{
"trust": 0.3,
"url": "http://www.php.net"
},
{
"trust": 0.3,
"url": "https://bugs.php.net/bug.php?id=70433"
},
{
"trust": 0.3,
"url": "http://www.ubuntu.com/usn/usn-2786-1/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-7803"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6832"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6831"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6833"
},
{
"trust": 0.1,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2016\u0026amp;m=slackware-security.461720"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2786-1/"
},
{
"trust": 0.1,
"url": "http://php.net/manual/en/migration56.php"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1903"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1903"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://php.net/manual/en/migration55.php"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7804"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://php.net/changelog-5.php#5.6.13"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0457.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6833"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6837"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6834"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6832"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-7804"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6501"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4025"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85764"
},
{
"db": "VULMON",
"id": "CVE-2015-7803"
},
{
"db": "BID",
"id": "76959"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006375"
},
{
"db": "PACKETSTORM",
"id": "135595"
},
{
"db": "PACKETSTORM",
"id": "134112"
},
{
"db": "PACKETSTORM",
"id": "134109"
},
{
"db": "PACKETSTORM",
"id": "136246"
},
{
"db": "PACKETSTORM",
"id": "137539"
},
{
"db": "NVD",
"id": "CVE-2015-7803"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-699"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85764"
},
{
"db": "VULMON",
"id": "CVE-2015-7803"
},
{
"db": "BID",
"id": "76959"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006375"
},
{
"db": "PACKETSTORM",
"id": "135595"
},
{
"db": "PACKETSTORM",
"id": "134112"
},
{
"db": "PACKETSTORM",
"id": "134109"
},
{
"db": "PACKETSTORM",
"id": "136246"
},
{
"db": "PACKETSTORM",
"id": "137539"
},
{
"db": "NVD",
"id": "CVE-2015-7803"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-699"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-85764"
},
{
"date": "2015-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7803"
},
{
"date": "2015-10-05T00:00:00",
"db": "BID",
"id": "76959"
},
{
"date": "2015-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006375"
},
{
"date": "2016-02-04T21:45:02",
"db": "PACKETSTORM",
"id": "135595"
},
{
"date": "2015-10-28T18:47:28",
"db": "PACKETSTORM",
"id": "134112"
},
{
"date": "2015-10-28T18:46:49",
"db": "PACKETSTORM",
"id": "134109"
},
{
"date": "2016-03-15T06:19:00",
"db": "PACKETSTORM",
"id": "136246"
},
{
"date": "2016-06-19T15:55:00",
"db": "PACKETSTORM",
"id": "137539"
},
{
"date": "2015-12-11T12:00:11.387000",
"db": "NVD",
"id": "CVE-2015-7803"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-699"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-85764"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7803"
},
{
"date": "2016-07-05T21:22:00",
"db": "BID",
"id": "76959"
},
{
"date": "2015-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006375"
},
{
"date": "2023-11-07T02:28:01.547000",
"db": "NVD",
"id": "CVE-2015-7803"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-699"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "134112"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-699"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP of ext/phar/util.c of phar_get_entry_data Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006375"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-699"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.